关联漏洞
标题:
WordPress 安全漏洞
(CVE-2017-5487)
描述:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress中的REST API实现过程中的wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php文件存在安全漏洞。远程攻击者可通过向wp-json/wp/v2/users发送请求利用该漏洞获取敏感信息。
描述
A PoC exploit for CVE-2017-5487 - WordPress User Enumeration.
介绍
# CVE-2017-5487 - WordPress User Enumeration
A vulnerability has been discovered in the REST API implementation of WordPress 4.7 before 4.7.1. This vulnerability is present in the class-wp-rest-users-controller.php file located in wp-includes/rest-api/endpoints. The flaw arises from inadequate restrictions placed on the listings of post authors, which can be exploited by remote attackers to acquire sensitive information through a wp-json/wp/v2/users request.
# Vulnerability Details
CVE ID: CVE-2017-5487
CVSS Score: 7.5 (High)
Affected Versions: WordPress 4.7 before 4.7.1
Attack Vector: Remote
Exploit Complexity: Low
Authentication: None required
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
Attack Type: Information Disclosure
# Exploitation
By leveraging this vulnerability, remote attackers can send a crafted HTTP request to the WordPress REST API, specifically targeting the /wp-json/wp/v2/users endpoint. Due to the inadequate restrictions in the class-wp-rest-users-controller.php file, the attacker can obtain sensitive information about the registered users of the WordPress site.
This information may include usernames, email addresses, user IDs, and other potentially confidential details. Attackers can exploit this vulnerability to gather intelligence for targeted attacks, such as user enumeration or social engineering.
# Mitigation
To mitigate the risks associated with this vulnerability, it is crucial to take the following steps:
Upgrade WordPress: If you are running a version of WordPress 4.7 before 4.7.1, upgrade to the latest version immediately. Ensure you are using a stable release of WordPress and follow the official upgrade instructions provided by the WordPress team.
Apply Security Patch: If upgrading is not immediately possible, consider applying the security patch provided by the WordPress community to address the specific vulnerability. This patch will help mitigate the information disclosure risk in the REST API.
Monitor for Suspicious Activity: Regularly monitor your website's access logs for any suspicious activity or unauthorized requests targeting the /wp-json/wp/v2/users endpoint. Implement logging and intrusion detection mechanisms to identify and block potential exploitation attempts.
Restrict Access to Sensitive Information: Evaluate your WordPress site's user roles and access privileges. Ensure that sensitive user information, such as email addresses, is not publicly exposed unless explicitly required. Implement appropriate access controls and permissions for user-related data.
Stay Updated: Stay informed about security advisories and updates from the WordPress community. Regularly check for new developments, patches, or workarounds related to this vulnerability. Engage with the WordPress security community to stay aware of emerging threats and best practices for securing your WordPress installation.
# Conclusion
The CVE-2017-5487 vulnerability in WordPress 4.7 before 4.7.1 exposes websites to potential information disclosure attacks through the REST API. Remote attackers can exploit this vulnerability to retrieve sensitive information about registered users. It is essential to promptly address this vulnerability by upgrading to the latest WordPress version or applying the provided security patch. By staying vigilant and keeping your WordPress installation secure, you can safeguard your website and protect user data from potential exploitation.
文件快照
[4.0K] /data/pocs/c0de0c973beee94499d291490041ad4c15aded91
├── [5.4K] CVE-2017-5487.py
└── [3.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。