Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Title: Wordpress 4.9.1 | 4.9.2 DDoS Load-Scripts.php
- # Tested: Win10 | WordPress (Version 4.9.1) | WordPress (Version 4.9.2)
- # D0rkS:
- * allinurl:/wp-admin/ site:co | add: in wp-admin/load-scripts.php?c=1&load=editor,common,user-profile,media-widgets,media-gallery
- * allinurl:/wp-admin/ site:pk
- * allinurl:/wp-admin/ site:ar
- * allinurl:/wp-admin/ site:ec
- * allinurl:/wp-admin/ site:br
- * allinurl:/wp-admin/ site:ir
- * allinurl:/wp-admin/ site:in
- * allinurl:/wp-admin/ site:mx
- * allinurl:/wp-admin/ site:us
- * allinurl:/wp-admin/ site:kr
- # Credit: Informacion - Anonymous
- # Author: Barak Tawily
- # Description: In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using
- the large list of registered .js files (from wp-includes/script-loader.php)
- to construct a series of requests to load every file many times.
- # Description2: CVE-2018-6389 Exploit Can Down Any Wordpress site under 4.9.3
- The flaw affects the load-scripts.php WordPress script, it receives a parameter called load[]
- # PoC: A simple Script In Python With threading could allow anyone to take down most WordPress websites with single machine
- # CVE: CVE-2018-6389
- # Expl0it:
- - https://github.com/WazeHell/CVE-2018-6389 (Original)
- # Date published: 2018-02-05
- # Date republished: 16-03-2018
- # Versions vulnerables:
- WordPress WordPress 4.9.2
- WordPress WordPress 4.9.1
- WordPress WordPress 4.8.3
- WordPress WordPress 4.8.2
- WordPress WordPress 4.8.1
- WordPress WordPress 4.7.4
- WordPress WordPress 4.7.2
- WordPress WordPress 4.7.1
- WordPress WordPress 4.6.1
- WordPress WordPress 4.5.2
- WordPress WordPress 4.5.1
- WordPress WordPress 4.5
- WordPress WordPress 4.4.1
- WordPress WordPress 4.4
- WordPress WordPress 4.2.4
- WordPress WordPress 4.2.3
- WordPress WordPress 4.2.2
- WordPress WordPress 4.2.1
- WordPress WordPress 4.1.2
- WordPress WordPress 4.1.1
- WordPress WordPress 4.1
- WordPress WordPress 3.9.2
- WordPress WordPress 3.9.1
- WordPress WordPress 3.9
- WordPress WordPress 3.8.2
- WordPress WordPress 3.8.1
- WordPress WordPress 3.7.4
- WordPress WordPress 3.7.1
- WordPress WordPress 3.6.1
- WordPress WordPress 3.6
- WordPress WordPress 3.5.2
- WordPress WordPress 3.5.1
- WordPress WordPress 3.3.2
- WordPress WordPress 3.2.2
- WordPress WordPress 3.1.4
- WordPress WordPress 3.1.3
- WordPress WordPress 3.1.2
- WordPress WordPress 3.1.1
- WordPress WordPress 3.0.5
- WordPress WordPress 3.0.4
- WordPress WordPress 3.0.3
- WordPress WordPress 3.0.2
- WordPress WordPress 2.9.2
- WordPress WordPress 2.9.1
- WordPress WordPress 2.8.6
- WordPress WordPress 2.8.5
- WordPress WordPress 2.8.4
- WordPress WordPress 2.8.3
- WordPress WordPress 2.8.2
- WordPress WordPress 2.8.1
- WordPress WordPress 2.6.5
- WordPress WordPress 2.6.2
- WordPress WordPress 2.6.1
- WordPress WordPress 2.5.1
- WordPress WordPress 2.3.3
- WordPress WordPress 2.3.2
- WordPress WordPress 2.3.1
- WordPress WordPress 2.2.3
- WordPress WordPress 2.2.2
- WordPress WordPress 2.2.1
- WordPress WordPress 2.1.3
- WordPress WordPress 2.1.2
- WordPress WordPress 2.1.1
- WordPress WordPress 2.0.11
- WordPress WordPress 2.0.10
- WordPress WordPress 2.0.7
- WordPress WordPress 2.0.6
- WordPress WordPress 2.0.5
- WordPress WordPress 2.0.4
- WordPress WordPress 2.0.3
- WordPress WordPress 2.0.2
- WordPress WordPress 2.0.1
- WordPress WordPress 2.0
- WordPress WordPress 4.9
- WordPress WordPress 4.7.5
- WordPress WordPress 4.7.3
- WordPress WordPress 4.7
- WordPress WordPress 4.6
- WordPress WordPress 4.5.3
- WordPress WordPress 4.4.2
- WordPress WordPress 4.3.1
- WordPress WordPress 4.3
- WordPress WordPress 4.2
- WordPress WordPress 4.0.1
- WordPress WordPress 4.0
- WordPress WordPress 3.9.3
- WordPress WordPress 3.9
- WordPress WordPress 3.8.5
- WordPress WordPress 3.8.4
- WordPress WordPress 3.8.3
- WordPress WordPress 3.8
- WordPress WordPress 3.7.5
- WordPress WordPress 3.7
- WordPress WordPress 3.6
- WordPress WordPress 3.5.0
- WordPress WordPress 3.5
- WordPress WordPress 3.4.2
- WordPress WordPress 3.4.1
- WordPress WordPress 3.4.0
- WordPress WordPress 3.4
- WordPress WordPress 3.3.3
- WordPress WordPress 3.3.1
- WordPress WordPress 3.3
- WordPress WordPress 3.2.1
- WordPress WordPress 3.2
- WordPress WordPress 3.1
- WordPress WordPress 3.0.6
- WordPress WordPress 3.0.1
- WordPress WordPress 2.9.1.1
- WordPress WordPress 2.9
- WordPress WordPress 2.8.5.2
- WordPress WordPress 2.8
- WordPress WordPress 2.7.1
- WordPress WordPress 2.7
- WordPress WordPress 2.6.3
- WordPress WordPress 2.6
- WordPress WordPress 2.5
- WordPress WordPress 2.3
- WordPress WordPress 2.2.0
- WordPress WordPress 2.2
- WordPress WordPress 2.1
- WordPress WordPress 2.0.9
- WordPress WordPress 2.0.8
- # Not vulnerable: Wordpress Wordpress 4.9.3
- # References:
- - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- - https://github.com/UltimateHackers/Shiva
- - https://www.exploit-db.com/exploits/43968/
- - https://www.youtube.com/watch?v=nNDsGTalXS0
- - http://www.securityfocus.com/bid/103060
- - https://securitytracker.com/id/1040347
- # FiX It: Use wp-dos-patch.sh in case you already have a WordPress installed on Linux env.
- - https://github.com/quitten/wordpress
- - https://raw.githubusercontent.com/Quitten/WordPress/master/wp-dos-patch.sh
- -- https://github.com/JulienGadanho/cve-2018-6389-php-patcher
- - uSagE:
- * Patch Wordpress DOS breach (CVE-2018-6389) in PHP.
- * Place patcher.php in WordPress root directory
- * Request yourwordpress.com/patcher.php
- * Delete patcher.php
- ################################################################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement