关联漏洞
标题:
OpenSSL 缓冲区错误漏洞
(CVE-2014-0195)
描述:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的d1_both.c文件中的‘dtls1_reassemble_fragment’函数存在安全漏洞,该漏洞源于程序没有正确验证DTLS ClientHello消息中的段长度。远程攻击者可借助长的未初始化的段值利用该漏洞执行任意代码或造成拒绝服务(缓冲区溢出和应用程序崩溃)。以下版本受到影响:Ope
描述
Exploit for CVE-2014-0195
介绍
# XML-RPC WordPress Brute-Force Exploit Script
This repository contains a Python-based proof of concept (PoC) for brute-forcing login credentials on WordPress instances vulnerable to CVE-2014-0195, where the XML-RPC `system.multicall` function can be exploited to attempt multiple login requests in a single HTTP request, potentially resulting in a denial of service. This script is intended for cybersecurity professionals to evaluate the security posture of WordPress installations.
## Disclaimer
> This code is strictly for ethical use on authorized systems. Unauthorized use of this code is illegal and may lead to severe consequences. Always obtain explicit permission before testing or exploiting systems you do not own.
## Vulnerability Overview
The vulnerability lies in WordPress's XML-RPC API, specifically within the `system.multicall` method. This method allows for batching multiple requests, which is exploited here to submit multiple login attempts within a single request. This feature allows for faster brute-force attempts and bypasses typical rate-limiting protections.
More details can be found in the [Broadcom Security Advisory](https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31137).
## Prerequisites
- **Python 3**
- **Requests library**: Install via `$ pip install -r requirements.txt` or `$ pip install requests`.
- **Seclists**: This script uses the `rockyou-75.txt` password file from Seclists. Ensure it’s installed at `/usr/share/seclists/Passwords/Leaked-Databases/rockyou-75.txt` or change the path accordingly.
## How It Works
The script performs the following steps:
1. **Initialize and Load Passwords**: Loads a list of passwords from the specified file.
2. **Payload Generation**: Generates XML-RPC payloads containing up to 200 login attempts each, using the `system.multicall` method.
3. **Multithreaded Request Sending**: Launches threads to send each payload to the target URL and monitors responses for successful logins.
文件快照
[4.0K] /data/pocs/193666fab7d0db7c02425f20abbe3c58b02e7931
├── [ 174] pyvenv.cfg
├── [2.0K] README.md
├── [ 464] requirements.txt
└── [4.0K] src
└── [2.2K] main.py
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。