Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30600
HistoryMay 04, 2014 - 12:00 a.m.

DoS via tables corruption in WordPress

2014-05-0400:00:00
vulners.com
15
JSON

Hello 3APA3A!

There is DoS vulnerability in WordPress, about which I wrote in 2009 (http://websecurity.com.ua/3152/, on English http://perishablepress.com/important-security-fix-for-wordpress/comment-page-5/#comment-71666), which allows to conduct DoS attack or reinstall of the engine (depending on corrupted table). And in 2012 (http://websecurity.com.ua/5774/, on English http://securityvulns.ru/docs27968.html) I wrote that developers hadn't fixed it, even they said so, and they made new DoS vulnerability.

In April 2012 I wrote my article "Attack via tables corruption in MySQL" (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-May/008363.html) and in July made English version of the article (http://websecurity.com.ua/articles/attack-via-tables-corruption-in-mysql/). Where I described vulnerabilities in WordPress and IPB which are based on my conception of attack via tables corruption.

On Saturday I published a video with my WordPress DoS exploit (http://www.youtube.com/watch?v=kwv5ni_qxXs), which shows this DoS attack on one security site on WordPress. Vulnerable are all versions of WordPress. This video is a proof of this vulnerability in WP and of the attack described in the article.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON