Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2014-0195 PoC — OpenSSL 缓冲区错误漏洞

Source
https://github.com/PezwariNaan/CVE-2014-0195
Associated Vulnerability
Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0195)
Description:The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Description
Exploit for CVE-2014-0195
Readme
# XML-RPC WordPress Brute-Force Exploit Script

This repository contains a Python-based proof of concept (PoC) for brute-forcing login credentials on WordPress instances vulnerable to CVE-2014-0195, where the XML-RPC `system.multicall` function can be exploited to attempt multiple login requests in a single HTTP request, potentially resulting in a denial of service. This script is intended for cybersecurity professionals to evaluate the security posture of WordPress installations.

## Disclaimer

> This code is strictly for ethical use on authorized systems. Unauthorized use of this code is illegal and may lead to severe consequences. Always obtain explicit permission before testing or exploiting systems you do not own.

## Vulnerability Overview

The vulnerability lies in WordPress's XML-RPC API, specifically within the `system.multicall` method. This method allows for batching multiple requests, which is exploited here to submit multiple login attempts within a single request. This feature allows for faster brute-force attempts and bypasses typical rate-limiting protections.

More details can be found in the [Broadcom Security Advisory](https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31137).

## Prerequisites

- **Python 3**
- **Requests library**: Install via `$ pip install -r requirements.txt` or `$ pip install requests`.
- **Seclists**: This script uses the `rockyou-75.txt` password file from Seclists. Ensure it’s installed at `/usr/share/seclists/Passwords/Leaked-Databases/rockyou-75.txt` or change the path accordingly.

## How It Works

The script performs the following steps:

1. **Initialize and Load Passwords**: Loads a list of passwords from the specified file.
2. **Payload Generation**: Generates XML-RPC payloads containing up to 200 login attempts each, using the `system.multicall` method.
3. **Multithreaded Request Sending**: Launches threads to send each payload to the target URL and monitors responses for successful logins.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →