Hack Wordpress Echosyst
Hack Wordpress Echosyst
Hack Wordpress Echosyst
Wordpress Ecosystem
About Me
• Online presence
– http://www.pentest.ro
– [email protected] / @DanCVASILE
About the talk
More numbers
About the talk
Finding Wordpress!
Scope
Scope
TO SCARE!!!!
Attacks on:
and TO REPAIR.
Focus on:
- Infrastructure
- Installation process
- Protective server side measures
- Protective client side measures
- Reviewing source code
- Maintenance
Wordpress Ecosystem
Infrastructure
Users
Base platform
Themes Plugins
Hacking the infrastructure
Physical security
Hacking the infrastructure
• Overflows
• DoS
• Remote command execution
• XSS in internal tools
• Security Misconfiguration
PHP vulnerabilities
• DoS
• Overflows
• Remote command execution
• SQL injection
• XSS
• Source code disclosure
• RFI
• CSRF
&more
Hacking the Wordpress platform
What is TimThumb?
A small php script for cropping, zooming and resizing web images (jpg,
png, gif). Perfect for use on blogs and other applications.
The problem!
“TimThumb” essentially, caches even remote files locally, without
doing any proper sanitization.
The easiest way to trick TimThumb into believing a remotely stored image
(that also contains evil PHP code) is an actual image (with timthumbcraft)
TimThumb hack
We’re IN!
Hacking the users
- Social engineering
- Phishing
- Exploiting bad habits
Let’s fix it
Short recap:
- Infrastructure
- Wordpress base platform
- Wordpress plugins
- Wordpress themes
- Users
Fixing the Infrastructure
INFRASTRUCTURE
THEMES
- Update
- Review the code
Fixing the plugins
PLUGINS
USERS
- Awareness
- Set user roles and give only the privileges they
need
- Log & audit user actions (ARYO Activity Log
plugin)
- Personal computer security
- Enforce the use of strong passwords (Minimum
Password Strength plugin)
Further actions
• WebsiteDefender
• Pingdom
• Change Detection
Further actions
My part:
- Establish the structure
- Contribute with content
Thank you!