Friday, August 17, 2018

Your Wordpress site could be at risk

Using Wordpress for your website? Your site could be at risk.

The risk of unserializing attacker-controlled data in PHP has been well known since Stefan Essar first presented the issue in detail in 2009[1]. This topic is closely associated with similar vulnerabilities in other languages (see CWE-502[2] and CWE-915[3]). Recent years have also seen several vulnerabilities in the native code implementing unserialization (CVE-2017-12934, CVE-2017-12933, CVE-2017- 12932 et al.) further demonstrating the risk of exposing unserialization to attacker-controlled data. 

This paper will present a novel attack technique specific to PHP which can cause unserialization to occur in a variety of exploitation scenarios. The technique can be used when an XXE vulnerability occurs, as well as such circumstance that would typically be considered an SSRF vulnerability and in a number of other scenarios where the vulnerability would previously have been considered an information disclosure issue.