• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • WordPress and Drupal websites Vulnerable to DoS attack which can make them completely inaccessible

WordPress and Drupal websites Vulnerable to DoS attack which can make them completely inaccessible

Pierluigi Paganini August 07, 2014

The popular expert Nir Goldshlager has discovered an XMLRPC vulnerability which affects millions WordPress and Drupal websites exposing them to DoS Attack.

If your website is based a WordPress or Drupal CMS you need to urgently update it to the last version released due to the presence of a critical vulnerability in the implementation of XMLRPC. XMLRPC is a remote procedure call (RPC) protocol which uses XML to encode its request and the HTTP as a carrier. The vulnerability is critical because millions of websites currently use WordPress and Drupal, the XML vulnerability is present in WordPress versions from 3.5 to 3.9.1 and Drupal versions from 6.x to 7.x.
The critical flaw, which affects all previous versions of WordPress, could be exploited by an attacker to conduct a Denial of Service (DoS) attack against our our website.
The vulnerability in the CMSs was discovered by the popular expert Nir Goldshlager, it is a problem related to the PHP’s XML processor that was promptly fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team.
As explained by the research Goldshlager in his blog post, a hacker could exploit a know technique of attack, the XML Quadratic Blowup Attack, to make the targeted website completely inaccessible instantly due to the saturation of memory, CPU and of the pool of open connections.

Goldshlager highlights the similitude of the XML quadratic blowup attack with the Billion Laughs attack, it basically exploits the use of entity expansion, this means that it replicates one large entity using a couple thousand characters repeatedly.

“A medium-sized XML document of approximately two hundred kilobytes may require anywhere within the range of one hundred MB to several GB of memory. When the attack is combined with a particular level of nested expansion, an attacker is then able to achieve a higher ratio of success.”

In the following example provided by the expert, if the attacker defines the entity “&x;” as 55,000 characters long, and uses this entity 55,000 times inside the XML “DoS” element, the parser will expand to 2.5 GB the document causing the saturation of resources of targeted website.

<?xml version=”1.0″?> 
<!DOCTYPE DoS [!<ENTITY a "xxxxxxxxxxxxxxxxx...">]>
<DoS>&x;&x;&x;&x;&x;&x;&x;&x;&x;…</DoS>

wordpress Drupal hacking

Following a video Proof of Concept of the attack on WordPress published by Goldshlager, while the PoC Exploit: (128MB Memory limit) is available at the address below

https://drive.google.com/file/d/0B2-5ltUODX1Lc3pGV0FjbUk4bjA/edit?usp=sharing

Both WordPress and Drupal have released an update today to fix the problem, all users that have chosen to manually update their CMS instance, urge to upgrade it to the latest version.

Pierluigi Paganini

(Security Affairs –  Drupal, WordPress, hacking)  


facebook linkedin twitter

Billion Laughs attack Denial of Service Drupal Hacking Nir Goldshlager Wordpress

you might also like

Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more
Pierluigi Paganini July 25, 2025
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT