mailing list archives
DoS via tables corruption in WordPress
From: "MustLive" <mustlive () websecurity com ua>
Date: Mon, 10 Feb 2014 15:02:51 +0200
Hello participants of Mailing List.
There is DoS vulnerability in WordPress, about which I wrote in 2009
(http://websecurity.com.ua/3152/, on English
which allows to conduct DoS attack or reinstall of the engine (depending on
corrupted table). And in 2012 (http://websecurity.com.ua/5774/, on English
http://securityvulns.ru/docs27968.html) I wrote that developers hadn't fixed
it, even they said so, and they made new DoS vulnerability.
In April 2012 I wrote my article "Attack via tables corruption in MySQL"
and in July made English version of the article
Where I described vulnerabilities in WordPress and IPB which are based on my
conception of attack via tables corruption.
On Saturday I published a video with my WordPress DoS exploit
(http://www.youtube.com/watch?v=kwv5ni_qxXs), which shows this DoS attack on
one security site on WordPress. Vulnerable are all versions of WordPress.
This video is a proof of this vulnerability in WP and of the attack
described in the article.
Best wishes & regards,
Administrator of Websecurity web site
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- DoS via tables corruption in WordPress MustLive (Feb 10)