This repository contains a script that exploits the CVE-2023-22622 vulnerability in WordPress, causing a Denial of Service (DoS) via WP-Cron. This script can be used to flood a vulnerable WordPress site with requests, potentially leading to server overload.
- Exploit Title: DoS WP-Cron - CVE-2023-22622
- Date: 07/29/2024
- Exploit Author: Michael Fry
- Vendor Homepage: WordPress
- Software Link: Download WordPress
- Version: Up to (including) 6.6.1
- Tested on: Kali Linux
- CVE: CVE-2023-22622
- Python 3.x
requestslibrary- A vulnerable instance of WordPress
Clone the repository:
git clone https://github.com/michael-david-fry/DoS-WP-Cron-CVE-2023-22622.git
cd DoS-WP-Cron-CVE-2023-22622Install the required Python libraries:
pip install requestsThis script allows you to send a large number of HTTP requests to a specified URL, which can potentially cause a Denial of Service (DoS) on a vulnerable WordPress site.
-m, --method: Specify the HTTP request method (GET or POST).-u, --url: Specify the target URL.-d, --data: Data payload for POST requests (optional).-t, --threads: Number of threads to be used (default: 500).
python exploit.py -m GET -u http://example.com/wp-cron.php -t 1000request_counter: Keeps track of the number of requests sent.printed_msgs: Stores messages that have been printed to avoid duplication.lock: Threading lock to ensure thread safety.
print_msg(msg): Prints a message once.handle_status_codes(status_code): Handles HTTP status codes and prints appropriate messages.send_request(method, url, payload=None): Sends an HTTP request and handles the response.main(): Parses command-line arguments and initiates the sending of requests using a thread pool.
This exploit is provided for educational purposes only. The author is not responsible for any damage caused by the use of this exploit. Use it at your own risk and ensure you have proper authorization before testing it on any site.