Friday, 8 May 2015

WordPress bug exploit

Millions of websites running WordPress are at risk of hijacking attacks thanks to a vulnerability that is actively being exploited in the wild and is present in the default installation of the widely used content management system, security researchers warned Wednesday.

The cross-site scripting (XSS) vulnerability resides in genericons, a package that`s part of a WordPress theme known as Twenty Fifteen that`s installed by default, according to a blog post published Wednesday by security firm Sucuri. The XSS vulnerability is `DOM based,` meaning it resides in the document object model that`s responsible for how text, images, headers, and links are represented in a browser. The Open Web Application Security Project has much more about DOM-based XSS vulnerabilities here.

DOM-based XSS attacks require the target to click a malicious link, a limitation that greatly lowers their severity. Still, once an administrator takes bait while logged into a vulnerable WordPress installation, the attackers can gain full control of the site. Sucuri researcher David Dede wrote:


What is interesting about this attack is that we detected it in the wild days before disclosure. We got a report about it and some of our clients were also getting reports saying they were vulnerable.

In this proof of concept, the XSS printed a javascript alert, but could be used to execute javascript in your browser and take over the site if you are logged in as admin.

Anyone responsible for administering a WordPress site should check if it`s running the genericons package. If it is, they should immediately remove the example.html file that`s included with the package, or at the very least, make sure a Web application firewall or intrusion detection system is blocking access to it. Sucuri has notified almost a dozen Web hosts who have already virtually patched the security hole on the sites they host. The hosts include:

•GoDaddy
•HostPapa
•DreamHost
•ClickHost
•Inmotion
•WPEngine
•Pagely
•Pressable
•Websynthesis
•Site5
•SiteGround


Read original article

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)