Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Denial of Service in WordPress
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 27 Jun 2013 23:19:28 -0700

Attack exactly overload web sites presented in endless loop of redirects. As
I showed in all cases of Looped DoS vulnerabilities in web sites and web
applications, which I wrote about during 2008 (when I created this type of
attacks) - 2013.

You do realize that any browser can be made to issue a *lot* of
requests to any other destination on the web - say, by instantiating a
bunch of images, leveraging CORS, navigating iframes, etc?

Browsers detect redirect loops to prevent accidental mishaps and
simplify troubleshooting, not to stop malicious attacks.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]