Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Real-world test case, wordpress + most used plugins #3

Open
0x27 opened this issue Sep 19, 2016 · 4 comments
Open

Real-world test case, wordpress + most used plugins #3

0x27 opened this issue Sep 19, 2016 · 4 comments
Labels
enhancement

Comments

@0x27
Copy link
Collaborator

0x27 commented Sep 19, 2016

A "hard problem" (which may be out of scope) to solve is the issue with dynamic web apps that have a fuck tonne of dependencies and rely on a database.

An example of this is the vast majority of wordpress plugins.

It would be interesting to be able to point phuzz at the webroot of an installed/configured Wordpress/whatever instance (with whatever plugins) and let it rip. Hooking calls to the database would also help with detecting SQLi, etc.

This functionality may already be possible in the applications current state, I'll have to run some tests later.
@HarryR
Copy link
Collaborator

HarryR commented Sep 19, 2016

If the document root is pointing at an already configured WordPress instance and the database is running/setup etc. then it will work as expected in its current state.

There's no need for additional hooks to trace database calls, they will be caught by the xdebug function call tracer as containing tainted input.

To confirm this I will put together a couple of SQLi examples which use in-memory sqlite and add them to the tests directory.

When this is done this issue can be closed.

@0x27
Copy link
Collaborator Author

0x27 commented Sep 20, 2016

Going to actually test this on a live Wordpress instance later today, and see how it goes.

The following is interesting/useful for auto-bulk-installing large numbers of plugins to an instance, so in theory, assuming Wordpress's "5 minute install" doesn't take all year, it should be relatively trivial to test.

http://www.wpbeginner.com/plugins/how-to-bulk-install-your-favorite-plugins-in-wordpress/

@HarryR
Copy link
Collaborator

HarryR commented Sep 27, 2016
edited
Loading

Would be interesting to dockerize this and call it wordpress-shitbox. The docker build process will setup Wordpress and install the plugins, and save it all so it all starts up (database and all). Making Wordpress use SQLite rather than MySQL or PostgreSQL would simplify things, but I dunno if that's supported.

Maybe the top 250 or 500 plugins according to Wordpress stars & number of users or installs, although all the juicy stuff is probably going to be in the less used plugins (I hope, at least).

Only problem is running strace under docker...

@HarryR HarryR changed the title Coverage Enhancement - Ability for dealing with databases/whatnot Real-world test case, wordpress + most used plugins Sep 27, 2016
@0x27
Copy link
Collaborator Author

0x27 commented Sep 28, 2016

Based on my experiences testing last week, you don't want to go above probably 100 plugins before the Wordpress install quite simply shits itself. Not to mention, some plugins have dependencies on others or clash with others for whatever reason...

It is entirely possible to script adding a random selection of 10 plugins at a time using the bulk-installer plugin and some Python, however.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HarryR @0x27