Jump to content

  • twitter
  • youtube

Welcome to UPES - Tech Community | Dehradun


Sign In 

Create Account
Welcome to UPES - Tech Community | Dehradun, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of UPES - Tech Community | Dehradun by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
  • Online chat support - 24/7 for your queries,engage with others.
 

Toggle %s About US

UPES - Tech Community helps the students to find study materials for different engineering specialties like mechanical, civil, electrical, computer science and electronics etc.The community is also sharing the year wise question papers of UPES, Dehradun and even comprised up with latest technology aspects, news, events, tutorials and various types of digital gadget reviews.

Photo

Millions of websites at risk, as WordPress high-level security flaw discovered

upestech ddos papers 2017

  • Please log in to reply
No replies to this topic

#1 ilLuSion

ilLuSion

    Founder

  • Founder
  • 823 posts
  • 43 thanks
  • LocationDream World

Posted 06 May 2017 - 03:51 AM

If you are running a website of any size there is a chance that you are using WordPress, the most popular CMS with largest market share by far (more than 27% of the internet). All versions of WordPress, including the latest version 4.7.4 are vulnerable to a high-level security flaw. The vulnerability (CVE-2017-8295) was discovered by Polish security researcher Dawid Golunski last year in July and reported it to the WordPress security team multiple times, but in an absence of a serious action, he decided to disclose it.

 

Screen-Shot-2017-05-05-at-08.57.03.png

WordPress has a password reset feature that uses untrusted data by default when creating a password reset e-mail that is supposed to be delivered only to the e-mail associated with the owner’s account.

The “SERVER_NAME” variable that is responsible for getting the hostname of the server in order to create a From/Return-Path header of the outgoing password reset email can be modified, an attacker could change it to an arbitrary domain of his choice.

Not all web servers allow the modification of the hostname via “SERVER_NAME” header, major web servers such as Apache by default set the “SERVER_NAME” variable using the hostname supplied by the client (within the HTTP_HOST header).

Dawid Golunski said that the attacker can send a spoofed HTTP request with a predefined custom hostname value (for example attacker-mxserver.com) which would result in WordPress setting the $from_email to the attacker domain name which is
[email protected]
instead of
[email protected]
and thus result in an outgoing email with From/Return-Path set to this malicious address.

Since there is no any available patch from the WordPress company, Golunski has suggested enabling “UseCanonicalName” on Apache to enforce a static SERVER_NAME value.







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



Discussion | Topics
Community Guidance
Useful Resources
Connect With Us

Copyright © 2018 UPES - Tech Community | Dehradun. All Rights Reserved.