Breaking into a WordPress site without knowing WP/PHP or InfoSec at all
#1
I just read a very interesting article about someone's procedure for hacking into their college's website that happened to use Wordpress. I totally would recommend the read!



Article: https://notehub.org/5zo2v

Abstract:

"This is a post about how I tried and broke into my college's wordpress installation without having any prior knowledge of wordpress/php and without any experience with hacking web-servers. The attempts were spread out over a month, but effectively totaled a day maybe. I learned a lot of things while doing the research part which accounted to most of my time, though. Here I'd share some of the relevant details and how I went along doing this."
Reply
#2
(05-29-2016, 09:11 PM)D/L Wrote: I just read a very interesting article about someone's procedure for hacking into their college's website that happened to use Wordpress. I totally would recommend the read!



Article: https://notehub.org/5zo2v

Abstract:

"This is a post about how I tried and broke into my college's wordpress installation without having any prior knowledge of wordpress/php and without any experience with hacking web-servers. The attempts were spread out over a month, but effectively totaled a day maybe. I learned a lot of things while doing the research part which accounted to most of my time, though. Here I'd share some of the relevant details and how I went along doing this."

Very interesting read we have here, I was reading about security of WordPress and some exploits and came across with this thread. It was a nice read, it just describes me! I have never worked much with php.
Reply
#3
Most exploits I've done on WordPress and Drupal sites are from misconfiguration and can easily be found by stumbling onto them and understanding the value of the data.

For example one client didn't disable the entity token help page for anon users making it so I could in theory have an in-depth understanding of how all of their data is stored, which could be used to steal the company's internal workflow or know what fields might be useful for stealing etc.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] PHP CGI exploit Insider 0 559 06-16-2020, 11:34 AM
Last Post: Insider
  is my site secure from common hacking? mhiats37 1 2,262 05-11-2019, 03:03 AM
Last Post: misfit
  Enumerate WP Plugins Without WPScan ashen 2 3,430 03-09-2018, 02:30 AM
Last Post: ashen
  hacking a pc on a network without physical access 4n0nz3r0 4 3,978 03-08-2018, 09:03 PM
Last Post: 4n0nz3r0