WordPress DoS attack CVE-2018–6389
Hi readers! In this post, I would like to share 2 years ago vulnerability of WordPress bug dos attack.
What is WordPress?
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes.
Technical details of CVE-2018–6389
The bug is discovered in ‘load-scripts.php’, a script in the Wordpress core code that processes user defined requests. These two script files are used to load web page content by searching for each file listed as a comma separated parameter, for example:
https://example.com/wp-admin/load-scripts.php?c=1&load[]=jquery-ui-core&ver=4.9.1Where the .js file being load is jquery-ui-core. There are 181 .js scripts defined in script-loader.php that can be appended to the above string in order to load all 181 scripts in a single request. This doesn’t require any authentication and while a single request isn’t enough to cause too much load on a server, a script requesting many per second could be.
CVE-2018–6389 Exploit Can Down Any Wordpress site under 4.9.3
Let’s find out from the internet.
PoC
Practice your pentesting skills visit @Vulnmachines.com.
For CVE PoC subscribe YouTube Rapid SafeGuard
Hire me :)
Twitter: Rapidsafeguard
Instagram: Rapidsafeguard
Facebook: Theeasyhack
YouTube: Rapidsafeguard
LinkedIn: Rapidsafeguard
Blog : Easyhack.in
