Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/m3ssap0/wordpress_cve-2018-6389

Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.
https://github.com/m3ssap0/wordpress_cve-2018-6389

cve-2018-6389 exploit security security-tools vulnerability vulnerability-scanners wordpress

Last synced: 19 days ago
JSON representation

Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.

Host: GitHub
URL: https://github.com/m3ssap0/wordpress_cve-2018-6389
Owner: m3ssap0
License: mit
Created: 2018-03-04T13:33:15.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2018-03-10T11:57:29.000Z (almost 7 years ago)
Last Synced: 2024-11-13T07:36:27.546Z (3 months ago)
Topics: cve-2018-6389, exploit, security, security-tools, vulnerability, vulnerability-scanners, wordpress
Language: Java
Size: 8.79 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# wordpress_cve-2018-6389

Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.

**WARNING:** This software **does not** perform DoS on vulnerable targets; it executes one HTTP GET call only to check if the vulnerability is present.

This software is written to have no external dependencies.

## DISCLAIMER

**This tool is intended for security engineers and appsec guys for security assessments. Please use this tool responsibly. I do not take responsibility for the way in which any one uses this application. I am NOT responsible for any damages caused or any crimes committed by using this tool.**

## Vulnerability info

* **CVE-ID**: CVE-2018-6389
* **Link**: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389)
* **Description**: In **WordPress through 4.9.2**, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered *.js* files (from *wp-includes/script-loader.php*) to construct a series of requests to load every file many times.

## Help

```
Usage:
java -jar wordpress_cve-2017-6389.jar [options]
Description:
Exploiting WordPress vulnerability which can be used to cause
a Denial of Service (CVE-2018-6389).
Options:
-h, --help
Prints this help and exits.
-u, --url [target_URL]
The target URL where the exploit will be performed. This
parameter must point to the root folder of the WordPress
installation.
-v, --verbose
Optional. Increase verbosity.
```

## Examples

```
java -jar wordpress_cve-2017-6389.jar --url "https://vuln1.foo.com/"
```

```
java -jar wordpress_cve-2017-6389.jar --url "https://vuln2.foo.com/wordpress/"
```

## Authors

* **Antonio Francesco Sardella** - *Java implementation* - [m3ssap0](https://github.com/m3ssap0)

## License

This project is licensed under the MIT License - see the **LICENSE.txt** file for details.

## Acknowledgments

* [Barak Tawily](https://baraktawily.blogspot.it/2018/02/how-to-dos-29-of-world-wide-websites.html) the security researcher who discovered the vulnerability.