A pingback security
bug exists in the Wordpress blogging platform may be exploited to
launch distributed denial-of-service (DDoS) attacks, according to web
application security firm Acunetix.
The vulnerability is exploitable through the platform’s XMLRPC API (through XMLRPC.PHP).
A malicious hacker can spoof a pingback to a specific blog in order to
guess hosts inside each network they target, port scan those hosts,
reconfigure internal routers or simply launch DDoS attacks.
The team successfully implemented an Acunetix WVS script to test this
security flaw. This script will try to resolve various common internal
hosts and try to connect to common ports. In the end, it will report the
successful attempts
No comments:
Post a Comment