{"id":20012763,"url":"https://github.com/m3ssap0/wordpress_cve-2018-6389","last_synced_at":"2026-05-08T23:02:17.568Z","repository":{"id":178595594,"uuid":"123791550","full_name":"m3ssap0/wordpress_cve-2018-6389","owner":"m3ssap0","description":"Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.","archived":false,"fork":false,"pushed_at":"2018-03-10T11:57:29.000Z","size":9,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-12T15:09:32.838Z","etag":null,"topics":["cve-2018-6389","exploit","security","security-tools","vulnerability","vulnerability-scanners","wordpress"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/m3ssap0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-04T13:33:15.000Z","updated_at":"2022-05-17T03:08:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"e94ef026-0a37-4488-ab34-8496fc6fcab1","html_url":"https://github.com/m3ssap0/wordpress_cve-2018-6389","commit_stats":null,"previous_names":["m3ssap0/wordpress_cve-2018-6389"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m3ssap0%2Fwordpress_cve-2018-6389","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m3ssap0%2Fwordpress_cve-2018-6389/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m3ssap0%2Fwordpress_cve-2018-6389/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m3ssap0%2Fwordpress_cve-2018-6389/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/m3ssap0","download_url":"https://codeload.github.com/m3ssap0/wordpress_cve-2018-6389/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241448023,"owners_count":19964399,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2018-6389","exploit","security","security-tools","vulnerability","vulnerability-scanners","wordpress"],"created_at":"2024-11-13T07:33:09.510Z","updated_at":"2026-05-08T23:02:17.463Z","avatar_url":"https://github.com/m3ssap0.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wordpress_cve-2018-6389\n\nTries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.\n\n**WARNING:** This software **does not** perform DoS on vulnerable targets; it executes one HTTP GET call only to check if the vulnerability is present.\n\nThis software is written to have no external dependencies.\n\n## DISCLAIMER\n\n**This tool is intended for security engineers and appsec guys for security assessments. Please use this tool responsibly. I do not take responsibility for the way in which any one uses this application. I am NOT responsible for any damages caused or any crimes committed by using this tool.**\n\n## Vulnerability info\n\n* **CVE-ID**: CVE-2018-6389\n* **Link**: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389)\n* **Description**: In **WordPress through 4.9.2**, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered *.js* files (from *wp-includes/script-loader.php*) to construct a series of requests to load every file many times.\n\n## Help\n\n```\nUsage:\n   java -jar wordpress_cve-2017-6389.jar [options]\nDescription:\n   Exploiting WordPress vulnerability which can be used to cause \n   a Denial of Service (CVE-2018-6389).\nOptions:\n   -h, --help\n      Prints this help and exits.\n   -u, --url [target_URL]\n      The target URL where the exploit will be performed. This\n\t  parameter must point to the root folder of the WordPress\n\t  installation.\n   -v, --verbose\n      Optional. Increase verbosity.\n```\n\n## Examples\n\n```\njava -jar wordpress_cve-2017-6389.jar --url \"https://vuln1.foo.com/\"\n```\n\n```\njava -jar wordpress_cve-2017-6389.jar --url \"https://vuln2.foo.com/wordpress/\"\n```\n\n## Authors\n\n* **Antonio Francesco Sardella** - *Java implementation* - [m3ssap0](https://github.com/m3ssap0)\n\n## License\n\nThis project is licensed under the MIT License - see the **LICENSE.txt** file for details.\n\n## Acknowledgments\n\n* [Barak Tawily](https://baraktawily.blogspot.it/2018/02/how-to-dos-29-of-world-wide-websites.html) the security researcher who discovered the vulnerability.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm3ssap0%2Fwordpress_cve-2018-6389","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm3ssap0%2Fwordpress_cve-2018-6389","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm3ssap0%2Fwordpress_cve-2018-6389/lists"}