WordPress REST API vulnerability has been exploited, tens of thousands of websites have been tampered with

February 11, 2017 16:59:52 information safety comment eight hundred and eight

In WordPress 4.7.0 and 4.7.1, there is an unauthorized vulnerability in the REST API. In the past two days, hackers have used REST API vulnerabilities to launch attacks on WordPress websites and edited 1.5 million pages with 39000 domain names. The vulnerability allows an attacker to send a simple HTTP request, bypass the authentication system, and edit the title and content of WordPress web pages. It only affects WordPress v4.7.0 and 4.7.1. The security company Sucuri reported on Monday that 67000 WordPress pages have been altered by this method, but the number of pages edited in the past two days has exploded, and attacks continue. The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

This vulnerability has been fixed in WordPress v4.7.2 released last month, which does not prevent the site from being tampered with by hackers. The corrupt fish reminds webmasters to backup and upgrade Wordpress to the latest version as soon as possible. The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

WordPress REST API The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

First, let's briefly introduce the use of REST API. The introduction given by Wordpress Think Tank is as follows: The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

WordPress is moving towards becoming a full stack application framework, and we need new APIs. So the WordPress JSON REST API project was born. The purpose of this project is to create a framework that is easy to use, easy to understand, and well tested to create these APIs. At the same time, it also creates APIs for the WordPress core. The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

This plug-in (WordPress JSON REST API (WP API)) provides an easy-to-use REST API, allowing us to obtain simple and convenient JSON format data through HTTP, including users, articles, classifications, etc. Obtaining or updating data is very simple. You only need to send an HTTP request. The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

Please refer to REST API Handbook for details The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

https://developer.wordpress.org/rest-api/ The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

WordPress 4.7.1 Ultra vires Vulnerability Analysis The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

Before using the API to operate the article, you need to authorize the operation. There are three authorization methods: cookie, oauth, and simple authentication. If you modify the article directly through the API without authorization, a 401 will be returned, as shown in the following figure The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

Wordpress REST API vulnerability has been exploited and tens of thousands of websites have been tampered with The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

If you want to successfully exploit the vulnerability, you must bypass the permission management, that is, bypass the update_item_permissions_check() module to make its final return true. The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

If the url we input is in this form The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

http://192.168.3.112/wordpress/index.php/wp-json/wp/v2/posts/1/?id=1grq The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

The return value of the get_post() function must be null, which will make the $post value null. Looking back at the update_item_permissions_check() function, the return value of the update_item_permissions_check() function is actually true! The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

WordPress 4.7.1 unauthorized vulnerability exploitation The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

At present, some researchers have given corresponding poc on GitHub. The link is as follows The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

WordPress 4.7.1 Ultra vires Vulnerability Patch The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

The unauthorized vulnerability of WordPress 4.7.1 has not been avoided. Please upgrade to WordPress 4.7.2 as soon as possible. Wordpress has completely fixed this vulnerability in version 4.7.2. If get_post() determines that the result of $post is false, it returns $post directly to prevent $post from entering the lower level if to bypass the permission check. The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

Wordpress REST API vulnerability has been exploited and tens of thousands of websites have been tampered with The article originates from the fallen fish- https://www.duoluodeyu.com/2409.html

How many common questions do you know about the new safety law in the knowledge contest of Chaigong Bao's safety production month in 2022 Practical Information

How many common questions do you know about the new safety law in the knowledge contest of Chaigong Bao's safety production month in 2022

Chaigong Bao, 2022 Safety Production Month Knowledge Contest, how many questions to know in the new safety law database Download: Baidu online disk (extraction code: rp3d) FAQ: 1 When employees find an emergency that directly endangers personal safety, they have the right to stop operations or withdraw from the workplace after taking possible emergency measures
June 14, 2022 one hundred and eighteen information safety share comment
Prompt when logging in to the official website of the state management provident fund: insufficient or mismatched permissions Bank payment

Prompt when logging in to the official website of the state management provident fund: insufficient or mismatched permissions

When logging on the official website of the State owned provident fund, we often encounter the following errors: transaction failure reference code: 900020 Error description: insufficient or mismatched permissions This is because the online service system of the State owned provident fund website is provided by China Construction Bank, so the State owned provident fund website
September 28, 2021 30,251 information safety Beijing bank for economic construction comment
anonymous

Comment

Anonymous netizens Fill in information

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

determine