Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DoS via tables corruption in WordPress
From: Aris Adamantiadis <aris () 0xbadc0de be>
Date: Wed, 12 Feb 2014 17:43:42 +0100

Mustlive is just a troll and has nothing to show. Thanks for wasting our
time.

Le 12/02/14 15:51, Harry Metcalfe a écrit :
Hi MustLive,

Just to make things a bit easier, would you mind replying with links
for the perishablepress.com article, the 2009 advisory and the 2012
article?

Many thanks!

Harry


On 12/02/2014 14:44, MustLive wrote:
Hello Aris!

First of all, I wrote all required information in my post in May 2009 at
perishablepress.com. And I answered on all questions (including lame
ones
and scepsis) concerning attack on WordPress, which I proposed to
owner of
that site as explanation why his site was hacked that time (via engine
reinstall). And since I developed conception of this attack yet in
2007 (for
IPB, because I have forum on this engine) and made advisories for
WordPress
and IPB concerning possibility of attacks via table corruption, so in
2012 I
made detailed article "Attack via tables corruption in MySQL"
(http://websecurity.com.ua/articles/attack-via-tables-corruption-in-mysql/),

which I published at my site and in WASC mailing list.

So all aspects of attacks were described and all questions were
answered by
me many years ago. Those who didn't read that information should read
it,
those who have questions should read my 2009's advisory and 2012's
article -
AND THEY WILL HAVE NO QUESTIONS. And for those who have scepsis about
database corruption attacks - that it's not possible to make reliable
attack
with 100% chance to conduct attack on real web site - for those I made
exploit and video of its use on web site in Internet. So unbelievers
should
watch video and believe.

I have yet to determine if that was an accident or an attack.

I'm sure that your case is an accident, not an attack. Since everyone
after
I proposed this attack from 2009 and till now didn't believe in
possibility
of this attack and considered it as "conceptual". I.e. that was
"luck" for
attackers to hack perishablepress.com with using of tables corruption
that
particular day and it'll not happen again for nobody as skeptics
thought. My
video should change their mind.

First of all it's hard attack and I didn't release my exploit (and
will not
release it in near future) and not aware about anyone's exploit in the
public for 5 years after my 2009's advisory. So you have exact
combination
of hardware and software (MySQL and WordPress) that makes your site
vulnerable to this attack. Most of web sites on WordPress can sleep
tight
until some day an attacker will test their site on "crashability" and
make
them vulnerable to this attack.

For all nuances of attacking on tables in MySQL read my article to
understand your case and create scenario of possible attack on your
site to
trigger table crash, which leads to DoS. Concerning your case I'll write
more information to you privately. It's needed to you to find out the
exact
way of crashing tables at site to prevent "accident" turn into "attack".

Note, that WP developers later in 2009, after reading that my
publication
and thinking for 7 months, made a fix for this DoS in WP 2.9. But
they made
not automated tables repair, but manual, so it can't be considered as
a fix,
since tables can be crashed and site will be DoSed - until admin will
find
it and manually repair the tables. So WP developers made lame fix for
this
DoS attack, as I wrote in my 2012 advisory and WP is still vulnerable
(and
also I described DoS vulnerability in protection functionality
against this
DoS attack).

If Mustlive has any real and concrete information (URL, exploit code),
please share with us.

All real and concrete information is in my 2009's advisory and 2012's
article. With addition of my 2014's video (I was planning to make it in
2012, but found time only this month). So reading and watching of
them will
help. For now I'll not release any exploits (don't need to create a
risk not
for that lame site in my video, nor for all other WordPress sites,
since WP
developers haven't fixed hole properly), but I'll do it in the future.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- From: "Aris Adamantiadis"
<aris () 0xbadc0de be>
To: "Andrew Nacin" <nacin () wordpress org>; "MustLive"
<mustlive () websecurity com ua>
Cc: <full-disclosure () lists grok org uk>
Sent: Tuesday, February 11, 2014 3:46 PM
Subject: Re: [Full-disclosure] DoS via tables corruption in WordPress



Le 11/02/14 09:34, Andrew Nacin a ?crit :
Aris mentions he experienced corruption in his own WordPress setup.
It's
most likely the options table simply crashed, not as a result of any
particular exploit. This is, after all, why MySQL has a REPAIR command
(and why we have a script for users to use).

This happened again last night. The mysql corruption was caused by an
OOM random kill (thanks linux) that chose mysql daemon as a victim. The
cause of the OOM was either wordpress or piwik, probably made possible
through apache misconfiguration (too many children). I have yet to
determine if that was an accident or an attack.

If Mustlive has any real and concrete information (URL, exploit code),
please share with us.

Aris


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault