Secure Coding With Wordpress (BarCamp Orlando 2009)
•
7 j'aime•1,143 vues
Slightly modified version of my Secure Coding with WordPress presentation for BarCamp Orlando 2009.
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Secure Coding With Wordpress (BarCamp Orlando 2009)
Similaire à Secure Coding With Wordpress (BarCamp Orlando 2009) (20)
Plus de Mark Jaquith
Plus de Mark Jaquith (13)
Dernier
Dernier (20)
Secure Coding With Wordpress (BarCamp Orlando 2009)
- 1. Secure Coding with WordPress Mark Jaquith markjaquith.com coveredwebservices.com
- 2. XSS privilege shell execution escalation CSRF SQL injection
- 4. Mostly miss
- 6. <?php $wpdb->query( quot;UPDATE $wpdb->posts SET post_title = '$newtitle' WHERE ID = $my_idquot; ); ?>
- 7. <?php $newtitle = $wpdb->escape( $newtitle ); $my_id = absint( $my_id ); $wpdb->query( quot;UPDATE $wpdb->posts SET post_title = '$newtitle' WHERE ID = $my_idquot; ); ?>
- 9. <?php $wpdb->update( $wpdb->posts, array( 'post_title' => $newtitle ), array( 'ID' => $my_id ) ); ?>
- 10. $wpdb->insert()
- 11. <?php $wpdb->insert( $wpdb->posts, array( 'post_title' => $newtitle ) ); ?>
- 12. <?php $wpdb->update( $wpdb->posts, array( 'post_title' => $newtitle, 'post_content' => $newcontent ), array( 'ID' => $my_id, 'post_title' => $old_title ) ); ?>
- 13. <?php $post_title = 'New Title'; $wheres['ID'] = 123; $wheres['post_title'] = 'Old Title'; $wpdb->update( $wpdb->posts, compact( 'post_title' ), $wheres ); ?>
- 14. $wpdb->prepare()
- 15. <?php $title = 'Post Title'; $ID = 123; $content = $wpdb->get_var( $wpdb->prepare( quot;SELECT post_content FROM $wpdb->posts WHERE post_title = %s AND ID = %dquot;, $title, $ID ) ); ?>
- 16. •Uses sprintf() formatting •%s for strings •%d for integers •You should not quote or escape
- 17. Escape late
- 18. XSS
- 20. <?php $title = '<script> pwnage(); </script>' ?> <h1> <?php echo $title; ?> </h1>
- 21. Anything that isn’t hardcoded is suspect
- 24. <?php $title = '<script> pwnage(); </script>' ?> <h1> <?php echo wp_specialchars( $title ); ?> </h1>
- 25. <?php $title = 'quot; onmouseover=quot;pwnd();'; ?> <a href=quot;#wordcampquot; title=quot; <?php echo wp_specialchars( $title ); ?> quot;> Link Text </a>
- 27. <?php $title = 'quot; onmouseover=quot;pwnd();'; ?> <a href=quot;#wordcampquot; title=quot; <?php echo attribute_escape( $title ); ?> quot;> Link Text </a>
- 28. <?php $url = 'javascript:pwnage();'; ?> <a href=quot; <?php echo attribute_escape( $url ); ?> quot;> Link Text </a>
- 29. clean_url()
- 30. <?php $url = 'javascript:pwnage();'; ?> <a href=quot; <?php echo clean_url( $url ); ?> quot;> Link Text </a>
- 32. js_escape()
- 33. CSRF
- 34. Authorization vs. Intention
- 36. Nonces action-, object-, user-specific time limited secret keys
- 37. Specific to •WordPress user •Action attempted •Object of attempted action •Time window
- 38. wp_nonce_field()
- 41. <?php // before output goes to browser check_admin_referer('plugin- action_object'); ?>
- 42. Still need to use current_user_can()
- 43. AJAX CSRF
- 44. • wp_create_nonce( 'your_action' ); • &_ajax_nonce=YOUR_NONCE • check_ajax_referer( 'your_action' );
- 48. Stupid shit I see all the time
- 49. exec()
- 51. Thank you!