CVE-2018-6389

Tools Cyber Security Tools SecToolsOrg: Top 125 Network Security Tools List of SecToolsOrg: Top 125 Network Security Tools - For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools Kali Tools Kali Tool List - Kali Linux Tools Listing Multi-paradigm Frameworks Metasploit - Software for offensive security teams t

wrote / modified some scripts to do shady shit on the internet

my collection of exploits below is a list of all exploits and how they were used (list is still growing) [cve-2018-6389] exploit was used to do some hacktivism shit against antivaxxers & the austrian right-wing party "fpoe" [easydrivers] exploit was used to farm correct answers in the drivers license study program (which is terrible) [Dump] not really an expl

load-scripts.php file, which purpose is to retrieve several JavaScript packages through one single request.

Wordpress-DOS-Attack-CVE-2018-6389 Load-scriptsphp file, which purpose is to retrieve several JavaScript packages through one single request $ chmod +x Executesh $ /Executesh How it Works! The problem lies upon the load-scriptsphp file, which purpose is to retrieve several Javascript packages through one single request, such as bo

WordPress codepath week seven Presentation on week7 EXPOIT 1:- Vulnerabilty CVE-2015-3440 WP version: 42 Remediation; Update to version: 475 Steps to exploit creat some post on the blog and logout visit the blog let go to the post and add a comment, and your coment shloud include xss <svg/onload-alert('XSS')> 1 Then view page source to confirm c

Contents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection 2FA Related issues CORS Related issues Server Side Request Forgery (SSRF) Race Condition Remote Code Execution (RCE) Contributing Maintainers Cross Site Scripting (XS

Improved DOS exploit for wordpress websites (CVE-2018-6389)

Shiva First of all, put Shiva on watch I will be upgrading it to a full stress testing suite over time Shiva is designed to perform Denial Of Service (DOS) attack on wordpress sites by loading all jquery scripts at once through load-scriptsphp So basically its an exploit for CVE-2018-6389 Awesomeness Shiva uses multithreading to bring down websites as soon as possible, Yo

Exploit for vulnerability CVE-2018-6389 on wordpress sites

CVE-2018-6389 exploit for Wordpress sites A small DOS script targeting an unpatched vulnerability in wordpress sites Uses /wp-admin/load-scriptsphp to request additional scripts from hosting server Includes large list of scripts as request payload This implementation is for testing purposes only Usage python wpdospy -t 5000 -g 'wwwwordpresswebsitecoza&#

Cyber Security Tools

Tools Cyber Security Tools SecToolsOrg: Top 125 Network Security Tools List of SecToolsOrg: Top 125 Network Security Tools - For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools Kali Tools Kali Tool List - Kali Linux Tools Listing Multi-paradigm Frameworks Metasploit - Software for offensive security teams t

A ModSecurity ruleset for detecting potential attacks using CVE-2018-6389

modsecurity-cve-2018-6389 A ModSecurity ruleset for detecting potential attacks using CVE-2018-6389 For more information, see wwwrastatingcom/protecting-wordpress-against-cve-2018-6389/

CVE-2018-6389 Exploit In WordPress DoS

CVE-2018-6389 Wordpress Exploit CVE-2018-6389 Exploit Can Down Any Wordpress site under 493 The flaw affects the load-scriptsphp WordPress script, it receives a parameter called load[] About PoC A simple Script In Python With threading could allow anyone to take down most WordPress websites with single machine Info Can Down Any Website with Tested Wordpress versions Teste

CVE-2018-6389 PoC node js multisite with proxy

CVE-2018-6389 PoC node js multisite with proxy Този скрипт е базиран на CVE-2018-6389, доста коварен проблем на Wordpress, който за жалост вероятно няма да бъде отстранен от екипа, който разработва платформата въпреки, че е известен от дост�

Patch Wordpress DOS breach (CVE-2018-6389) in PHP

cve-2018-6389-php-patcher Patch Wordpress DOS breach (CVE-2018-6389) in PHP Place patcherphp in WordPress root directory Request yourwordpresscom/patcherphp Delete patcherphp Source : wwwsecuremydatafr/patch-de-la-faille-cve-2018-6389-dos-wordpress/

Contents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection 2FA Related issues CORS Related issues Server Side Request Forgery (SSRF) Race Condition Remote Code Execution (RCE) Contributing Cross Site Scripting (XSS) From P5

exploit /wp-admin/load-scripts.php

Loadscript-payload exploit /wp-admin/load-scriptsphp CVE-2018-6389 /wp-admin/load-scriptsphp?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,script

WordPress DoS (CVE-2018-6389)

CVE-2018-6389 WordPress DoS (CVE-2018-6389) Reference baraktawilyblogspotjp/2018/02/how-to-dos-29-of-world-wide-websiteshtml How to DoS Start WordPress $ docker-compose up -d Pulling wordpress (wordpress:493) 493: Pulling from library/wordpress e7bb522d92ff: Pull complete 3a3976cecfa7: Pull complete Digest: sha256:2f74e7f98dfa9c66a6d5523c67b22830b8f4a88c

All Cyber Security Tools

cybertools All Cyber Security Tools Tools Cyber Security Tools SecToolsOrg: Top 125 Network Security Tools List of SecToolsOrg: Top 125 Network Security Tools - For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools Kali Tools Kali Tool List - Kali Linux Tools Listing Multi-paradigm Frameworks Metasploit - Sof

Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.

wordpress_cve-2018-6389 Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service WARNING: This software does not perform DoS on vulnerable targets; it executes one HTTP GET call only to check if the vulnerability is present This software is written to have no external dependencies DISCLAIMER This tool is intended for security

Mitigate CVE-2018-6389 WordPress load-scripts / load-styles attacks

trellis-cve-2018-6389 Mitigate CVE-2018-6389 WordPress load-scripts / load-styles attacks Goal Why? Mitigation Why Not? Requirements Installation Trellis WordPress FAQs Can I use this on managed hosting? It looks awesome Where can I find some more goodies like this? This isn't on wporg Where can I give a ⭐️⭐️⭐️⭐️⭐️ review? Alternatives Te

A one time command script to install Wordpress.

Wordpress Install Script A one time command script to install Wordpress THis script is a bash script which installs Wordpress on an Apache server The script also installs PHP7 or PHP5 if it's required You absolutly need a mariadb/mysql server to run Wordpress The script also fixes the CVE-2018-6389 vulnerability (DDoS vulnerability) Installation Linux (Debian or Ubu

week 7

Project 7 WordPress Pentesting Time spent: 10 hours in total Pentesting Report (Required) Vulnerability Name is Cross-site scripting Summary: Vulnerability types: Cross site scripting Tested in version: 42 Fixed in version: 475 GIF Walkthrough:

Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

WPDOSLoader WordPress DOS trough 'load-scriptsphp' CVE-ID: CVE-2018-6389 [-] Author: Deyaa Muhammad [-] Twitter: @deyaamuhammad ========================================= Description: Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered js files (from wp-includes/script-loaderphp) to construct a series

Offensive tools as Dockerfiles. Lightweight & Ready to go

Offensive Dockerfiles Security-oriented Docker containers, ready to fire! This repository contains a collection of security-oriented tools as Dockerfiles This makes it easy to deploy various mission dependent tools using common cloud providers (AWS, Azure, Linode) The containers are built using Docker Each container is made to suit required dependencies for

WP-DOS-Exploit-CVE-2018-6389

WP-DOS-Exploit-CVE-2018-6389 This is a exploit of Wordpress DOS attack CVE 2018-6389 #USE python3 wp-dos(CVE-2018-6389)py domain threads #Example python3 wp-dos(CVE-2018-6389)py examplecom 1000

A collection of cybsecurity tools, software, libraries, learning tutorials, frameworks, academic and practical resources in security.

Security Development Tools Welcome to the World of Cybersecurity Tools: A collection of cybsecurity tools, software, libraries, learning tutorials, frameworks, academic and practical resources in security Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known

Metasploit module for WordPress DOS load-scripts.php CVE-2018-638

wordpress-CVE-2018-6389 Metasploit module for WordPress DOS load-scriptsphp CVE-2018-638

Web Uygulaması Sızma Testi Kontrol Listesi ** Bilgi Toplama Aşaması** Web sunucusunu, teknolojilerini ve veritabanını tanımlama İştirak ve Satın Alma Keşfi Ters Arama(Reverse Lookup) ASN & IP Alanı Keşfi ve Hizmet Numaralandırma Google Dorking Github Recon Dizin Keşfi IP Aralığı Keşfi JS Dosyaları Analizi Alt Alan Adı Keşfi ve Brutefor

cve-2018-6389 Twitter: twittercom/Ja7adR Telegram: tme/Ja7adR

CVE-2018-6389 WordPress Core - 'load-scripts.php' Denial of Service <= 4.9.4

WordPress-CVE-2018-6389 WordPress Core - 'load-scriptsphp' Denial of Service &lt;= 494 Date: 05/02/2018 Software Link: WordPress Version: &lt;= 494 Tested on: KaLi Linux 20181 CVE: CVE-2018-6389 Discovered by: Barak Tawily Exploit by: Javier Olmedo HOW TO USE? Clone this repository git clone githubcom/JJavierOlmedo/wordpress-cve-2018-6389git

Proof of Concept of vunerability CVE-2018-6389 on Wordpress 4.9.2

PoC - CVE-2018-6389 Proof of Concept of vunerability CVE-2018-6389 on Wordpress 492

PoC - CVE-2018-6389 Proof of Concept of vunerability CVE-2018-6389 on Wordpress 492 This vulnerability lets a remote unauthenticated attacker to cause DoS of a Wordpress based web application Presentazione: docsgooglecom/presentation DoSer Python Tool usage: mydoser_getpy [-h] [-t THREADS] [-u URL] Sending unlimited requests to perform DoS attack optional arguments:

Apache RewriteRule to mitigate potential DoS attack via Wordpress wp-admin/load-scripts.php file

wordpress-fix-cve-2018-6389 Apache RewriteRule to mitigate potential DoS attack via Wordpress wp-admin/load-scriptsphp file Initial disclosure by Barak Tawily: baraktawilyblogspotin/2018/02/how-to-dos-29-of-world-wide-websiteshtml

wordPressDOSPOC Usage: /launchsh target-wordpress-installation-you-ownfoobar | #number of requests | #seconds to sleep after each wave a proof of concept based on wwwvulnspycom/en-cve-2018-6389-wordpress-denial-of-service-dos-vulnerability/ I'm sure there 398234 better implementations in python, give or take a few, I'm just playing around with bas

wordPressDOSPOC Usage: /launchsh target-wordpress-installation-you-ownfoobar | #number of requests | #seconds to sleep after each wave a proof of concept based on wwwvulnspycom/en-cve-2018-6389-wordpress-denial-of-service-dos-vulnerability/ I'm sure there 398234 better implementations in python, give or take a few, I'm just playing around with bas