PHP object injection is a serious security threat that can have devastating consequences for websites and web applications. In this guide, we’ll explore what PHP object injection is, how it works, and why it poses such a significant risk.
We’ll also provide practical examples and tips for preventing and mitigating these attacks. Understanding this vulnerability is crucial for developers, site administrators, and security professionals who want to keep their PHP applications secure.
Imagine waking up to find your website has been hacked overnight. It’s not a fun thing to picture and something no business ever wants to face. Thankfully, vulnerability scanning can act as a watchdog of sorts for your online presence.
But what exactly is vulnerability scanning? And how does it work to keep your website secure? Here, you’ll learn the essentials of vulnerability scanning to demystify the process and show you how this tool — and how Jetpack in particular — can protect your website from potential threats.
Safeguarding personal and business information is more crucial than ever. One common, yet often overlooked, vulnerability that can compromise this safety is password reuse. What seems like a simple solution for individuals using the same password across multiple accounts exposes people, and the companies and organizations connected with them, to significant risks.
This article explores the aspects of password reuse, why it remains prevalent, and effective strategies to mitigate the risk. We’ll discuss why it’s so vital to avoid reusing passwords and how adopting better security practices can protect us.
As a website owner, you’ve worked hard to develop your website and build your business. But, with Google issuing over three million safe browsing warnings a day, it’s clear that you have to be vigilant against the ever-present threat of malware.
A single malware infection can cripple your website, damage your reputation, and even steal your customers’ data. That’s why it’s essential to have a reliable malware scanner in place to help you spot an infection as soon as it happens, so you can take steps to secure your site and get it back up and running.
With so many malware scanners available, it can be challenging to know which one to choose. However, thanks to our comprehensive review of the best website malware scanners, you’ll be able to determine the right option for you.
Managing multiple WordPress sites can be stressful. With the average WordPress site running 22 plugins, it’s crucial that every vulnerability is accounted for. That’s why we’re thrilled to announce our partnership with MainWP, bringing you two new Jetpack extensions in the MainWP marketplace. With this new agreement in place, managing multiple WordPress sites has never been easier.
During an internal audit of the Slimstat Analytics and Paid Memberships Pro plugins, we uncovered two SQL Injection vulnerabilities that could allow low-privileged users like subscribers to leak sensitive information from a site’s database.
If exploited, the vulnerability could grant attackers access to privileged information from affected sites’ databases (e.g., usernames and hashed passwords).
We reported the vulnerabilities to the plugin’s authors, and they recently released Slimstat Analytics version 4.9.3.3 and Paid Memberships Pro version 2.9.12 to address them. We strongly recommend that you update affected plugins to their respective latest version, and have an established security solution on your site, such as Jetpack Security.
You learned about the importance of the .htaccess file in our blog post How to Access and Edit the Default WordPress .htaccess File. As you can imagine, an important file such as .htaccess can be a target for bad actors. In this article, we’ll point out cases and indicators of compromise that affect this file.
Recently our colleague Joshua Goode escalated to the Security Research team an investigation he was performing on several websites that presented the same indicators of compromise. There were small variations in what the final payload was, but the attack timeline was always the same.
Attack timeline
As Joshua initially pointed out and subsequently confirmed by me, the chain starts with the installation of the core-stab plugin, followed by other additional items. The following timeline depicts one of the many compromised sites we reviewed:
Jan 10, 2023 @ 17:29:49.587 UTC – Core stab plugin upload – /wp-admin/update.php?action=upload-plugin
Jan 10, 2023 @ 17:29:52.270 – /wp-content/plugins/core-stab/index.php
Jan 11, 2023 @ 02:12:50.773 – /wp-admin/theme-install.php?tab=upload
Jan 11, 2023 @ 03:37:58.870 – Another core-stab install
Jan 11, 2023 @ 04:15:06.014 – Installation of a new plugin, task-controller, /wp-content/plugins/task-controller/index.php
Jan 11, 2023 @ 08:23:26.519 – Installation of WP File Manager (Unsure if by attacker but this plugin is typical with a lot of malware)
The most common “coincidence” is that all users involved in this attack had their emails listed on at least one public password leak since 2019, which only corroborates the overall findings: the attacker(s) used compromised or leaked accounts to install the malware.
You can find more details on how the core-stab malware works, as well as detailed detection and blocking information for WP security experts, via WPScan.
Testing and validating our Proof-of-Concept for the malicious code.
What to do if my site was infected?
If you find the core-stab plugin installed on your site, the first thing you should do is remove it and then follow these next steps:
The premium version of the WordPress plugin 3DPrint is vulnerable to Cross Site Request Forgery (CSRF) and directory traversal attacks when the file manager functionality is enabled. These vulnerabilities allow an attacker to delete or get access to arbitrary files and directories on the affected sites, including sensitive files like the site configuration files, which again could lead to a full site takeover.
During WordCamp Europe 2022, we ran a WordPress Capture The Flag (CTF) competition across four challenges.
We wanted to introduce folks to the addictive world of CTF, and let people experience how security researchers approach bug hunting, such as looking for oddities in the code and combining them to do weird, sometimes counterintuitive things.
