Header Ads








WordPress or on Drupal are Vulnerable in DoS ATTACK






UPDATE NOW
The XML vulnerability is present in WordPress versions 3.5 to 3.9.1 (the latest version) and works on the default installation. The same vulnerability affects Drupal versions 6.x to 7.x (the current version) and also works on the default installation.
Both WordPress and Drupal have released an update today to address this problem and all users should upgrade to the latest version as soon as possible.
WordPress 3.7 introduced automatic updates which allows security patches, such as this one, to get rolled out to users automatically.


WORDPRESS AND DRUPAL USED BY MILLIONS OF WEBSITES
The issue is actually serious because WordPress and Drupal is being used by millions of websites. The recent statistics from the World Wide Web Consortium (WC3) says that WordPress alone powers nearly 23% of the web, and over one million websites used by Drupal.
WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that’s why tens of millions of websites across the world opt it.



VULNERABILITY RESULTS IN DoS ATTACK
The latest update of WordPress 3.9.2 mainly addresses an issue in the PHP’s XML processor that could be exploited to trigger a DoS (denial of service) attack. The vulnerability affects all previous versions of WordPress.
The XML vulnerability was first reported by Nir Goldshlager, a security researcher from Salesforce.com's product security team, that impacts both the popular website platforms. The issue was later fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team.


As explained earlier, the XML vulnerability makes use of an XML Quadratic Blowup Attack, which is almost similar to a ‘Billion Laughs attack’ that allows a very small XML document to completely disrupt the services on machine in a matter of seconds.
The XML Quadratic Blowup Attack exploits the use of entity expansion, instead of using nested entities inside an XML document, it replicates one large entity with tens of thousands of characters over and over again.
In this type of attack, a medium-sized XML document of nearly two hundred kilobytes in size could require within the range of hundreds of megabytes to several gigabytes of memory. That if exploited by an attacker, could easily bring down an entire website or web server.
"If an attacker defines the entity "&x;" as 55,000 characters long, and refers to that entity 55,000 times inside the "DoS" element, the parser ends up with an XML Quadratic Blowup attack payload slightly over 200 KB in size that expands to 2.5 GB when parsed. This expansion is enough to take down the parsing process," Nir Goldshlager wrote in his blog.
VIDEO DEMONSTRATION
Goldshlager has also provided a video demonstration as a proof-of-concept to the WordPress Denial of Service attack.












No comments

blogmytuts. Powered by Blogger.