If you have the register user functionality disabled, like I do, you can
rename wp-register.php to something else. This workaround prevented the
DoS for me, and will hold you over until the developers have a chance to
address this.
Don
h4cky0u.org@xxxxxxxxx wrote:
------------------------------------------------------
HYSA-2006-005 h4cky0u.org Advisory 014
------------------------------------------------------
Date - Wed March 08 2006
TITLE:
======
WordPress 2.0.1 Remote DoS Exploit
SEVERITY:
=========
Medium
SOFTWARE:
=========
Wordpress 2.0.1 and prior
INFO:
=====
WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and
usability. What a mouthful. WordPress is both free and priceless at the same time.
Support Website : http://wordpress.org/
FIX:
====
No fix available as of date.
GOOGLEDORK:
===========
"Powered by WordPress"
CREDITS:
========
- Exploit coded by matrix_killer of h4cky0u Security Forums
Mail : matrix_k at abv dot bg
Web : http://www.h4cky0u.org
- Co Researcher -
h4cky0u of h4cky0u Security Forums.
Mail : h4cky0u at gmail dot com
Web : http://www.h4cky0u.org
ORIGINAL ADVISORY:
==================
http://www.h4cky0u.org/advisories/HYSA-2006-005-wordpress.txt
