Resultados 1 a 1 de 1
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    14,983

    Major WordPress & Drupal Vulnerability

    WordPress and Drupal have released patches for their applications. Users and web hosts simply need to upgrade to the latest version to protect against the vulnerability.

    Nir Goldshlager, a security researcher from Salesforce.com's product security team, has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.

    The vulnerability uses a well-known XML Quadratic Blowup Attack — and when executed, it can take down an entire website or server almost instantly.

    With this type of attack, an XML document that might be a few hundred kilobytes in size can end up requiring hundreds of megabytes or even gigabytes of memory.

    The vulnerability affects WordPress versions 3.5 to 3.9 (the current version) and works on the default installation. It affects Drupal versions 6.x to 7.x (the latest version) and also works on the default


    How the attack is exploited

    The default memory allocation limit for PHP (the language that WordPress and Drupal are written in) is 128MB per process. In theory, this means that you can't exceed the 128MB limit with an XML bomb request. So far so good, right?

    Here's the problem: Apache, the world's most popular web server, has its "Max Clients" property set to 256 by default. Meanwhile, MySQL, the database that WordPress and Drupal use, has its default "Max Connections" value set to 151.

    If we multiply those connections against one another (128x151), we get 19328MB — which will consume all available memory.

    To successfully attack the server, the attacker needs to fingerprint the available memory limit on the victim's server. If the attack overwrites the PHP limit, the server will reject the overwrite, rendering the attack unsuccessful.

    A successful attack, however, will return the injected payload as a result. This will bring down the system.

    Matéria completa:

    http://mashable.com/2014/08/06/wordp...ml-blowup-dos/
    Última edição por 5ms; 07-08-2014 às 10:53.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •