WordPress Pingback Intranet scan and DDOS Vulnerability

Release date:
Updated on: 2013-01-23

Affected Systems:
WordPress pingbacks <= 3.5
Description:
--------------------------------------------------------------------------------
Pingback is one of the three types of reverse links. It is a way to notify the author when someone links or steals the author's article. This allows the author to understand and track the links or reposted content. Some of the world's most popular blog systems, such as Movable Type, Serendipity, WordPress, and Telligent Community, all support the Pingback function, so that you can be notified when your article is reproduced and published.
 
WordPress has an xmlrpc API that can be accessed through the XMLRPC. php file. You can use the pingback. ping method. Remote attackers can use this function to scan Intranet hosts and distributed DOS attacks.
 
1. WordPress tries to parse the source URL. If the source URL host exists or not, different error messages are returned. Attackers can exploit this vulnerability to scan Intranet hosts. If these hosts exist in the internal network, attackers can use URLs similar to http: // subversion/or http: // bugzilla/or http: // dev/to for scanning.
2. If the source URL is successfully parsed, WordPress tries to connect to the port specified in the URL. Therefore, if an attacker uses the URL http: // subversion: 22/, WordPress tries to connect to the host on port 22. Whether or not the target port is open returns different values. Therefore, this function can be used to scan the host port on the Intranet of the target site.
3. This vulnerability can also be used for Distributed DOS attacks. Attackers can use a large number of blogs and the pingback function to attack a specified target URL.
4. WordPress also supports URL verification during the test. Attackers can use URLhttp: // admin: admin@192.168.0.1/changeDNS. asp? NewDNS = aaaa to reconfigure the internal router.
 
<* Source: Bogdan Calin (bogdan@acunetix.com)

Link: http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:
 
No official patch is available. Disabling pingbacks does not solve the problem. The WordPress development team said
Will be repaired as soon as possible. Before that, you can rename or delete the xmlrpc. php file.
1. Use network protection products related to lvmeng technology.
2. Be familiar with the use and updates of websites and various plug-ins managed by yourself, and patch all types of updates in a timely manner.
3. Pay attention to network security events.
 
Vendor patch:
 
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://wordpress.org/support/topic/what-is-pingback-or-ping-for