Shinshu WordPress Meetup vol.13 登壇資料です。
WordPress ͱηΩϡϦςΟʹ͍͔ͭͯΜ͕͑ΔToro_Unit @Shinshu WP Meetupvol.121
View Slide
$ whoami2
Toro_Unit෦ ߛ (͏Β ͻΖ͠)• Frontend Engineer• WordPress Plugin and ThemeDeveloperGithub: @torounitTwitter: @Toro_Unit3
ʮηΩϡϦςΟʯʹ͍ͭͯߟ͑Α͏ͱ͍͏͜ͱͰ4
ͳΜ͔ͯ͠·͢ʁηΩϡϦςΟରࡦ5
࠷ݶ• WordPress ͷ࠷৽൛Λ͏ɻ• ࣗಈߋ৽͕ಈ࡞͢ΔΑ͏ʹɻ• ࠷৽൛ͷςʔϚͱϓϥάΠϯΛ͏ɻ6
WordPress ͷͷ߈ܸ͋Ε͜ΕҾ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़ใ | ιϑτΣΞWAFͷJP-Secure7
• ຊମͷ߈ܸͱ͍͏ͷ࣮গͳ͍ɻ• ϓϥάΠϯɾςʔϚͷ߈ܸ͕6ׂɻ8
/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php/wp-content/themes/lote27/download.php?download=../../../wp-config.php/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php/wp-content/plugins/membership-simplified-for-oap-members-only/download.php?download_file=.././.././.././wp-config.php/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.phpҾ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़ใ | ιϑτΣΞWAFͷJP-Secure9
ެࣜϨϙδτϦͷϓϥάΠϯͰ੬ऑੑͷใࠂ͕࠷ۙ͋Γ·ͨ͠ɻใࠂ ରͷϓϥάΠϯ Πϯετʔϧ όʔδϣϯ ੬ऑੑ2019/03/15 Easy WP SMTP 40ສ݅ 1.3.9Ҏલ ཧऀͷಛݖঢ֨2019/03/21 Social Warfare 6ສ݅ 3.5.2Ҏલ XSSʢ֨ೲܕʣɺҙίʔυͷ࣮ߦ2019/03/30 Yuzo Related Posts 6ສ݅ 5.12.91Ҏલ XSSʢ֨ೲܕʣ2019/04/09 Visual CSS StyleEditor3ສ݅ 7.1.9Ҏલ ཧऀͷಛݖঢ֨WordPressϓϥάΠϯΛૂ͏߈ܸ͕׆ൃԽ͍ͯ͠Δ݅Λ·ͱΊͯΈͨ - piyolog10
Πϯετʔϧ͕ଟ͍ != ҆શ• ͻͱͭͷج४ʹҧ͍ͳ͍͚Ͳɺ҆શੑɾ࣭Λอূ͢Δج४Ͱͳ͍ɻ11
ϓϥάΠϯ 10 બʂΈ͍ͨͳهࣄΛӏವΈʹ͠ͳ͍ɻ12
• ඞਢϓϥάΠϯͳͲͳ͍ʂ• ඞਢϓϥάΠϯͳΜͯॻ͍ͯΔਓͷใͯʹͳΒΜɻ13
ςʔϚͷબͼํ14
• αϙʔτେৎʁ• ༗ྉ != ࣭ɻ࣭ʹ͍Ζ͍Ζ͋Δɻ15
• ςʔϚʹಉࠝ͞Ε͍ͯΔϑΥʔϜϓϥάΠϯ͕Ξοϓσʔτ͞Εͣɺ߈ܸ͞ΕΔͱ͍͏ࣄྫɻ• ༗ྉςʔϚʹ߈ܸίʔυ͕ࠞೖ͍ͯͨ͠έʔεɻ16
ͱΓ͋͑ͣɺWordPress.org ܝࡌͷςʔϚʹ͓ͯ͘͠ͷ͕ແɻ• ͜͜ʹܝࡌ͢ΔʹɺςʔϚͷϨϏϡʔΛ௨ա͢Δඞཁ͋Γɻ࠷ݶͷ࣭ʢ҆શੑɾ૬ޓӡ༻ੑʣ୲อ͞Ε͍ͯΔ• Ծʹ༗ྉςʔϚΛങ͏ͳΒɺhttps://ja.wordpress.org/themes/commercial/ʹܝࡌ͞Ε͍ͯΔϞϊɺແྉ൛ͳͲΛɺWP.org ʹܝࡌ͍ͯ͠Δ࡞ऀͷϞϊΛ͓͢͢Ί͠·͢ɻ• Snow Monkey• Lightling• LIQUID PRESS• etc...17
GPL• ແอূ• ࣗ༝ͳෳɾվมɾ൦͕ڐՄ• ίϐʔϨϑτ18
݁ہͷॴɺ࡞ऀͱͷ͓͖߹͍• ͘͠શͯࣗ࡞ɻ(ϋʔυϞʔυ)• ʮܧଓ͓͖ͯ͠߹͍͍͚ͯ͠Δ͔Ͳ͏͔ʁʯʮܧଓͨ͠αϙʔτʯྑ͍બఆج४ɻ19
• https://wptavern.com/pluginvulnerabilities-com-is-protesting-wordpress-org-support-forum-moderators-by-publishing-zero-day-vulnerabilities• https://www.jp-secure.com/tech/jpsecure-labs/report03/• https://piyolog.hatenadiary.jp/entry/2019/04/17/183000• https://capitalp.jp/2017/01/18/sucuri-2016q3/• https://blog.tokumaru.org/2019/04/Wordpress-Visual-CSS-Style-Editor-privilege-escalation.html?spref=tw20
Thanks!Github: @torounitTwitter: @Toro_UnitFacebook: fb.me/torounitBlog: https://torounit.com21