Hi all I will tell you today the gap found on Wordpress. Although it may seem like a small open, shell installations can do a lot of damage to our site. We need to be careful about this.
Wordpress is the most widely used script in the world as you know it. It is generally based on all sites such as blog, News, magazine, corporate, and so on. This feature, which makes the wordattractive, has a lot of weakness.
With the latest update, CSRF weakness has occurred.
What is CSRF?
CSRF, which stands for Cross Site Reference forgery, is nowadays; The encoder is a security vulnerability that is caused by lack of coding information. This is caused by a code defect in the exposed software. This open is occurring continuously. There are different ways to close it.
How to find the CSRF Upload vulnerability in Wordpress?
First, you can list sites that will be affected by this vulnerability. You can notify these site owners if you want.
inurl:/wp-content/plugins/viral-optins/
by calling the code, you can list sites that will be affected by this vulnerability.
How do we tray the gap after finding these sites?
After the extension of the domain
/wp-content/plugins/viral-optins/api/uploader/file-uploader.php
We can follow the path to the address created by the hunger. If you came to this screen it means that your site also has a vulnerability in Wordpress csrf Upload.
How will you test it after you find the deficit?
In the code below, you write down the domain of the site that you think is the siteadresi.com writer. By opening this code in the new text document, we are saving. html
We can upload anything we want from this upload screen. Usually the photo is uploading, but attackers can hack our site by differentiating it. We have to be very careful about this.
How do I close this gap?
In fact, make sure this is updated to the latest versions of the plugins that you use fairly simply. Of course, the latest version of Wordpress must also be found. You can continuously track the latest versions from the WordPress.org site.
See you in a different article. :)
Posted on Utopian.io - Rewarding Open Source Contributors