WordPress 5.3 Denial Of Service

Posted by deepcore on January 15, 2020 – 12:38 am

WordPress is vulnerable to denial of service by abusing XMLRPC API. The system.multicall function lets you batch other API calls. Another API function is pingback.ping, which makes WordPress make a connection out to another site. If you batch a few thousand pingback.ping requests using the multicall feature, you can exhaust a variety of different resources on the server. This PoC will eat through Apache2’s worker threads and will also make MySQL eat up more CPU and mem, possibly knocking over low-RAM VPS instances.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Sagemcom Fast 3890 Remote Code Execution IBM RICOH InfoPrint 6500 Printer HTML Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

WordPress 5.3 Denial Of Service

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL