Professional Documents
Culture Documents
WORDPRESS
-Contents –
3. CVE-2019-17669 : Solution
-WordPress is a free and open source ‘Content Management System’, which is written in
PHP language. It forms a semi backend of a website and can be paired with database
systems like MariaDB, Postgresql, etc. It has wide array of plugins, themes and widgets
which are helpful in developing. The availability of the WordPress is easy as user need
not pay for the basic functionalities of the software but the hosting providers are needed
for the application of enhanced features of the software. This includes the subscription
charges for the software (Trunde & Weippl, 2015).
-Originally, WordPress was used just for (static) Blogging or ‘blog-publishing system’
but it has now evolved to support other Web phenomena such as Forums, Media-
galleries, Membership platforms, and more like a platform management system for
learning (Cao et al., 2019).
-Since, high quality code has been included in the software which make it as one of the
best available SEO (Search Engine Optimization). This tends to improvise the visibility
of the relevant searches over the network. The SEO specifically for WordPress is helpful
in optimization of the website in effectful manner.
-With the secure platforms and plug-ins there are chances that websites are protected
from different attacks. It is not easy for the intruders to access the data of the website
PAGE 1
because of availability of security mechanism. The protection against the threats needs to
be provided by the brute force attacks.
- Different media types like YouTube videos, Instagram photos, Tweets, and Soundcloud
can be brought into existence with the general pasting of the URL in post editor
(Fernandes & Vidyasagar, 2015). This enhances the different methods of eCommerce
through which popularity related to the business can be increased easily.
-Many online tutorials are being provided to the users so that better development
guidelines can be provided to the users. This has made easier for users to make use of the
WordPress in effective and positive manner. Thus, the awareness related to the
WordPress can be enhanced and better communication can be provided by the developers
between the clients
Themes allow users/us to change the appearance i.e. feel and look of the
WordPress website without actually manipulating the backend code or site content
completely. At least one is required to run a WordPress website. Any WordPress theme
should be built with a valid PHP, HTML and CSS standard. Themes can be directly
installed through the wp-admin dashboard or theme file may be directly copied into
themes directory. The themes are helpful in providing the technical support in such
manner that fast as well as comprehensive answers to the different problems is being
provided by the software. The themes compatibility with the WordPress is helpful in
regular updates and vulnerable as well as malicious attacks are avoided (Eshkevari et al.,
2014). The responsive design is helpful in enhancing the popularity of the website and
the responsive features helps the websites to gain more attention. It provides the unique
attributes to the different users which enhances their experience and provide different
look and feel for every website created through the WordPress. But the uniqueness
feature is provided to the premium members which pay for the services of the software.
PAGE 2
Plugins are the most important asset of a WordPress site. Plugin allows users to
extend the features of a website to support some more additional functionalities.
wordpress.org itself has over 58000 plugins, each made to achieve a specific task. There
are also some third-party plugins, which can be installed in a WordPress site. The biggest
benefit that can be achieved through WordPress plugins is the content that is needed for
SEO can be optimized easily which enhances the availability of the website for earning
profits. The integrated automated email marketing can be achieved by the company or the
users as this plugin itself displays the link of the website on different pages. It has
become easier for the companies to reach their potential users and spend additional
resources on the marketing (Ruohonen, 2019). The regular backups are being obtained by
the users without adding extra efforts by simply implementing the plugin. This backup
facility has enhanced the popularity of WordPress as it is helpful in enhancing the
capability of website. The membership areas can be created by the plugins which can
store the information of clients and get them accessed easily when ever needed. The live
chats can be added to the website through which companies can directly communicate
with their customers are resolve their problems on priority. The contact forms help to
acquire required information from the users.
1 ) An Example blog :
PAGE 3
2 ) Website management dashboard ( Admin) :
3 ) User Management :
PAGE 4
4 ) Themes :
PAGE 5
CVE-2019-17669: A Brief Description
WordPress before version 5.2.4 has a Server Side Request Forgery (SSRF). The CVE is
helpful in providing standardized identifier so that vulnerability and exposure. This
allows the quick access information about problem that exist across the different
information sources. CVE helps to provide the better organizational security tools. This
helps to enhance the interoperability which has made it easy to enhance the security
algorithms of the company. Different codes can be developed using PHP so that security
can be enhanced and solution for various attacks can be enhanced. The reference method
can be used under CVE to enhance the properties of security (Ruohonen, 2019).
Here, the vulnerability occurs because URL validation does not consider the
interpretation of a ‘name’ as a hex characters.
Here is the following PHP test code which was vulnerable to this SSRF attack:
else {
$ip = gethostbyname( $host );
if ( $ip === $host ) { // Error condition for gethostbyname()
# $ip = false;
return false;
}}
If take a look into the above code, the commented part was vulnerable, because the ip
variable was assigned as ‘false’ once the condition appears to be true.
PAGE 6
This is an important type of vulnerability which affects/deals with an Application’s server
side. Here, the server is made to perform a request on its own behalf to itself or any other
host. The server side request forgery is a webs security vulnerability through which it is
allowed for an attacker to induce the server side application so that HTTP requests are
made for an arbitrary domain.
Eg. http://xyz.com/?u=http://othersite.com/image.png
Now, a Malicious attacker can manipulate this such that the server fetches its own host,
and request a path (Gupta & Gola, 2016).
So, http://xyz.com/?u=0.0.0.0/admin/dashboard/password.json
The whitelisting of DNS name and IP address needs to be accessed by the application as
this can prevent the SSRF attack. The whitelist and blacklist are helpful in providing the
relevant data and is important for validating the input. Their exist blind SSRF
vulnerabilities that are helpful in inducing to issue a HTTP at back end and HTTP request
is made so that URL can be supplied. The response from the backend is not viewed by
the user which enhances the issues for the website and users. The web application that
causes the user’s web browser to perform an undesired action can be authenticated by the
user.
PAGE 7
The WordPress Admin dashboard consists of many input parameters, one of them being
the name parameter for host.
So, there are many attack vectors unlocked after this one step. Now further attack can be
improved/narrowed down by performing eg. Port scanning by using http://0.0.0.0:8080
and determining the response time to see if the port is open or not, etc.
Hence, once our payload URL was supplied, the ‘ip’ variable was assigned to this ,
hence the server fetches its own path.
CVE-2019-17669 : Solution
Since the vulnerability was in the main backend PHP code itself, a security patch update
was released right after the vulnerability was privately reported.
WordPress also released the new version (5.2.4) which fixed various bugs including our
current SSRF vulnerability (Anderl et al., 2019).
https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92
e2120ea
PAGE 8
As we can see, extra validation is applied to the gethostbyname(); function.
Once the function detects that its IP is equal to its hostname, it immediately returns a
false condition, there by adding a certain level of security measure by validating the URL
.
This CVE is all about URL validation, and how a small attack can be chained to certainly
a Devastating vulnerability. Gaining an SSRF vulnerability which certainly results a
PAGE 9
response (unlike blind SSRFs) helps this bug to increase its Impact more, and is likely to
compromise the whole System.
Effectiveness of CVE-2019-17669 :
As we discussed above, this CVE (for WordPress versions below 5.2.4) is likely to affect
the system. Hence, the Management teams are required to update the version to or above
5.2.4 which totally mitigates this vulnerability.
This CVE has a Score of 9.8 which is Critical. Hence the particular Input parameter (In
our case, ‘name’ parameter) should be thoroughly tested for multiple cases including :
SSRFs through URL encoding, Decimal encoding, Hexadecimal encoding, etc. which
resolve to localhost or similar destination host vector. They record the CVE list for the
common identifiers of the vulnerabilities and attacks which can have better advantages
over the reanalysis and final decisions related to the website development and attacks are
altered (Vu et al., 2020). The cybersecurity has obtained more importance as URL
validation does not consider the interpretation of the name as series of different hex
characters. Any Input Parameter which deals/fetches or requests a URL is likely to be
vulnerable to SSRF attack, which leads to our final discussion.
Our final result or conclusion based on this CVE is how input parameters are handled,
how they are processed and in case when they are compromised, how strong can the
Impact be ?
This CVE assures us that more the input parameters which process the user’s input value,
the more they are likely vulnerable to one or multiple vulnerabilities. Hence, for our
current SSRF context, a test case should be enumerated on multiple test parameters and
should be thoroughly discovered for further investigation. The future malware can exploit
the system to greater extent and need to obtain the attention of the developers and CVE-
2019-17669 can provide number of benefits by protecting the data from being breached
PAGE 10
and interpretation can be made (Moreira et al., 2021). The interpretations helps the
systems to protect from different attacks in the future.
PAGE 11
References
Anderl, C., Li, G., & Chen, F. (2019). Oral contraceptive use in adolescence predicts
lasting vulnerability to depression in adulthood. Journal Of Child Psychology
And Psychiatry, 61(2), 148-156. https://doi.org/10.1111/jcpp.13115
Cao, L., Ying Ou, J., & Chinaei, A. (2019). ENHANCING THE WORDPRESS
SYSTEM:FROM ROLE TO ATTRIBUTE-BASED ACCESS
CONTROL. International Journal Of Network Security & Its
Applications, 11(03), 01-19. https://doi.org/10.5121/ijnsa.2019.11301
Eshkevari, L., Antoniol, G., Cordy, J., & Di Penta, M. (2014). Identifying and locating
interference issues in PHP applications: the case of WordPress. Proceedings Of
The 22Nd International Conference On Program Comprehension - ICPC 2014.
https://doi.org/10.1145/2597008.2597153
Gupta, J., & Gola, S. (2016). Server Side Protection against Cross Site Request Forgery
using CSRF Gateway. Journal Of Information Technology & Software
Engineering, 6(3). https://doi.org/10.4172/2165-7866.1000182
Moreira, L., de Brito, M., & Kobiyama, M. (2021). Review article: A systematic review
and future prospects of flood vulnerability indices. Natural Hazards And Earth
System Sciences, 21(5), 1513-1530. https://doi.org/10.5194/nhess-21-1513-2021
PAGE 12
Trunde, H., & Weippl, E. (2015). WordPress security. Proceedings Of The 17Th
International Conference On Information Integration And Web-Based
Applications & Services. https://doi.org/10.1145/2837185.2837195
Vu, P., Nguyen, T., & Nguyen, T. (2020). Fuzzy Multi-intent Classifier For User
Generated Software Documents. Proceedings Of The 2020 ACM Southeast
Conference. https://doi.org/10.1145/3374135.3385300
PAGE 13