mailing list archives
Re: Denial of Service in WordPress
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 27 Jun 2013 23:19:28 -0700
Attack exactly overload web sites presented in endless loop of redirects. As
I showed in all cases of Looped DoS vulnerabilities in web sites and web
applications, which I wrote about during 2008 (when I created this type of
attacks) - 2013.
You do realize that any browser can be made to issue a *lot* of
requests to any other destination on the web - say, by instantiating a
bunch of images, leveraging CORS, navigating iframes, etc?
Browsers detect redirect loops to prevent accidental mishaps and
simplify troubleshooting, not to stop malicious attacks.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/