Th3 Core
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
Home
Help
Search
Recent Topics
Login
Register
Th3 Core
»
Why We Are Here
»
Web Development
»
Anatomy of a Wordpress hack (Elementory Vulnerability)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Anatomy of a Wordpress hack (Elementory Vulnerability) (Read 2292 times)
ergophobe
Inner Core
Hero Member
Posts: 9279
Anatomy of a Wordpress hack (Elementory Vulnerability)
«
on:
May 28, 2020, 07:03:48 PM »
Lots of detail and a video showing how to take over a site
https://www.wordfence.com/blog/2020/05/the-elementor-attacks-how-creative-hackers-combined-vulnerabilities-to-take-over-wordpress-sites/
Short version
- use plugin A registration vulnerability to create a user on a site that normally does not allow registration
- use plugin B to upload a custom icon zip file with a backdoor in it
- use backdoor to access site, clean up tracks, create a new backdoor by replacing the xmlrpc.php file.
This would be super easy to achieve right now on a site that had not been patched
Logged
Print
Pages: [
1
]
« previous
next »
Th3 Core
»
Why We Are Here
»
Web Development
»
Anatomy of a Wordpress hack (Elementory Vulnerability)