maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update wordpress.md

Browse Source
This commit is contained in:
SirBroccoli 2025-08-13 16:52:29 +02:00 committed by GitHub
parent 3ccc2ea6f2
commit 3232db3321
1 changed files with 0 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/network-services-pentesting/pentesting-web/wordpress.md
View File

@ -555,13 +555,6 @@ Issues introduced by this snippet:
```
The response discloses the result of the injected query or alters the database, proving SQLi.
#### Hardening checklist
* Enforce **type validation** (`is_numeric()` for integers).
* Escape with **`esc_sql()`** or, even better, use **`$wpdb->prepare()`**.
* Treat *nonce-only* endpoints as **privileged** add `current_user_can()` / `is_user_logged_in()` where appropriate.
---
### Unauthenticated Arbitrary File Download / Path Traversal (WP Job Portal <= 2.3.2)
@ -587,14 +580,6 @@ curl -G https://victim.com/wp-admin/admin-post.php \
```
The server responds with the contents of `wp-config.php`, leaking DB credentials and auth keys.
#### Hardening checklist
* Sanitize filenames with helpers such as `sanitize_file_name()` or a custom `wpJP_clean_file_path()` that strips `../` & `./`.
* Make sure the **resolved path stays inside** the intended upload directory (`realpath()` + prefix check).
* Restrict the action to **authenticated roles** and validate the nonce.
---
## References
- [Unauthenticated Arbitrary File Deletion Vulnerability in Litho Theme](https://patchstack.com/articles/unauthenticated-arbitrary-file-delete-vulnerability-in-litho-the/)