Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-6389 PoC — WordPress 安全漏洞

Source
https://github.com/Zazzzles/Wordpress-DOS
Associated Vulnerability
Title:WordPress 安全漏洞 (CVE-2018-6389)
Description:In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Description
Exploit for vulnerability CVE-2018-6389 on wordpress sites
Readme
# CVE-2018-6389 exploit for Wordpress sites

> A small DOS script targeting an unpatched vulnerability in wordpress sites. 
> Uses `/wp-admin/load-scripts.php` to request additional scripts from hosting server.
> Includes large list of scripts as request payload

> This implementation is for testing purposes only

## Usage

> `python wpdos.py -t 5000 -g 'https://www.wordpresswebsite.co.za'` 

> `-t` specifies how many threads requests should run on

> `-g` Specifies GET request type

## Dependancies

> This script requires the `requests` package. Reccommend installation with [pip](https://bootstrap.pypa.io/get-pip.py)

## Acknowledgements

> This script was put together with snippets from @m3ssap0 @WazeHell and @Palvinder-Singh
File Snapshot

 [4.0K]  /data/pocs/31782af19e8545f5127bea04f26baf8a6906fc71
├── [1.6M]  get-pip.py
├── [ 738]  README.md
└── [6.1K]  wpdos.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →