API tools faq
paste
Advertisement
Himeshvyas26

wordpress patcher +exploit

Himeshvyas26
Feb 17th, 2019
650
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.51 KB | None | 0 0
raw download clone embed print report
  1. # Title: Wordpress 4.9.1 | 4.9.2 DDoS Load-Scripts.php
  2.  
  3. # Tested: Win10 | WordPress (Version 4.9.1) | WordPress (Version 4.9.2)
  4.  
  5. # D0rkS:
  6.  
  7. * allinurl:/wp-admin/ site:co | add: in wp-admin/load-scripts.php?c=1&load=editor,common,user-profile,media-widgets,media-gallery
  8. * allinurl:/wp-admin/ site:pk
  9. * allinurl:/wp-admin/ site:ar
  10. * allinurl:/wp-admin/ site:ec
  11. * allinurl:/wp-admin/ site:br
  12. * allinurl:/wp-admin/ site:ir
  13. * allinurl:/wp-admin/ site:in
  14. * allinurl:/wp-admin/ site:mx
  15. * allinurl:/wp-admin/ site:us
  16. * allinurl:/wp-admin/ site:kr
  17.  
  18. # Credit: Informacion - Anonymous
  19.  
  20. # Author: Barak Tawily
  21.  
  22. # Description: In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using
  23. the large list of registered .js files (from wp-includes/script-loader.php)
  24. to construct a series of requests to load every file many times.
  25.  
  26. # Description2: CVE-2018-6389 Exploit Can Down Any Wordpress site under 4.9.3
  27. The flaw affects the load-scripts.php WordPress script, it receives a parameter called load[]
  28.  
  29. # PoC: A simple Script In Python With threading could allow anyone to take down most WordPress websites with single machine
  30.  
  31. # CVE: CVE-2018-6389
  32.  
  33. # Expl0it:
  34.  
  35. - https://github.com/WazeHell/CVE-2018-6389 (Original)
  36.  
  37. # Date published: 2018-02-05
  38.  
  39. # Date republished: 16-03-2018
  40.  
  41. # Versions vulnerables:
  42. WordPress WordPress 4.9.2
  43. WordPress WordPress 4.9.1
  44. WordPress WordPress 4.8.3
  45. WordPress WordPress 4.8.2
  46. WordPress WordPress 4.8.1
  47. WordPress WordPress 4.7.4
  48. WordPress WordPress 4.7.2
  49. WordPress WordPress 4.7.1
  50. WordPress WordPress 4.6.1
  51. WordPress WordPress 4.5.2
  52. WordPress WordPress 4.5.1
  53. WordPress WordPress 4.5
  54. WordPress WordPress 4.4.1
  55. WordPress WordPress 4.4
  56. WordPress WordPress 4.2.4
  57. WordPress WordPress 4.2.3
  58. WordPress WordPress 4.2.2
  59. WordPress WordPress 4.2.1
  60. WordPress WordPress 4.1.2
  61. WordPress WordPress 4.1.1
  62. WordPress WordPress 4.1
  63. WordPress WordPress 3.9.2
  64. WordPress WordPress 3.9.1
  65. WordPress WordPress 3.9
  66. WordPress WordPress 3.8.2
  67. WordPress WordPress 3.8.1
  68. WordPress WordPress 3.7.4
  69. WordPress WordPress 3.7.1
  70. WordPress WordPress 3.6.1
  71. WordPress WordPress 3.6
  72. WordPress WordPress 3.5.2
  73. WordPress WordPress 3.5.1
  74. WordPress WordPress 3.3.2
  75. WordPress WordPress 3.2.2
  76. WordPress WordPress 3.1.4
  77. WordPress WordPress 3.1.3
  78. WordPress WordPress 3.1.2
  79. WordPress WordPress 3.1.1
  80. WordPress WordPress 3.0.5
  81. WordPress WordPress 3.0.4
  82. WordPress WordPress 3.0.3
  83. WordPress WordPress 3.0.2
  84. WordPress WordPress 2.9.2
  85. WordPress WordPress 2.9.1
  86. WordPress WordPress 2.8.6
  87. WordPress WordPress 2.8.5
  88. WordPress WordPress 2.8.4
  89. WordPress WordPress 2.8.3
  90. WordPress WordPress 2.8.2
  91. WordPress WordPress 2.8.1
  92. WordPress WordPress 2.6.5
  93. WordPress WordPress 2.6.2
  94. WordPress WordPress 2.6.1
  95. WordPress WordPress 2.5.1
  96. WordPress WordPress 2.3.3
  97. WordPress WordPress 2.3.2
  98. WordPress WordPress 2.3.1
  99. WordPress WordPress 2.2.3
  100. WordPress WordPress 2.2.2
  101. WordPress WordPress 2.2.1
  102. WordPress WordPress 2.1.3
  103. WordPress WordPress 2.1.2
  104. WordPress WordPress 2.1.1
  105. WordPress WordPress 2.0.11
  106. WordPress WordPress 2.0.10
  107. WordPress WordPress 2.0.7
  108. WordPress WordPress 2.0.6
  109. WordPress WordPress 2.0.5
  110. WordPress WordPress 2.0.4
  111. WordPress WordPress 2.0.3
  112. WordPress WordPress 2.0.2
  113. WordPress WordPress 2.0.1
  114. WordPress WordPress 2.0
  115. WordPress WordPress 4.9
  116. WordPress WordPress 4.7.5
  117. WordPress WordPress 4.7.3
  118. WordPress WordPress 4.7
  119. WordPress WordPress 4.6
  120. WordPress WordPress 4.5.3
  121. WordPress WordPress 4.4.2
  122. WordPress WordPress 4.3.1
  123. WordPress WordPress 4.3
  124. WordPress WordPress 4.2
  125. WordPress WordPress 4.0.1
  126. WordPress WordPress 4.0
  127. WordPress WordPress 3.9.3
  128. WordPress WordPress 3.9
  129. WordPress WordPress 3.8.5
  130. WordPress WordPress 3.8.4
  131. WordPress WordPress 3.8.3
  132. WordPress WordPress 3.8
  133. WordPress WordPress 3.7.5
  134. WordPress WordPress 3.7
  135. WordPress WordPress 3.6
  136. WordPress WordPress 3.5.0
  137. WordPress WordPress 3.5
  138. WordPress WordPress 3.4.2
  139. WordPress WordPress 3.4.1
  140. WordPress WordPress 3.4.0
  141. WordPress WordPress 3.4
  142. WordPress WordPress 3.3.3
  143. WordPress WordPress 3.3.1
  144. WordPress WordPress 3.3
  145. WordPress WordPress 3.2.1
  146. WordPress WordPress 3.2
  147. WordPress WordPress 3.1
  148. WordPress WordPress 3.0.6
  149. WordPress WordPress 3.0.1
  150. WordPress WordPress 2.9.1.1
  151. WordPress WordPress 2.9
  152. WordPress WordPress 2.8.5.2
  153. WordPress WordPress 2.8
  154. WordPress WordPress 2.7.1
  155. WordPress WordPress 2.7
  156. WordPress WordPress 2.6.3
  157. WordPress WordPress 2.6
  158. WordPress WordPress 2.5
  159. WordPress WordPress 2.3
  160. WordPress WordPress 2.2.0
  161. WordPress WordPress 2.2
  162. WordPress WordPress 2.1
  163. WordPress WordPress 2.0.9
  164. WordPress WordPress 2.0.8
  165.  
  166. # Not vulnerable: Wordpress Wordpress 4.9.3
  167.  
  168. # References:
  169. - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  170.  
  171. - https://github.com/UltimateHackers/Shiva
  172.  
  173. - https://www.exploit-db.com/exploits/43968/
  174.  
  175. - https://www.youtube.com/watch?v=nNDsGTalXS0
  176.  
  177. - http://www.securityfocus.com/bid/103060
  178.  
  179. - https://securitytracker.com/id/1040347
  180.  
  181. # FiX It: Use wp-dos-patch.sh in case you already have a WordPress installed on Linux env.
  182.  
  183. - https://github.com/quitten/wordpress
  184.  
  185. - https://raw.githubusercontent.com/Quitten/WordPress/master/wp-dos-patch.sh
  186.  
  187. -- https://github.com/JulienGadanho/cve-2018-6389-php-patcher
  188.  
  189. - uSagE:
  190.  
  191. * Patch Wordpress DOS breach (CVE-2018-6389) in PHP.
  192.  
  193. * Place patcher.php in WordPress root directory
  194. * Request yourwordpress.com/patcher.php
  195. * Delete patcher.php
  196. ################################################################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!