A severe WordPress vulnerability which has been left a year without being patched has the potential to disrupt countless websites running the CMS, researchers claim. At the BSides technical cybersecurity conference in Manchester on Thursday, Secarma researcher Sam Thomas said the bug permits attackers to exploit the WordPress PHP framework, resulting in a full system compromise.
If the domain permits the upload of files, such as image formats, attackers can upload a crafted thumbnail file in order to trigger a file operation through the "phar://" stream wrapper.
In turn, the exploit triggers eXternal Entity (XXE — XML) and Server Side Request Forgery (SSRF) flaws which cause unserialization in the platform’s code. While these flaws may only originally result in information disclosure and may be low risk, they can act as a pathway to a more serious remote code execution attack.
The security researcher says the core vulnerability, which is yet to receive a CVE number, is within the wp_get_attachment_thumb_file function in /wpincludes/post.php and when attackers gain control of a parameter used in the "file_exists" call," the bug can be triggered.
Unserialization
Source: https://managewp.org/articles/17756/severe-vulnerability-exposes-wordpress-websites-to-attack
source https://williechiu40.wordpress.com/2018/08/16/severe-vulnerability-exposes-wordpress-websites-to-attack/
No comments:
Post a Comment