Wednesday, 3 February 2016

Reverse engineering recently patched Wordpress

On the topic of the recent Wordpress update (see https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release) I was asked an interesting question which was ‘how to test/exploit’ the patched vulnerabilities? (namely the SSRF one)

Since this seems to be an scenario where Wordpress has not released the details, one way to do it is to diff the current release with the previous one

Depending on the technology, this can be really hard (C++ patches requiring IDA Pro foo) or doable (.NET, Java, PHP)

Assuming that Wordpress is not distributed in compiled PHP (http://stackoverflow.com/questions/1408417/can-you-compile-php-code) this could be as simple as doing a file diff (it will depend on how many changes where made in the current release)

And how to perform this diff?

Use Git :)

Just:

  1. install previous version
  2. commit all files
  3. install upgrade (which in Wordpress can be done via the web interface)
  4. review changed files (it might be useful to commit files that clearly are not related to the issue)

1 comment:

Jon K Smith said...

Reverse engineering mean the reproduction of another manufacturer products following the detailed examination of its construction or composition. If you need the best engineers for reverse engineering then you can contact Onsite 3D. Because they have the most qualified engineers for reverse engineering.