Car Hacking: More likely to be done by a mechanic than by a hacker
infosec

Car Hacking: More likely to be done by a mechanic than by a hacker

When we talk about car hacking, it comes to mind a hacker who gets remote access to the car system ...
Read More
infosec

Sri Lanka: Blocks access to social media

The government of Sri Lanka has temporarily blocked access to various social media services following deadly explosions that erupted ...
Read More
infosec tweaks

How to hack networks with Wi-Fi passwords

Probably you have a Wi-Fi network in your home or stay close to one (or more) that appears in ...
Read More
infosec tweaks

What is Social Engineering, what are its techniques and how to protect yourself?

Social Engineering is the term used for a wide range of malicious activities that are accomplished through human interactions. Uses the ...
Read More
infosec tweaks

Cryptocurrency: Ways to Enhance Your Privacy

Privacy and privacy on the internet are of great importance. It is not enough to take one or two measures to protect ...
Read More
Latest Posts

WooCommerce: Plug-ins of the plugin leads to hijack the site

A flaw in WordPress design, allows a famous e-commerce plugin, WooCommerce, to give attackers full control over the site. WooCommerce is an eCommerce plugin for WordPress, with which anyone can create their own online store. According to the official Wordpress.org Plugin page, there are more than 4 millions of active plugin installations.

WooCommerce plugin hijack

When WordPress plugins are installed, which do not use their own authentication method, they create new roles in the WordPress authentication system by changing the data that each new role can access.

According to Simon Scannell, her researcher RIPS Tech, when the installation of WooCommerce is completed, a new role is created with the name "Shop Manager" which has the option of "edit_users". With this feature, Shop Managers can change the rights of any WordPress user, including the administrator.

Since site administrators do not want plugins users to edit their Administrator account and their rights, WooCommerce has created a feature that Shop Managers can not edit as users are Administrators. However, the only way to disable a plugin is either by using an Administrator account, or by deleting the plugin files. Here is the crucial security gap!

Scannel detected a vulnerability of WooCommerce 3.4.5, as well as in all earlier versions. Vulnerability exploits the ability of the plugin to be able to delete logs. What has been detected is that Shop Managers could have access to different folders from those who were logs, and by adding the command "..." to the php argument.

An example of exploiting the vulnerability is the command to delete path: ../../plugins/woocommerce-3.4.5/woocommerce.php. With this command, the user could "climb" 2 levels to the WordPress subfolders, and delete the woocommerce.php file. By deleting woocommerce.php, the entire plugin is deactivated, and the function that restricts Shop Managers stops working, giving them the ability to change the rights of all users, along with the Administrator.

It should be noted that in order to exploit the vulnerability, the attacker will have access to an account with the rights of Shop_Manager. The only possible ways to do this is either through Phishing, or become a job from within.

Finally, the vulnerability has been corrected with the XOUMX version of WooCommerce released on October 3.4.6, where we suggest you install immediately.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *