Detect Wordpress? Look for wp-login.php
Wordpress is pretty common and actually pretty secure these days. One area that still needs some work though is protection for the default login page wp-login.php. Most installations leave this page publicly exposed and a lot do not implement the recommended brute force mitigations here:
http://codex.wordpress.
Onavo took the easy approach and used Pagely. Pagely offer managed security which in theory should mean you are more secure...
Testing for bruteforce
So let's try and brute force Onavo's wp-login page.
You can see after only a few requests we start getting redirected (302). This redirection actually takes you to a Pagely captcha page.
The magical "pagelyvalid" cookie
I was curious how they implemented the verification once past the captcha so took a look at the response and saw that the captcha check just set a cookie called "pagelyvalid" to true. Hmmm. Lets try our brute force attack again but this time including the magical pagelyvalid cookie.
Lots of 200's. So simply including the pagelyvalid true cookie we can bypass the Pagely brute force mitigation and guess passwords night and day. And like I said at the start this didn't just affect Onavo but every site that used the Pagely service. Yikes!
Final Thoughts
A lot of sites miss brute force mitigations and rate limiting in general. Third parties can offer a quick fix but it's important to remember you are trusting your security to that third party and assuming they will do a good job (which isn't always the case!).
Both Facebook and Pagely responded reasonably quickly (the Pagely CEO even sent me a message!) and a fix has now been deployed. Hope you guys found this interesting, as usual if you have questions or suggestions just drop me a comment below.
Pwndizzle out
So, how much did they pay you bro?
ReplyDeletePagely don't operate a bounty program so there was no reward from them. However as this was a Facebook site Facebook paid the minimum bounty.
ReplyDeleteCreative Find :D
DeleteI enjoyed reading your post thanks for sharing it,
ReplyDeleteclipping path service|Background Removal service|Vector Tracing
Such a nice blog you have shared here. Thanks for sharing about this with us.
ReplyDeletePlease visit Call Girls in Kolkata to know why The Call girls in Kolkata are known for their dusky and fair skin tone and you can take the service from any of them according to your wish.
Call girls Kolkata
kolkata call girls
independent call girls in kolkata
high profile call girls in kolkata
escorts in kolkata
photo of call girls in kolkata
call girl services in kolkata
top class Kolkata call girls
air hostess escorts in kolkata
college escorts in kolkata
Kolkata call girls gallery
Photo Gallery of Kolkata Call Girls
پازل بند
ReplyDeleteمهراد جم
ناصر زینعلی
گرشا رضایی
After rehab is finished follow up care is frequently suggested. Since it just helps break the underlying compulsion, guiding and even follow up drug rehab administrations are suggested for people with interminable fixation or history of past dependence preceding drug rehab. Most rehab focuses offer a type of guiding and catch up that is done as an outpatient, which permits the individual an opportunity to return society, yet at the same time under the immediate management of a drug rehab instructor
ReplyDeleteinspirational quotes for addiction
overcoming addiction quotes
yespornplease
ReplyDeleteyespornplease
yespornplease
school administration software
ReplyDeletesmart school management system
school database management system
education erp software
school erp system
smart school software
canon g2000 error 5b00
ReplyDeleteerror 5b00 canon g2000
5b00 error
canon 5b00 error
canon support code 5b00
5b00 error
hotmail inlog
ReplyDelete