Shulou(Shulou.com)06/01 Report--

Recently, wordpress has exposed a high-risk website vulnerability, which can forge code for remote code execution, obtain the administrator's session and obtain cookies values. The vulnerability is caused by the article comment function enabled by wordpress by default, which does not carry out detailed security filtering and interception of comment parameters, resulting in the ability to bypass security detection, directly submit html tags, and write XSS code to CSRF cross-site forgery attacks. Many foreign trade promotion sites done at Google lead to jump to other sites.

The vulnerability of this website affects a wide range, killing almost all wordpress blog sites, and systems less than version 5.1.1. According to SINE security statistics, millions of websites are affected by vulnerabilities both at home and abroad.

Let's make a detailed analysis of the loopholes in the site. Wp officials have specifically used wpnonce security mechanism to consider the security of the comment function. For some html tags, Class A html tags will be intercepted. As can be seen from the code, the overall security filtering interception is still good, and general JS addresses cannot be inserted into comments. Let's take a look at the filtering code:

The above code shows that when a user makes a comment, POST will send parameters, then wp_filter-kses is responsible for filtering illegal parameters, and the general html tag will be blocked, and only the A tag in the whitelist will be allowed to insert comments. The root of the problem is that wp's whitelist mechanism can cause malicious code to be written into comments. We will know when we understand the whole process of comments. We construct the constructor by concatenating double quotes, and then make comments. The system automatically removes some special code, resulting in normal insertion of double quotes into the code. Malicious code is successfully constructed. The premise of the vulnerability is that administrators need to be tempted to read the comment, and then move the mouse over the comment, which will lead to the occurrence of the wordpress vulnerability, and the website will be hacked, tampered with and hijacked. It is troublesome to deal with, you need to find out where its virus files are and then delete them, some of them are hidden and difficult to find, or they are added to the code, and it is not easy to find a Trojan horse in the code. If you are familiar with your own website, but not your own, it is recommended to find a professional website security company to deal with the problem of website tampering, such as Sinesafe, Green League security service providers that specialize in website security to help.

After analyzing the loophole, we found that it takes certain conditions to exploit the loophole. If you comment on your own article without any security interception, you can write it casually. Therefore, when commenting, it is also required that the article written by the administrator can take advantage of the loophole. Generally speaking, the security mechanism of wordpress is still very good, but the authority of a webmaster also requires detailed permission filtering. Can not operate anything, rights security to maximize in order to avoid the occurrence of vulnerabilities, wordpress vulnerability repair, you can log in to the background of the WP system for version updates, online automatic repair vulnerabilities.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.