WordPress Pingback Intranet scan and DDOS Vulnerability

Source: Internet
Author: User
Tags movable type

Release date:
Updated on: 2013-01-23

Affected Systems:
WordPress pingbacks <= 3.5
Description:
--------------------------------------------------------------------------------
Pingback is one of the three types of reverse links. It is a way to notify the author when someone links or steals the author's article. This allows the author to understand and track the links or reposted content. Some of the world's most popular blog systems, such as Movable Type, Serendipity, WordPress, and Telligent Community, all support the Pingback function, so that you can be notified when your article is reproduced and published.
 
WordPress has an xmlrpc API that can be accessed through the XMLRPC. php file. You can use the pingback. ping method. Remote attackers can use this function to scan Intranet hosts and distributed DOS attacks.
 
1. WordPress tries to parse the source URL. If the source URL host exists or not, different error messages are returned. Attackers can exploit this vulnerability to scan Intranet hosts. If these hosts exist in the internal network, attackers can use URLs similar to http: // subversion/or http: // bugzilla/or http: // dev/to for scanning.
2. If the source URL is successfully parsed, WordPress tries to connect to the port specified in the URL. Therefore, if an attacker uses the URL http: // subversion: 22/, WordPress tries to connect to the host on port 22. Whether or not the target port is open returns different values. Therefore, this function can be used to scan the host port on the Intranet of the target site.
3. This vulnerability can also be used for Distributed DOS attacks. Attackers can use a large number of blogs and the pingback function to attack a specified target URL.
4. WordPress also supports URL verification during the test. Attackers can use URLhttp: // admin: admin@192.168.0.1/changeDNS. asp? NewDNS = aaaa to reconfigure the internal router.
 
<* Source: Bogdan Calin (bogdan@acunetix.com)

Link: http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:
 
No official patch is available. Disabling pingbacks does not solve the problem. The WordPress development team said
Will be repaired as soon as possible. Before that, you can rename or delete the xmlrpc. php file.
1. Use network protection products related to lvmeng technology.
2. Be familiar with the use and updates of websites and various plug-ins managed by yourself, and patch all types of updates in a timely manner.
3. Pay attention to network security events.
 
Vendor patch:
 
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://wordpress.org/support/topic/what-is-pingback-or-ping-for

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.