Facebook Codepath Cybersecurity University
Time spent: 4 hours spent in total
Objective: Find, analyze, recreate, and document 3 affecting an old version of WordPress
- Stored XSS CVE-2015-3440
- Summary: There is a stored xss vulnerability in the comments section for a post.
- Vulnerability types: Stored XSS
- Tested in version: 4.2
- Fixed in version: 4.2.1
- Steps to recreate: The input worked to show this.
- Affected source code:
- [Link 1]
- DOM based XSS CVE-2017-9061
- Summary: Uploading a file beyond the max limit of 2MB gets wordpress to display the file name. If the file name has javascript in it, it will get run by the browser
- Vulnerability types: DOM based XSS
- Tested in version:4.2
- Fixed in version: 4.7.5
- Steps to recreate: On a linux machine (windows does not allow "<" or ">" characters in file names), upload an image exceeding 2MB with some javascript in the file name.
- Affected source code:
- [Link 1]
- Path traversal + path enumeration + file deletion/DOS
- Summary: When removing a plugin as an administrator there is an opening for path traversal which can lead to wordpress deleting arbitrary folders from within the public folder.
- Vulnerability types: Path traversal
- Tested in version: 4.2
- Fixed in version: 4.6
- Steps to recreate:
- Affected source code:
- https://www.cvedetails.com/vulnerability-list.php?vendor_id=2337&product_id=4096&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=273&sha=f7e9f236634d1e8f8f1588d8b60868d41a0af790
- https://www.exploit-db.com/exploits/36844/
- https://www.exploit-db.com/exploits/40288/
GIFs created with LiceCap.
Most of my challenges came from trying to get the wpdistillery to work. First, my main laptop seemed to lack any virtualization so I had to find a computer I could use that would run the needed VM's. I also had problems accessing posts I made until changing some settings on how paths for posts are made. Once technical difficulties were handled the assignment went smoothly and it was fun researching how to do these exploits.
Copyright 2018 Noah Newdorf
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.