WordPress Pingback Vulnerability

In het pingback-mechanisme van WordPress is een kwetsbaarheid ondekt (pingback.ping API van xmlrpc.php). Er zijn in ieder geval vier manieren bekend om dit te misbruiken, waarvan één zelfs kan leiden tot een distributed DoS (Denial of Service) aanval. Dit soort aanvallen staan bekend onder de noemer XSPA/SSRF (Cross Site Port Attack/Server Side Request Forgery). Bogdan Calin van Acunetix schrijft erover:

Recently somebody posted on Redit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature that’s used by a lot of bloggers.

WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. One of the methods exposed through this API is the pingback.ping method. With this method, other blogs can announce pingbacks. When WordPress is processing pingbacks, it’s trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog.

This can be abused in at least fours ways:

Lees verder bij Acunetix:
http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/