[wp-hackers] New Security Vulnerability?
David Chait
davebytes at comcast.net
Fri Mar 10 02:04:39 GMT 2006
Nicely whipped-up.
Of course, it sends an email and updates two options in the database every
attempt (which I assume is only one write, but still...) -- that's about the
same as a new registration, though minus the 'cost' of the explosion in the
user table size. ;)
Of course, if done as distributed DoS, it would populate the options table
with a ton of extra/dead data, probably then an equal or worse case... ;)
Again, my assumption is if you took the sample script, and changed it to hit
pretty much any PHP page, certainly anything with a database read, or write,
it'd probably take down 50% of the machines on resources alone. The email
definitely just adds to the fire. :)
-d
----- Original Message -----
From: "Owen Winkler" <ringmaster at midnightcircus.com>
To: <wp-hackers at lists.automattic.com>
Sent: Thursday, March 09, 2006 3:26 PM
Subject: Re: [wp-hackers] New Security Vulnerability?
| Denis de Bernardy wrote:
| > +1. an advisory with proof of concept code to mass-produce users. how
| > __evil__. at this rate, we'll soon see an advisory with proof of concept
| > code to mass-produce comments. ;)
|
| Along those lines, here's a proof of concept to mass block user
| registrations from the same IP within 5 minutes. (It also blocks brute
| force password cracks.)
|
| The comment blocking thing is already done, I think. ;)
|
| Owen
|
|
More information about the wp-hackers
mailing list