CVE-2018-6389 PoC — WordPress 安全漏洞

Source

https://github.com/ianxtianxt/CVE-2018-6389

Associated Vulnerability

Title:WordPress 安全漏洞 (CVE-2018-6389)
Description:In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

Description

CVE-2018-6389: WordPress <= 4.9.x 拒绝服务(DOS)漏洞

Readme

# doser.py
DoS tool for HTTP requests (inspired by hulk but has more functionalities) written in Python:
![](https://raw.githubusercontent.com/Quitten/doser.py/master/doser.jpg)

# Examples
999 threads sends GET requests:

```bash
python doser.py -t 999 -g 'https://targeted.site.com'
```

999 threads sends POST requests with json data:

```bash
python doser.py -t 999 -p 'https://targeted.site.com' -ah 'Content-Type: application/json' -d '{"json": "payload"}'
```

# Usage
usage: doser.py [-h] [-g G] [-p P] [-d D] [-ah AH] [-t T]

optional arguments:

  -h, --help  show this help message and exit
  
  -g        Specify GET request. Usage: -g '< url >'
  
  -p        Specify POST request. Usage: -p '< url >'
  
  -d        Specify data payload for POST request
  
  -ah      Specify addtional header
  
  -t        Specify number of threads to be used

# TODO:
Rewrite to Golang :)

File Snapshot


 [4.0K]  /data/pocs/088df59580f933b825df893350dc69c0d113c293
├── [7.6K]  doser.jpg
├── [4.6K]  doser.py
└── [ 889]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!