WordPress とセキュリティについてかんがえる #wpshinshu / 2019-05-25 Shinshu WordPress Meetup vol.13

WordPress ͱηΩϡϦ
ςΟʹ͍͔ͭͯΜ͕͑Δ
Toro_Unit @Shinshu WP Meetup
vol.12
1

View Slide

$ whoami
2

View Slide

Toro_Unit
઎෦ ߛ (͏Β΂ ͻΖ͠)
• Frontend Engineer
• WordPress Plugin and Theme
Developer
Github: @torounit
Twitter: @Toro_Unit
3

View Slide

ʮηΩϡϦςΟʯʹ͍ͭͯߟ͑Α͏ͱ͍͏͜ͱͰ
4

View Slide

ͳΜ͔ͯ͠·͢ʁηΩϡϦςΟରࡦ
5

View Slide

࠷௿ݶ
• WordPress ͷ࠷৽൛Λ࢖͏ɻ
• ࣗಈߋ৽͕ಈ࡞͢ΔΑ͏ʹɻ
• ࠷৽൛ͷςʔϚͱϓϥάΠϯΛ࢖͏ɻ
6

View Slide

WordPress ͷ΁ͷ߈ܸ͋Ε͜Ε
Ҿ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़৘ใ | ιϑτ΢ΣΞWAFͷJP-Secure
7

View Slide

• ຊମ΁ͷ߈ܸͱ͍͏ͷ͸࣮͸গͳ͍ɻ
• ϓϥάΠϯɾςʔϚ΁ͷ߈ܸ͕6ׂ௒ɻ
8

View Slide

/wp-content/themes/urbancity/lib/scripts/
download.php?file=../../../../../wp-config.php
/wp-content/themes/trinity/lib/scripts/
download.php?file=../../../../../wp-config.php
/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php
/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php
/wp-content/themes/lote27/download.php?download=../../../wp-config.php
/wp-content/themes/authentic/includes/download.php?
file=../../../../wp-config.php
/wp-content/plugins/membership-simplified-for-oap-members-only/
download.php?download_file=.././.././.././wp-config.php
/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?
download_file=../../../wp-config.php
Ҿ༻ݩɿJP-Secure Labs Report Vol.03 | ٕज़৘ใ | ιϑτ΢ΣΞWAFͷJP-
Secure
9

View Slide

ެࣜϨϙδτϦͷϓϥάΠϯͰ΋੬ऑੑͷใࠂ͕࠷ۙ͋Γ·͠
ͨɻ
ใࠂ೔ ର৅ͷϓϥάΠϯ Πϯετʔϧ਺ όʔδϣϯ ੬ऑੑ
2019/03/15 Easy WP SMTP 40ສ݅௒ 1.3.9Ҏલ ؅ཧऀ΁ͷಛݖঢ֨
2019/03/21 Social Warfare 6ສ݅௒ 3.5.2Ҏલ XSSʢ֨ೲܕʣɺ೚
ҙίʔυͷ࣮ߦ
2019/03/30 Yuzo Related Posts 6ສ݅௒ 5.12.91Ҏલ XSSʢ֨ೲܕʣ
2019/04/09 Visual CSS Style
Editor
3ສ݅௒ 7.1.9Ҏલ ؅ཧऀ΁ͷಛݖঢ֨
WordPressϓϥάΠϯΛૂ͏߈ܸ͕׆ൃԽ͍ͯ͠Δ݅Λ·ͱΊͯΈͨ - piyolog
10

View Slide

Πϯετʔϧ਺͕ଟ͍ != ҆શ
• ͻͱͭͷج४ʹ͸ҧ͍ͳ͍͚Ͳɺ҆શੑɾ඼࣭Λอূ͢Δج
४Ͱ͸ͳ͍ɻ
11

View Slide

ϓϥάΠϯ 10 બʂΈ͍ͨͳهࣄΛӏವΈʹ͠ͳ͍ɻ
12

View Slide

• ඞਢϓϥάΠϯͳͲͳ͍ʂ
• ඞਢϓϥάΠϯͳΜͯॻ͍ͯΔਓͷ৘ใ͸౰ͯʹͳΒΜɻ
13

View Slide

ςʔϚͷબͼํ
14

View Slide

• αϙʔτ͸େৎ෉ʁ
• ༗ྉ != ඼࣭ɻ඼࣭ʹ΋͍Ζ͍Ζ͋Δɻ
15

View Slide

• ςʔϚʹಉࠝ͞Ε͍ͯΔϑΥʔϜϓϥάΠϯ͕Ξοϓσʔτ
͞Εͣɺ߈ܸ͞ΕΔͱ͍͏ࣄྫɻ
• ༗ྉςʔϚʹ߈ܸίʔυ͕ࠞೖ͍ͯͨ͠έʔε΋ɻ
16

View Slide

ͱΓ͋͑ͣɺWordPress.org ܝࡌͷςʔϚʹ͓ͯ͘͠ͷ͕ແ೉ɻ
• ͜͜ʹܝࡌ͢Δʹ͸ɺςʔϚͷϨϏϡʔΛ௨ա͢Δඞཁ͋Γɻ࠷௿ݶͷ඼࣭
ʢ҆શੑɾ૬ޓӡ༻ੑʣ͸୲อ͞Ε͍ͯΔ
• Ծʹ༗ྉςʔϚΛങ͏ͳΒɺhttps://ja.wordpress.org/themes/commercial/
ʹܝࡌ͞Ε͍ͯΔϞϊɺແྉ൛ͳͲΛɺWP.org ʹܝࡌ͍ͯ͠Δ࡞ऀͷϞϊ
Λ͓͢͢Ί͠·͢ɻ
• Snow Monkey
• Lightling
• LIQUID PRESS
• etc...
17

View Slide

GPL
• ແอূ
• ࣗ༝ͳෳ੡ɾվมɾ൦෍͕ڐՄ
• ίϐʔϨϑτ
18

View Slide

݁ہͷॴɺ࡞ऀͱͷ͓෇͖߹͍
• ΋͘͠͸શͯࣗ࡞ɻ(ϋʔυϞʔυ)
• ʮܧଓ͓ͯ͠෇͖߹͍͍͚ͯ͠Δ͔Ͳ͏͔ʁʯʮܧଓͨ͠α
ϙʔτʯ͸ྑ͍બఆج४ɻ
19

View Slide

• https://wptavern.com/pluginvulnerabilities-com-is-
protesting-wordpress-org-support-forum-moderators-by-
publishing-zero-day-vulnerabilities
• https://www.jp-secure.com/tech/jpsecure-labs/report03/
• https://piyolog.hatenadiary.jp/entry/2019/04/17/183000
• https://capitalp.jp/2017/01/18/sucuri-2016q3/
• https://blog.tokumaru.org/2019/04/Wordpress-Visual-CSS-
Style-Editor-privilege-escalation.html?spref=tw
20

View Slide

Thanks!
Github: @torounit
Twitter: @Toro_Unit
Facebook: fb.me/torounit
Blog: https://torounit.com
21

View Slide

WordPress とセキュリティについてかんがえる #wpshinshu / 2019-05-25 Shinshu WordPress Meetup vol.13

WordPress とセキュリティについてかんがえる #wpshinshu / 2019-05-25 Shinshu WordPress Meetup vol.13

Toro_Unit (Hiroshi Urabe)

More Decks by Toro_Unit (Hiroshi Urabe)

Other Decks in Technology

Featured

Transcript