[wp-hackers] New Security Vulnerability?

David Chait davebytes at comcast.net
Fri Mar 10 02:04:39 GMT 2006


Nicely whipped-up.

Of course, it sends an email and updates two options in the database every 
attempt (which I assume is only one write, but still...) -- that's about the 
same as a new registration, though minus the 'cost' of the explosion in the 
user table size. ;)

Of course, if done as distributed DoS, it would populate the options table 
with a ton of extra/dead data, probably then an equal or worse case... ;)

Again, my assumption is if you took the sample script, and changed it to hit 
pretty much any PHP page, certainly anything with a database read, or write, 
it'd probably take down 50% of the machines on resources alone.  The email 
definitely just adds to the fire. :)

-d

----- Original Message ----- 
From: "Owen Winkler" <ringmaster at midnightcircus.com>
To: <wp-hackers at lists.automattic.com>
Sent: Thursday, March 09, 2006 3:26 PM
Subject: Re: [wp-hackers] New Security Vulnerability?


| Denis de Bernardy wrote:
| > +1. an advisory with proof of concept code to mass-produce users. how
| > __evil__. at this rate, we'll soon see an advisory with proof of concept
| > code to mass-produce comments. ;)
|
| Along those lines, here's a proof of concept to mass block user
| registrations from the same IP within 5 minutes.  (It also blocks brute
| force password cracks.)
|
| The comment blocking thing is already done, I think.  ;)
|
| Owen
|
| 



More information about the wp-hackers mailing list