.png)
4 months ago
33 BOOK THIS SPACE FOR AD
ARTICLE ADHello Bug Hunters! You have probably clicked after the title, in this blog I am going to tell you about a bug that is present in almost 80% of the websites using WordPress as a CMS for their websites. Many few people know about this bug, and today I am going to explain it to you! Stay Tuned!
Introduction:
WordPress is the most used CMS (Content Management System) in the world, about 43% websites on the entire Internet use it as their CMS. Due to it’s easy to use User Interface and other features such as plugins make it the world’s most used CMS, especially for beginners.
There are plenty of misconfigurations that users don’t pay attention to when using WordPress, and one of these is wp-cron.php.
What is wp-cron.php:
WordPress uses a wp-cron.php file, located in the root directory of a website, as a virtual cron job. It’s a scheduled task to automate processes like WordPress core update checks, Plugin update checks, Theme update checks, Publishing of scheduled posts, etc.
And obviously sending mass requests to wp-cron.php will result in a destruction if it is not configured properly.
How to find it?
To find it, firstly you have to verify if the target website uses WordPress as a CMS. For this purpose, use a extension called Wappalyzer, it will tell all the technologies the site uses in one click.
Download Wappalyzer for Chrome/Firefox.
After you verified that your site uses WordPress, enter “/wp-cron.php” after the URL of the target site.
If the site shows blank white page, congrats you got it half there!
Now send a curl request to the target site.
curl -I https://target.com/wp-cron.phpIf the HTTP Status Code is 200, congrats you found this bug!
If it is not 200, then the developers have probably configured it.
How to exploit it?
Now you found the vulnerability, the next step is to exploit it so that your bug report stands out and get triaged.
To exploit it, we will use a GitHub tool called doser.go.
Install it:
go build doser.goNow, send 9999 or more requests to the vulnerable wp-cron.php file.
./doser -t 9999 -g 'https://target.com/wp-cron.php'Now observe the site’s behaviour by reloading it. It will probably get slow and return errors.
If the site becomes slow or unresponsive, that means the site is vulnerable to Uncontrolled Resource Consumption through misconfigured wp-cron.php file.
Impact:
If successful, this misconfigured wp-cron.php file can cause lots of damage to the site, such as:
Potential Denial of Service (DoS) attacks, resulting in unavailability of the application.Server overload and increased resource usage, leading to slow response times or application crashes.Potential data loss and downtime of the site.Hackers can exploit the misconfiguration to execute malicious tasks, leading to security breaches.How to prevent it?
To prevent it, simply disable wp-cron.php.
Add the following to your wp-config.php file just before the line that reads "That's all, stop editing! Happy blogging."
define('DISABLE_WP_CRON', true);Note: This prevents it from running on page load but does not affect direct calls to wp-cron.php.
Reporting this Bug:
If you successfully found and exploited the misconfigured wp-cron.php file, report it to the site’s owner or on their HackerOne or BugCrowd page.
Most of the times this vulnerability will be accepted if the program is not triaged by BugCrowd or HackerOne itself.
This vulnerability lies in the “Uncontrolled Resource Consumption” weakness.
Bengali (Bangladesh) · 
English (United States) ·