Detect Wordpress? Look for wp-login.php
Wordpress is pretty common and actually pretty secure these days. One area that still needs some work though is protection for the default login page wp-login.php. Most installations leave this page publicly exposed and a lot do not implement the recommended brute force mitigations here:
http://codex.wordpress.
Onavo took the easy approach and used Pagely. Pagely offer managed security which in theory should mean you are more secure...
Testing for bruteforce
So let's try and brute force Onavo's wp-login page.
You can see after only a few requests we start getting redirected (302). This redirection actually takes you to a Pagely captcha page.
The magical "pagelyvalid" cookie
I was curious how they implemented the verification once past the captcha so took a look at the response and saw that the captcha check just set a cookie called "pagelyvalid" to true. Hmmm. Lets try our brute force attack again but this time including the magical pagelyvalid cookie.
Lots of 200's. So simply including the pagelyvalid true cookie we can bypass the Pagely brute force mitigation and guess passwords night and day. And like I said at the start this didn't just affect Onavo but every site that used the Pagely service. Yikes!
Final Thoughts
A lot of sites miss brute force mitigations and rate limiting in general. Third parties can offer a quick fix but it's important to remember you are trusting your security to that third party and assuming they will do a good job (which isn't always the case!).
Both Facebook and Pagely responded reasonably quickly (the Pagely CEO even sent me a message!) and a fix has now been deployed. Hope you guys found this interesting, as usual if you have questions or suggestions just drop me a comment below.
Pwndizzle out
So, how much did they pay you bro?
ReplyDeletePagely don't operate a bounty program so there was no reward from them. However as this was a Facebook site Facebook paid the minimum bounty.
ReplyDeleteCreative Find :D
DeleteAfter rehab is finished follow up care is frequently suggested. Since it just helps break the underlying compulsion, guiding and even follow up drug rehab administrations are suggested for people with interminable fixation or history of past dependence preceding drug rehab. Most rehab focuses offer a type of guiding and catch up that is done as an outpatient, which permits the individual an opportunity to return society, yet at the same time under the immediate management of a drug rehab instructor
ReplyDeleteinspirational quotes for addiction
overcoming addiction quotes
canon g2000 error 5b00
ReplyDeleteerror 5b00 canon g2000
5b00 error
canon 5b00 error
canon support code 5b00
5b00 error
Hi...
ReplyDeleteToday I want to help you bolster your website's security against the most common type of security breach: brute force attacks.
You are also read more
Personal Loan in India