Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit

[Don Voita <don@xxxxxxxxxxx>]

If you have the register user functionality disabled, like I do, you can 
rename wp-register.php to something else.  This workaround prevented the 
DoS for me, and will hold you over until the developers have a chance to 
address this.

Don

h4cky0u.org@xxxxxxxxx wrote:
> ------------------------------------------------------
>       HYSA-2006-005 h4cky0u.org Advisory 014
> ------------------------------------------------------
> Date - Wed March 08 2006
>
>
> TITLE:
> ======
>
> WordPress 2.0.1 Remote DoS Exploit
>
>
> SEVERITY:
> =========
>
> Medium
>
>
> SOFTWARE:
> =========
>
> Wordpress 2.0.1 and prior
>
>
> INFO:
> =====
>
> WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and 
>
> usability. What a mouthful. WordPress is both free and priceless at the same 
> time.
>
> Support Website : http://wordpress.org/
>
>
> FIX:
> ====
>
> No fix available as of date.
>
>
> GOOGLEDORK:
> ===========
>
> "Powered by WordPress" 
>
>
> CREDITS:
> ========
>
> - Exploit coded by matrix_killer of h4cky0u Security Forums
>
> Mail : matrix_k at abv dot bg
>
> Web : http://www.h4cky0u.org
>
>
> - Co Researcher -
>
> h4cky0u of h4cky0u Security Forums.
>
> Mail : h4cky0u at gmail dot com
>
> Web : http://www.h4cky0u.org
>
>
> ORIGINAL ADVISORY:
> ==================
>
> http://www.h4cky0u.org/advisories/HYSA-2006-005-wordpress.txt
>
>
>