Bugtraq mailing list archives
Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
From: Don Voita <don () cs ucsb edu>
Date: Thu, 09 Mar 2006 16:24:13 -0800
If you have the register user functionality disabled, like I do, you can rename wp-register.php to something else. This workaround prevented the DoS for me, and will hold you over until the developers have a chance to address this.
Don h4cky0u.org () gmail com wrote:
------------------------------------------------------ HYSA-2006-005 h4cky0u.org Advisory 014 ------------------------------------------------------ Date - Wed March 08 2006 TITLE: ====== WordPress 2.0.1 Remote DoS Exploit SEVERITY: ========= Medium SOFTWARE: ========= Wordpress 2.0.1 and prior INFO: =====WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, andusability. What a mouthful. WordPress is both free and priceless at the same time. Support Website : http://wordpress.org/ FIX: ==== No fix available as of date. GOOGLEDORK: ==========="Powered by WordPress"CREDITS: ======== - Exploit coded by matrix_killer of h4cky0u Security Forums Mail : matrix_k at abv dot bg Web : http://www.h4cky0u.org - Co Researcher - h4cky0u of h4cky0u Security Forums. Mail : h4cky0u at gmail dot com Web : http://www.h4cky0u.org ORIGINAL ADVISORY: ================== http://www.h4cky0u.org/advisories/HYSA-2006-005-wordpress.txt
Current thread:
- HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit h4cky0u . org (Mar 09)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit Don Voita (Mar 10)
- <Possible follow-ups>
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan (Mar 09)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan (Mar 10)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit anonymous (Mar 15)