{"vulnerability": "CVE-2018-6389", "sightings": [{"uuid": "6f78fee3-b951-4f4d-a98e-064406cc95ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "MISP/86d5e729-7eed-4d44-8dd6-a0944e5371e5", "content": "", "creation_timestamp": "2024-11-14T06:08:22.000000Z"}, {"uuid": "e7aa46c4-3354-463f-a81c-84edac948fab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/D4RKW0R1D/6418", "content": "FROM INTERNET\n\n1)CVE-2018-6389 exploitation - using scripts loader\nhttps://hackerone.com/reports/925425\n\n2)No DMARC record at cordacon.com\nhttps://hackerone.com/reports/1125143\n\n3)Fortinet FortiWeb OS Command Injection\nhttps://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/\n\n4)How I found read/write access to the personal data of 3 million users of an E-commerce website?\nhttps://medium.com/@psr595bro/how-i-found-read-write-access-to-the-personal-data-of-3-million-users-of-an-e-commerce-website-b9026b0d4bd3\n\n5)Secure Coding Handbook\nhttps://vladtoie.gitbook.io/secure-coding/\n\n6)Top 10 Kubernetes Application Security Hardening Techniques\nhttps://blog.aquasec.com/kubernetes-hardening-techniques?utm_campaign=General%20website&amp;utm_medium=email&amp;_hsmi=150580512&amp;_hsenc=p2ANqtz-97I89xNVbSDmrI-6_skudpuKla-2JD0OyfIGrOQjOzHaPHKFNH-yb-vsMmjcOxUtBSOj__vlDRyYYlEdqvzg1Ujdc01w&amp;utm_content=150580512&amp;utm_source=hs_email\n\n7)Vulnerability Assessment I A Complete Guide\nhttps://www.hackerone.com/blog/vulnerability-assessment-i-complete-guide\n\n8)Breaking into Cybersecurity Successfully.pdf\nhttps://github.com/iamthefrogy/FYI/blob/main/Material/Breaking%20into%20Cybersecurity%20Successfully.pdf", "creation_timestamp": "2021-08-19T06:22:02.000000Z"}, {"uuid": "c96c6958-556c-49e9-8be6-e0e486fe10b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/codeby_sec/1344", "content": "#pentest #vulnerability \nCVE-2018-6389 - Wordpress DOS", "creation_timestamp": "2018-04-09T06:36:01.000000Z"}, {"uuid": "6e47d1bf-112c-4d60-b5bc-9766807a637e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "Telegram/d8wD4nyiI6OV0OXzhOtZYCLbRAqpkWgPekubzfScCoXm1wI", "content": "", "creation_timestamp": "2025-11-13T15:00:08.000000Z"}, {"uuid": "04c6b02a-7563-4778-9640-b30fe4d3fa1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/spammerspacer/33792", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-06-20T19:53:12.000000Z"}, {"uuid": "96b66edc-9149-4000-85d6-cc5c619057a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/107174", "content": "Fastly VDP: CVE-2018-6389 exploitation - using scripts loader\n\nhttps://ift.tt/IAGEomv", "creation_timestamp": "2023-04-20T22:06:39.000000Z"}, {"uuid": "99525db4-da5d-4d87-bdbe-68c6202203a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/33097", "content": "Sifchain: Possibility of DoS attack at https://ift.tt/33ljPcB via CVE-2018-6389 exploitation\n\nhttps://ift.tt/2R5YkcK", "creation_timestamp": "2021-05-07T18:52:28.000000Z"}, {"uuid": "237ca0ee-d0c6-4c5a-ba9a-30f9d183beee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/101392", "content": "U.S. Dept Of Defense: DoS at \u2588\u2588\u2588\u2588\u2588(CVE-2018-6389)\n\nhttps://ift.tt/w12JF0G", "creation_timestamp": "2023-03-24T20:36:45.000000Z"}, {"uuid": "608eb5a5-7b68-4ca0-8a58-77855fca3ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/spammermarketool/39118", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-06-20T19:53:12.000000Z"}, {"uuid": "532896dd-baa1-4f76-9d5d-a0d829387c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/95558", "content": "U.S. Dept Of Defense: DoS at \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588 (CVE-2018-6389)\n\nhttps://ift.tt/P6flUKv", "creation_timestamp": "2023-02-24T22:06:49.000000Z"}, {"uuid": "3807f380-093c-4e2a-94e8-3630de5ec4d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/19162", "content": "Ian Dunn: Dos https://iandunn.name/ via CVE-2018-6389 exploitation\n\nhttps://ift.tt/39RUzfA", "creation_timestamp": "2020-01-09T03:42:39.000000Z"}, {"uuid": "c6e6aa15-8ef9-4c4d-b875-6ed3d1397102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/20503", "content": "Maker Ecosystem Growth Holdings, Inc: DoS of https://ift.tt/2ilfTkR via CVE-2018-6389\n\nhttps://ift.tt/39IbsIS", "creation_timestamp": "2020-02-18T19:22:25.000000Z"}, {"uuid": "8eb2d19c-3ea9-4bc7-b832-6c2623a97d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "Telegram/dt3wzguPwvHeMGbS-iOOUe43Y1n6HJwkKjrvq5BX_wYbkhfe", "content": "", "creation_timestamp": "2022-08-25T16:41:15.000000Z"}, {"uuid": "3ee849ad-c0ef-45f8-93ae-c4c8edc05ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/openSource3/151", "content": "CVE ID : CVE-2018-6389\nSystem : WordPress 4.9.2\nType : DOS\n\nExploit \n\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0628\u0641\u062f\u064a\u0648 :\nVideo", "creation_timestamp": "2024-06-02T07:46:18.000000Z"}, {"uuid": "82bc97a0-39a2-4e9e-8d26-2ae9f638f7e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/arpsyndicate/1873", "content": "#ExploitObserverAlert\n\nCVE-2018-6389\n\nDESCRIPTION: Exploit Observer has 111 entries related to CVE-2018-6389. In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.\n\nFIRST-EPSS: 0.408310000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-18T00:42:09.000000Z"}, {"uuid": "93d2f64e-6975-4934-a57e-f67a35b562df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "Telegram/qA7RHbfeiqXzFaQFtQDWHegpUj17EgvuINx_Fz9sXMRGmneY", "content": "", "creation_timestamp": "2022-06-20T20:34:58.000000Z"}, {"uuid": "b371e0bd-7d4e-4e67-9106-f220bd47869b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/3636", "content": "DoS of https://nordvpn(.)com/ via CVE-2018-6389 exploitation\nhttps://hackerone.com/reports/752010", "creation_timestamp": "2020-01-08T15:00:20.000000Z"}, {"uuid": "797cea27-e452-4548-9896-389a8953ba71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/ctinow/184474", "content": "https://ift.tt/aKxsNc9\nPublitas: CVE-2018-6389 exploitation - using scripts loader", "creation_timestamp": "2024-02-14T08:51:19.000000Z"}, {"uuid": "338fe254-873e-4708-85db-8b11d5d7115d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/D4RKW0R1D/557", "content": "FROM INTERNET\n\n1)CVE-2018-6389 exploitation - using scripts loader\nhttps://hackerone.com/reports/925425\n\n2)No DMARC record at cordacon.com\nhttps://hackerone.com/reports/1125143\n\n3)Fortinet FortiWeb OS Command Injection\nhttps://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/\n\n4)How I found read/write access to the personal data of 3 million users of an E-commerce website?\nhttps://medium.com/@psr595bro/how-i-found-read-write-access-to-the-personal-data-of-3-million-users-of-an-e-commerce-website-b9026b0d4bd3\n\n5)Secure Coding Handbook\nhttps://vladtoie.gitbook.io/secure-coding/\n\n6)Top 10 Kubernetes Application Security Hardening Techniques\nhttps://blog.aquasec.com/kubernetes-hardening-techniques?utm_campaign=General%20website&amp;utm_medium=email&amp;_hsmi=150580512&amp;_hsenc=p2ANqtz-97I89xNVbSDmrI-6_skudpuKla-2JD0OyfIGrOQjOzHaPHKFNH-yb-vsMmjcOxUtBSOj__vlDRyYYlEdqvzg1Ujdc01w&amp;utm_content=150580512&amp;utm_source=hs_email\n\n7)Vulnerability Assessment I A Complete Guide\nhttps://www.hackerone.com/blog/vulnerability-assessment-i-complete-guide\n\n8)Breaking into Cybersecurity Successfully.pdf\nhttps://github.com/iamthefrogy/FYI/blob/main/Material/Breaking%20into%20Cybersecurity%20Successfully.pdf", "creation_timestamp": "2021-08-19T08:21:59.000000Z"}, {"uuid": "5bec636b-8902-4be6-8109-53ca3dd5abb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/LeakingXTeam/20993", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-06-20T19:53:12.000000Z"}, {"uuid": "7a6615ce-9d15-47dd-a7a7-5610731623a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "exploited", "source": "https://t.me/canyoupwnme/3262", "content": "How to DoS 29% of the World Wide Websites - CVE-2018-6389\nhttps://baraktawily.blogspot.com.tr/2018/02/how-to-dos-29-of-world-wide-websites.html", "creation_timestamp": "2018-02-14T09:33:59.000000Z"}, {"uuid": "7e6ff4a1-c9e1-4245-a1a1-e51ff5bd4220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/hackingtoolsprvi8/2727", "content": "\ud83d\udd25 Best HQ Wordpress Exploit AiO Package \u2764\ufe0f\n\n\u2757\ufe0f NOTED : Not for Sale !!! \n\nMaybe you hard find exploit wordpress and this our channel want gift something special to everyone\nfor support our channel exploit must working with python I recommend python3 and python2 \ninstalled both in machine because tools some different coder and exploit will be needed different version 2.7 and 3\n\n\n\u26a0\ufe0f I am Not Responsible for Any Damage \u26a0\ufe0f\n\nCVE-2014-7969\nCVE-2014-9473\nCVE-2015-6522\nCVE-2016-10033\nCVE-2018-6389\nCVE-2019-20361-EXPLOIT\nCVE-2019-8942-RCE\nCVE-2020-11738\nCVE-2020-12800\nCVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE\nCVE-2021-24762\nCVE-2021-25094-tatsu-preauth-rce\nWordpress-Plugin-Spritz-RFI\nWORDPRESS-Revslider-Exploit-0DAY\nWordpress-scanner\nWordPress_4.9.8_RCE_POC\nWP-augmented-reality-RCE\nWP-Content-Injection-Exploit\nwp-file-manager-CVE-2020-25213\nwp-gravity-form-exploit\nwp-plugin-amministrazione-aperta-LFI\nWP-SMTP-0DAY\n\nDownload Here : https://t.me/hackingtoolsprvi8/2377", "creation_timestamp": "2022-08-25T16:41:15.000000Z"}, {"uuid": "e2a11053-b77b-4424-80a4-764d04e42b86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/3397", "content": "700$ Denial of Service(DoS) vulnerability in script-loader.php (CVE-2018-6389)\nhttps://www.pankajinfosec.com/post/700-denial-of-service-dos-vulnerability-in-script-loader-php-cve-2018-6389", "creation_timestamp": "2019-11-21T11:20:46.000000Z"}, {"uuid": "7a203446-e5c2-4b09-b6ed-dac11384c89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/55", "content": "#exploit\n1. CVE-2018-5758:\nXXE in Jive-n 0-day\nhttps://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-5758\n\n2. CVE-2018-1335:\nCommand Injection in Apache Tika-server\nhttps://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-1335\n\n3. CVE-2018-6389:\nApache RewriteRule to mitigate potential DoS attack via Wordpress wp-admin/load-scripts.php file\nhttps://github.com/yolabingo/wordpress-fix-cve-2018-6389\n\n4. CVE-2018-12613:\nWordpress plugin Site-Editor v1.1.1 - LFI\nhttps://github.com/0x00-0x00/CVE-2018-7422", "creation_timestamp": "2024-06-22T09:28:36.000000Z"}, {"uuid": "0989385a-e466-414e-864a-4448e55f3a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "seen", "source": "https://t.me/critical_bug/660", "content": "https://hackerone.com/reports/694467\n\n\u042d\u0442\u043e\u0442 \u0440\u0435\u043f\u043e\u0440\u0442 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 WordPress, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0447\u0438\u0441\u043b\u0430 JS-\u0444\u0430\u0439\u043b\u043e\u0432 \u0438 CSS-\u0444\u0430\u0439\u043b\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b\u044b load-scripts.php, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0438\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u044e \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0443 \u0430\u0442\u0430\u043a\u0438 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS). \u0412 \u043e\u0442\u0447\u0451\u0442\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0434\u0435\u0442\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0435\u0451 \u0440\u0435\u0448\u0435\u043d\u0438\u044f. \u0422\u0430\u043a\u0436\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 OWASP 2017 \u0438 CVE-2018-6389. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441\u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 DoS \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0441\u0430\u0439\u0442, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u0430\u0439\u0442\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u0431\u0438\u0437\u043d\u0435\u0441-\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432.", "creation_timestamp": "2023-04-24T18:55:32.000000Z"}, {"uuid": "83437b24-e3a3-4aa1-9cea-8a136d7869bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/critical_bug/640", "content": "https://hackerone.com/reports/690330\n\n\u042d\u0442\u043e\u0442 \u0440\u0435\u043f\u043e\u0440\u0442 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 WordPress, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS) \u0441\u0430\u0439\u0442\u0430, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 load-scripts.php \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 JavaScript-\u0444\u0430\u0439\u043b\u043e\u0432 \u0431\u0435\u0437 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u043f\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0443. \u0425\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0438\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u044e \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 DoS \u043d\u0430 \u0441\u0430\u0439\u0442. \u0412 \u043e\u0442\u0447\u0435\u0442\u0435 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u0442\u0430\u043a\u0436\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0438, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u0440 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0438 \u0441\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438, \u0433\u0434\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0434\u0430\u043d\u043d\u043e\u043c \u0442\u0438\u043f\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 WordPress. \u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c web application firewall \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c .htaccess-\u0444\u0430\u0439\u043b \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u043c\u0438 \u0440\u0435\u0436\u0438\u043c\u0430\u043c\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0443 load-scripts.php. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 Using Components with Known Vulnerabilities \u0432 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0435 OWASP Top 10 2017. \u0412 CVE (Common Vulnerabilities and Exposures) \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2018-6389. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0430\u0442\u0430\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0441\u0430\u0439\u0442\u0430.", "creation_timestamp": "2023-04-23T21:57:13.000000Z"}, {"uuid": "9c4ce0a2-113b-4728-b388-b940bee7ebf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-6389", "type": "published-proof-of-concept", "source": "https://t.me/critical_bug/1469", "content": "[\ud83d\udd0d\ud83d\udee1\ufe0f\ud83d\udcbb] \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2018-6389 - \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432\n\n\u26a0\ufe0f \u0422\u0438\u043f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: Uncontrolled Resource Consumption\n\ud83d\udcb0 \u0411\u0430\u0443\u043d\u0442\u0438: \u043d\u0435 \u0443\u043a\u0430\u0437\u0430\u043d\u043e\n\ud83d\udcc9 \u041a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c: \u043d\u0438\u0437\u043a\u0430\u044f\n\n\ud83d\udd0d \u0410\u043d\u0430\u043b\u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b, \u0447\u0442\u043e \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043c\u043e\u0433\u0443\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 .js \u0444\u0430\u0439\u043b\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u0435\u0440\u0438\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0442 \u043a\u0430\u0436\u0434\u044b\u0439 \u0444\u0430\u0439\u043b \u043c\u043d\u043e\u0433\u043e\u043a\u0440\u0430\u0442\u043d\u043e. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043a\u0430\u043a CVE-2018-6389. \u041f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 GET-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a /wp-admin/load-scripts.php \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u043c\u0438, \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0438\u0435 \u043e\u0431\u044a\u0435\u043c\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0438\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u044e \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u0412 \u0438\u0442\u043e\u0433\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430, \u0441\u0435\u0440\u0432\u0435\u0440 \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 `406 Not Acceptable`.\n\n#ResourceConsumption #Low #SignalSciences\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0440\u0435\u043f\u043e\u0440\u0442\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435", "creation_timestamp": "2024-08-26T11:00:52.000000Z"}]}