Trying to Find a Bug in WordPress
I stumbled over some WordPress code involving caching. Immediately I had this idea about MD5 collision and how this could affect the implemented logic. I started going down a rabbit hole exploring the feasibility and eventually setting up a PHP debug environment. Only to realize that the idea was flawed from the start. So while this ends up being failed security research, we still learn a lot along the process.
Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)
Support these videos: https://liveoverflow.com/support/
---
get_page_by_path: https://developer.wordpress.org/reference/functions/get_page_by_path/
Hash Collision Overview: https://github.com/corkami/collisions#fastcoll-md5
MD5 Collision Demo: https://www.mscs.dal.ca/~selinger/md5collision/
Is there an ASCII only MD5 hash collision? https://twitter.com/LiveOverflow/status/1664280653519810563
Wordpress docker image with xdebug: https://github.com/wpdiaries/wordpress-xdebug
Debugging wordpress with xdebug: https://www.wpdiaries.com/wordpress-with-xdebug-for-docker/
What is a Server? https://www.youtube.com/watch?v=VXmvM2QtuMU
---
Chapters:
00:00 - Intro
00:36 - Finding the Research Topic
03:03 - Dumb Ideas Are NOT a Problem
03:40 - "What happens with a MD5 Hash Collision?"
04:38 - MD5 Hash Collision Feasibility
09:25 - WordPress Development Environment
11:18 - Debugging PHP
12:57 - Configuring xdebug
14:42 - Realizing the Research Idea was Flawed
15:58 - What we learned from the failed research
17:10 - hextree.io
17:47 - Outro
=[ ❤️ Support ]=
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ 🐕 Social ]=
→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Trying to Find a Bug in WordPress канала LiveOverflow
Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)
Support these videos: https://liveoverflow.com/support/
---
get_page_by_path: https://developer.wordpress.org/reference/functions/get_page_by_path/
Hash Collision Overview: https://github.com/corkami/collisions#fastcoll-md5
MD5 Collision Demo: https://www.mscs.dal.ca/~selinger/md5collision/
Is there an ASCII only MD5 hash collision? https://twitter.com/LiveOverflow/status/1664280653519810563
Wordpress docker image with xdebug: https://github.com/wpdiaries/wordpress-xdebug
Debugging wordpress with xdebug: https://www.wpdiaries.com/wordpress-with-xdebug-for-docker/
What is a Server? https://www.youtube.com/watch?v=VXmvM2QtuMU
---
Chapters:
00:00 - Intro
00:36 - Finding the Research Topic
03:03 - Dumb Ideas Are NOT a Problem
03:40 - "What happens with a MD5 Hash Collision?"
04:38 - MD5 Hash Collision Feasibility
09:25 - WordPress Development Environment
11:18 - Debugging PHP
12:57 - Configuring xdebug
14:42 - Realizing the Research Idea was Flawed
15:58 - What we learned from the failed research
17:10 - hextree.io
17:47 - Outro
=[ ❤️ Support ]=
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ 🐕 Social ]=
→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Trying to Find a Bug in WordPress канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03Live Hacking - Internetwache CTF 2016 - web50, web60, web80LiveOverflow Channel Trailerformat2 on a modern Ubuntu - bin 0x26Deepdive Containers - Kernel Sources and nsenterWhat is a Protocol? (Deepdive)Riscure Embedded Hardware CTF setup and introduction - rhme2 SolderingTCP Protocol introduction - bin 0x1AXSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020Finding 0day in Apache APISIX During CTF (CVE-2022-24112)File Path Race Condition & How To Prevent It - bin 0x31VPNs, Proxies and Secure Tunnels Explained (Deepdive)Exploit Fails? Debug Your Shellcode - bin 0x2BNew to Linux? Need Help Understanding Shell Commands?HACKERSPACES ARE AWESOME!Fuzzing Browsers for weird XSS VectorsUnderstanding C Pointer Magic Arithmetic | Ep. 07Solving Pwnable CTF Challenge With Docker WorkflowThe fakeobj() Primitive: Turning an Address Leak into a Memory CorruptionThe HTTP Protocol: GET /test.html - web 0x01What is a Browser Security Sandbox?! (Learn to Hack Firefox)