Proof of Concept PHP exploit for WordPress DoS Attack CVE-2014-9034 worked like a charm on my own WordPress website. Surprisingly, CVE-2014-9034 was published for sometime and it seems WordPress still hasn’t fixed this issue. I will explain how to use this Proof of Concept tool and test your own WordPress …
Read More »IPv6 issues: Localized Denial-of-service caused by incorrect NXDOMAIN responses from AAAA queries
This is an unusual situation and a misconfiguration on DNS servers that can be exploited using a simple AAAA DNS query. This causes a localized Denial-of-service situation where users behind a specific resolver will get: Error: Unable to determine IP address from host name www.somevulnerablesite.com The DNS server returned: Name …
Read More »Check for Shellshock Bash Vulnerability and how to fix it
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. In this …
Read More »