2. WHAT IS XSS(CROSS-SITE
SCRIPT)
XSS Attacks are a type of injection, where code is
submitted to a web applications database through means
of an input field on a web application. If the web
application does not practice proper code sanitization
techniques, an attacker can post malicious code to the
database, then execute the code without authorization.
3. WHAT ARE SQL INJECTIONS?
SQL injections are similar to XSS, except the main
difference is instead of posting malicious code to the
database to be executed, it is the attempt to manipulate
queries that are used by the web application to
communicate with the database. If the attacker can get an
error response, then that usually means that the query
was possibly manipulated, and further changes could be
made to retrieve information from the database without
authorization.
4. USING XSS AND SQL INJECTIONS TOGETHER
XSS can be used to inject code such as javascript and php. These two languages are
capable of sending SQL queries to the database, so if an XSS attack is successful, the
attacker can have an easy backdoor from the front-end to manipulate data on the
database. Opening the door for one of these attacks can be used to open the door for
the other.
5. 70% OF ALL WEBSITES USE PHP AND MYSQL
According to W3Techs, a majority of websites online use php and mysql
6. 41% OFF ALL WEBSITES USE WORDPRESS
According to W3Techs, almost half of all websites online use WordPress
7. HOW SECURE IS WORDPRESS?
WordPress uses code sanitization techniques to prevent
XSS and SQL injections from taking place. The core web
application is secure and almost all attacks are exploited
by taking advantage of third-party themes and plugins.
8. EXPERIMENT
Using SQLMap vulnerability scanner to attempt XSS and SQL
injection attacks on a sandbox Linux VM with WordPress installed
VM Specs:(Latest Releases)
CentOS Linux
PHP
MySQL(MariaDB)
Apache(httpd)
WordPress
SQLMap(Parrot Security) command:
Sqlmap –u ‘http://192.168.56.103/?p=1#comments’ –tables –
tamper=space2comment –level=3
9. EXPERIMENT RESULTS
SQLMap was unable to find any vulnerabilities, the code
sanitization techniques that WordPress uses was able to
either omit part of the queries and codes or post them
into comments as plain-text.
10.
11. HISTORICAL ARCHIVE
In April of 2021, an SQLi vulnerability was discovered
using an exploit found in PHPMailer, a service that
WordPress uses to send notifications and activation
emails. The vulnerability allowed attackers to bypass the
code sanitization techniques to successfully execute
malicious code onto the WordPress application.
12. USING THEMES AND PLUGINS
The biggest threat to WordPress security is using third-
party themes and plugins.
It is advised to do research on any themes and plugins
before implementing them.
13. CONCLUSION: IS WORDPRESS SECURE?
If the web server and all its dependencies are all up to date along with the latest
release of WordPress, then YES, the core installation of WordPress is not currently
vulnerable to XSS and SQLi attacks. It is important to be cautious on using third-party
plug-ins as many of them can become vulnerable and compromise your wordpress
site.
14. CONCLUSION: OTHER ATTACK VECTORS
There are still brute force attacks and other attack vectors that can take place to
compromise a WordPress installation, using weak usernames and passwords can
almost certainly open the door to attackers. Having proper security practices will
ultimately determine the security of any WordPress installation.