Saotn.org

WordPress Pingback Vulnerability

WordPress Pingback Vulnerability

In het pingback-mechanisme van WordPress is een kwetsbaarheid ondekt (pingback.ping API van xmlrpc.php). Er zijn in ieder geval vier manieren bekend om dit te misbruiken, waarvan één zelfs kan leiden tot een distributed DoS (Denial of Service) aanval. Dit soort aanvallen staan bekend onder de noemer XSPA/SSRF (Cross Site Port Attack/Server Side Request Forgery). Bogdan Calin van Acunetix schrijft erover:

Recently somebody posted on Redit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature that’s used by a lot of bloggers.

WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. One of the methods exposed through this API is the pingback.ping method. With this method, other blogs can announce pingbacks. When WordPress is processing pingbacks, it’s trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog.

This can be abused in at least fours ways:

Lees verder bij Acunetix:
http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/

 

 


Sysadmins of the North
About The Author
My name is Jan Reilink. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing his daily thing at Vevida Services in the Netherlands. With over 10 years of experience, my specialties include Windows Server (2003, 2008 and 2012), Windows 7, IIS (6.0, 7.5 and 8.0), Linux (CentOS, Debian), PHP, websites, optimization and security. More about me @ www.reilink.nl.

 

There are no comments yet, but you can be the first

Search & find

Custom Search
About Sysadmins of the North

Hi and welcome to Sysadmins of the North!
Sysadmins of the North is just another technical blog. Just like so many others out there. Most posts are written in English, some in Dutch. On Saotn.org you can find all kinds of computer, server, web, sysadmin, database and security related stuff.

About me: My name is Jan Reilink. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing his daily thing at Vevida Services in the Netherlands. Living in the north of the Netherlands, so hence the name Sysadmins of the North :-)
Drop me a comment somewhere or send an email to say hi, or discuss about security, website or WordPress, performance, Windows or IIS topics.

Support Saotn.org

If you feel that Sysadmins of the North has helped solve your problem, saved you time, or you just simply like Saotn.org, then please consider making a donation. Thanks! :)

IT Books & WP Themes

Windows PowerShell Cookbook: The Complete Guide to Scripting Microsoft\'s Command Shell
DNS and BIND - 5th Edition
DNSSEC Mastery: Securing the Domain Name System with BIND
Windows Server 2012 Unleashed
Enfold - Responsive Multi-Purpose WordPress Theme
Striking MultiFlex & Ecommerce Responsive WordPress Theme

 

The Sysadmins of the North network

Just for the fun of it, Sysadmins of the North is hosted on mulitple servers:

  1. one (shared) Windows Server 2012, IIS 8.0 webserver running PHP 5.5
  2. one (shared) MySQL database server, running MariaDB 5.5
  3. one Varnish Cache HTTP reverse proxy with Nginx Droplet, for offloaded static content, running Debian 7.0 @ DigitalOcean
Easy share

Share this post easy on:
RSS feed
If you like Saotn.org:
donate to Sysadmins of the North
Twitter Feed

What's happening, right now, around Saotn.org?


Bad Authentication data
Copyright © 2007-2014 Saotn.org . Design by OrangeIdea