- Status Closed
-
Assigned To
cbay - Private
Opened by Tr1l0kDh4k3d - 14.03.2025
Last edited by cbay - 15.03.2025
FS#137 - Critical Vulnerability Report- 1
Critical Vulnerability Report- {Critical BUG #P1} - https://blog.alwaysdata.com/wp-cron.php - vulnerable to DoS attack via wp-cron.php
NOTE: I did not do Exploitation that as this can impact your website.
Hello Security team,
I am a Security Engineer, Cyber Security Researcher, Bug Bounty Hunter & Ethical Hacker. While testing your domain https://alwaysdata.com I have found some important vulnerabilities in your site.
Vulnerability Name: https://blog.alwaysdata.com/ - vulnerable to DoS attack via wp-cron.php
Vulnerable Domain: https://blog.alwaysdata.com/wp-cron.php
Description:
The WordPress application is vulnerable to a Denial of Service (DoS) attack via the wp-cron.php script. This script is used by WordPress to perform scheduled tasks, such as publishing scheduled posts, checking for updates, and running plugins.
An attacker can exploit this vulnerability by sending a large number of requests to the wp-cron.php script, causing it to consume excessive resources and overload the server. This can lead to the application becoming unresponsive or crashing, potentially causing data loss and downtime.
I found this vulnerability at https://blog.alwaysdata.com/wp-cron.php endpoint.
Steps to Reproduce: reference- https://hackerone.com/reports/1888723
navigate to: https://blog.alwaysdata.com/wp-cron.php intercept the request through the burp suite
right click on the request and send it to the repeater
Now send a request, and you will see the response as 200 OK
—
this can be also done by the curl command given below
curl -I "https://blog.alwaysdata.com/wp-cron.php"
POC: Attached
Impact:
If successful, this misconfigured wp-cron.php file can cause lots of damage to the site, such as:
Potential Denial of Service (DoS) attacks, resulting in unavailability of the application.
Server overload and increased resource usage, leading to slow response times or application crashes.
Potential data loss and downtime of the site.
Hackers can exploit the misconfiguration to execute malicious tasks, leading to security breaches.
Exploitation:
Exploitation can be done through a GitHub tool called doser.go https://github.com/Quitten/doser.go
I did not do that as this can impact your website.
Get the doser.py script at https://github.com/Quitten/doser.py Use this command to run the script: python3 doser.py -t 999 -g 'https://blog.alwaysdata.com/wp-cron.php'
Go to after https://blog.alwaysdata.com/ 1000 requests of the doser.py script.
The site returns code 502.
Suggested Mitigation/Remediation Actions:
To mitigate this vulnerability, it is recommended to disable the default WordPress wp-cron.php script and set up a server-side cron job instead. Here are the steps to disable the default wp-cron.php script and set up a server-side cron job:
Access your website's root directory via FTP or cPanel File Manager.
Locate the wp-config.php file and open it for editing.
Add the following line of code to the file, just before the line that says "That's all, stop editing! Happy publishing.":
Code 32 BytesUnwrap lines Copy Download
1define('DISABLE_WP_CRON', true);
Save the changes to the wp-config.php file.
Set up a server-side cron job to run the wp-cron.php script at the desired interval. This can be done using the server's control panel or by editing the server's crontab file.
References:
For more information about this vulnerability, please refer to the following resources:
https://hackerone.com/reports/1888723
https://medium.com/@mayank_prajapati/what-is-wp-cron-php-0dd4c31b0fee
https://developer.wordpress.org/plugins/cron/
Fix Them
I have protected your company and saved it from a big loss so give me some appreciation Bounty Reward.
I am sharing my PayPal ID with you.
Paypal ID: trilokdhaked12345678@gmail.com
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
POC:
https://drive.google.com/file/d/1gnZQhkesAUR_CV_tru2y0__H8e3mTDxF/view?usp=sharing
https://drive.google.com/file/d/1zdsGsqT6kWuBKzWAQcP5iDy9z4bJR6ol/view?usp=sharing
Hello,
This is standard WordPress behaviour, so this is excluded from our bug bounty program.
DoS are also excluded from our bug bounty program.
Kind regards,
Cyril