a few security issues
play

A few security issues to takeover 34% of all websites Johannes - PowerPoint PPT Presentation

Aug 14, 2023 •259 likes •643 views

A few security issues to takeover 34% of all websites Johannes Dahse, PHP.RUHR 2019 Dortmund, Germany, 08.11.2019 1 Intro Johannes Dahse Former CTF addict Security Consultant RIPS open source, static analysis for PHP security Ph.D. Static

  1. A few security issues to takeover 34% of all websites Johannes Dahse, PHP.RUHR 2019 Dortmund, Germany, 08.11.2019 1

  2. Intro Johannes Dahse Former CTF addict Security Consultant RIPS open source, static analysis for PHP security Ph.D. Static Code Analysis @ Ruhr-University Bochum Co-Founder RIPS Technologies GmbH (since 2016) 2

  3. 3

  4. Usage of content management systems, W3Techs Why WordPress? 500 KLOC PHP (+55.000 plugins) RoR WordPress is used by 34.5% of the top 1M websites WordPress has a CMS market share of 61.2% ~240M unique domains = ~80M WordPress sites Python ~40M hosted on wordpress.com whitehouse.gov, Bloomberg, NBC, CNN, BBC, NYTimes 4

  5. Roadmap Pre-Auth Exploit authenticated functionality 5

  6. CVE-2019-9787 WordPress < 5.1.1 CSRF to Stored XSS 6

  7. Cross-Site Request Forgery (CSRF) Comment via CSRF is a feature for trackbacks and pingbacks, but most HTML tags and attributes are stripped 7

  8. Cross-Site Request Forgery (CSRF) attacker.com 8

  9. XSS filter bypass 9

  10. XSS filter bypass <a rel="rips" title='XSS " onmouseover=evilCode() id=" '> 10

  11. XSS filter bypass <a rel="rips" title='XSS " onmouseover=evilCode() id=" '> <a rel="rips" title= "XSS " onmouseover=evilCode() id=" ' "> 11

  12. Exploit Regular comment (filter_kses) 12

  13. Exploit Regular comment (filter_kses) mysuperblog.com 13

  14. Exploit Regular comment (filter_kses) mysuperblog.com Admin comment via CSRF <a rel="rips" title= "XSS " onmouseover=evilCode() id=" ' "> (filter_post_kses) 14

  15. Roadmap Pre-Auth Exploit authenticated functionality 15

  16. CVE-2018-12895 WordPress < 4.9.7 File Delete to RCE 16

  17. Second-Order File Delete 17

  18. Second-Order File Delete 18

  19. Video: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/ 19

  20. Roadmap Pre-Auth Exploit authenticated functionality 20

  21. CVE-2019-8942 CVE-2019-8943 WordPress < 5.0.1 PT & LFI to RCE 21

  22. Modify Post Meta Data _wp_attached_file 22

  23. Modify Post Meta Data _wp_attached_file _wp_page_template : Loads template file from /template/ dir No way to upload malicious template file 23

  24. Image Crop Look for file in uploads/ directory Or try to fetch file via HTTP 24

  25. File Resolving 25

  26. File Resolving evil.jpg?/../../template/evil.jpg 26

  27. Modify Post Meta Data - File Inclusion 27

  28. evil.jpg include ( 'templates/evil.jpg' ); 28

  29. Video: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ 29

  30. Imagick does not crop image exif meta data, GD does strip exif meta data when cropping Bonus: CVE-2019-6977 PHP GD Extension Buffer Overflow 30

  31. Roadmap Pre-Auth Exploit authenticated functionality 31

  32. WP Plugins Advent Calendar 32

  33. WordPress Security Advent Calendar Critical bugs in 16 most-used plugins 21 million total active installations 8x WooCommerce (4M active installs) 33

  34. WordPress.org Stored XSS Worm 34

  35. Plugin Repository WP Plugin SVN 35

  36. Stored XSS <script>worm()</script> → XSS worm can add a new user as committer to this plugin, who then infects the version again, and adds a backdoor to the plugin 36

  37. Thank you! blog.ripstech.com Advent calendar 2019 announced soon! johannes@ripstech.com / @FluxReiners 37

Recommend

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS ROCK CK S STEVENS, KEVIN HALLIDAY, MICHELLE MAZUREK // UNIV IVERSIT ITY O OF M MARYLAND JOSIAH DYKSTRA, JAMES CHAPMAN, ALEX FARMER //

290 views • 27 slides
Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

LASER Workshop 2020 Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards Rock Stevens , Kevin Halliday, Michelle Mazurek / / University of Maryland Josiah Dykstra, James Chapman, Alexander F armer

345 views • 22 slides
Identifying Security Issues Identifying Security Issues in the Retail Payments System Evolution

Identifying Security Issues Identifying Security Issues in the Retail Payments System Evolution

Identifying Security Issues Identifying Security Issues in the Retail Payments System Evolution of Payments System Fraud David A Poe - Director David A. Poe - Director June 5, 2008 Fraud has moved from amateurs operating locally to

80 views • 6 slides
CS 410/510: Web Security Motivation Security issues are having a real impact 2016

CS 410/510: Web Security Motivation Security issues are having a real impact 2016

CS 410/510: Web Security Motivation Security issues are having a real impact 2016 election Stuxnet Snowden F-35 fighter Bangladesh heist Problem Example: Russian 2016 election hacking Influence election via fake news

556 views • 20 slides
Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in 16 January 2002 Security Issues in Mobile Agents 1 Overview of the Talk The Mobile Agent Paradigm Security Threats and Counter Measures

587 views • 24 slides
Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS

Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS

Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 18 Page 1 CS 236 Online Outline Routing security DNS security Lecture 18 Page 2

556 views • 31 slides
System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 2) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Outline Part1. Bugs in File Systems Semantic inconsistency

1.27k views • 115 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 1) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Speaker: Byoungyoung Lee ( ) Research areas:

1.47k views • 106 slides
Social Security Disability Program s: SSDI and SSI Overview and Current Issues Scott Szymendera

Social Security Disability Program s: SSDI and SSI Overview and Current Issues Scott Szymendera

Social Security Disability Program s: SSDI and SSI Overview and Current Issues Scott Szymendera Congressional Research Service July 2 2 , 2 0 1 0 SOCIAL SECURITY DISABILITY Social Security Supplemental Security Disability Insurance Income

291 views • 13 slides
Harry &amp; Maes Inc Client Presentation; Security Issues and Recommendations Presented by:

Harry &amp; Maes Inc Client Presentation; Security Issues and Recommendations Presented by:

Harry &amp; Maes Inc Client Presentation; Security Issues and Recommendations Presented by: Angel Hooper, IT Security Consultant February 19, 2017 CYBR 650 Summary Due to a data breach, impacting 25,000 customers, Harry &amp; Maes has

618 views • 34 slides
Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from

Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from

2015/10/30 Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and

397 views • 13 slides
Issues of food security in South Africa and FAOs role in eradication of food insecurity and

Issues of food security in South Africa and FAOs role in eradication of food insecurity and

Issues of food security in South Africa and FAOs role in eradication of food insecurity and malnutrition Pulses and Food Security Discussion Forum 2-3 June 2016 Kempton Park, Gauteng Presented by Dr Tobias Takavarasha, FAO Representative,

490 views • 14 slides
Women, Peace and Security in the Asia Pacific: Issues

Women, Peace and Security in the Asia Pacific: Issues

Women, Peace and Security in the Asia Pacific: Issues and Challenges Kamala Chandrakirana Canberra, November 2013 What is the WPS agenda and how

418 views • 24 slides
Security in the age of social media Exploring the benefits and security risks Please note the

Security in the age of social media Exploring the benefits and security risks Please note the

Sponsored by Security in the age of social media Exploring the benefits and security risks Please note the audio line will remain silent until 5 minutes before the webcast commences. Join our expert panel to discuss your security issues

481 views • 24 slides
IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant CERT-MU | National Computer Board OUTLINE The Internet of Insecure Things New Devices, New Security Challenges IOT Specific Security Issues

302 views • 27 slides
Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery cryptosystems Computer Security Designing secure protocols February 10, 2003 Basic protocols Key exchange Lecture 8 Lecture 8 Page 1 Page

148 views • 10 slides
IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction

IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016 Outline Introduction to WLCG &amp; IPv6 IPv6 security &amp; threats IPv6 protocol attacks Issues for site network &amp; security teams Issues for sys admins

501 views • 34 slides
Legal Issues about Metadata: Data Privacy vs Information Security Manuel Munier 1 V. Lalanne 1

Legal Issues about Metadata: Data Privacy vs Information Security Manuel Munier 1 V. Lalanne 1

Legal Issues about Metadata: Data Privacy vs Information Security Manuel Munier 1 V. Lalanne 1 P.Y. Ardoy 2 M. Ricarde 3 1 LIUPPA Universit e de Pau et des Pays de lAdour Mont de Marsan, France (IT security) 2 CRAJ Universit e de Pau

521 views • 34 slides
Stadium &amp; Event Security James A. De Meo M.S. Security Management Professional Paris

Stadium &amp; Event Security James A. De Meo M.S. Security Management Professional Paris

Stadium &amp; Event Security James A. De Meo M.S. Security Management Professional Paris Stadium Bombing Objectives: Student will gain knowledge about Security and Safety Issues facing the Sports and Entertainment Industry today.

594 views • 24 slides
Trends and Issues in Household Economic Security JASON BROWN U.S. DEPARTMENT OF THE TREASURY

Trends and Issues in Household Economic Security JASON BROWN U.S. DEPARTMENT OF THE TREASURY

Trends and Issues in Household Economic Security JASON BROWN U.S. DEPARTMENT OF THE TREASURY OFFICE OF ECONOMIC POLICY Outline of Remarks Trends in household economic security Two key moments of financial decision-making in the life cycle

513 views • 20 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Food Security Issues as a Key Element in the Solution of Socio- Economic Problems of the

Food Security Issues as a Key Element in the Solution of Socio- Economic Problems of the

Food Security Issues as a Key Element in the Solution of Socio- Economic Problems of the Country Izzatullo Sattori Minister of Agriculture Republic of Tajikistan Sector Context Largest share of the population over 70% residing in the

504 views • 11 slides

More recommend