CLOUDFEST 2023 HACKATHON PROJECT

WordPress runtime vulnerability analysis

Project Description

The aim of this project is to build a tool that can dynamically probe a WordPress installation running within a container and detect probable security vulnerabilities.

The tool is inspired by the wpgarlic proof-of-concept article and basically tries to create bogus requests and find out where these requests end up producing unexpected output, rather than only performing a static analysis on the code.

It will first understand how the plugin behaves and what data it accesses, such as from the GET and POST parameters. Then, the tool will inject itself into the core and plugin’s functions to intercept and retrieve data, create actions, send requests, and stress the plugin in the hopes of detecting unescaped output or leaking internal data.

Hackathon Goals

The main goal for the Hackathon is to create a powerful fuzzer with the following characteristics:

  • It doesn’t rely at all on entropy/randomness and provides fixed results throughout scans with better rules in order to lower the false positives;
  • It has a modular system to add new scans and rules easily;
  • It injects itself into methods and classes during runtime without editing the source code;
  • It tries to find and display the vulnerability source.
Target Audience

Backend Developers, Security Researchers

Project Lead
Lucio Sá

Software Engineer at Codeable

#PHP
#Security
#RuntimeAnalysis

Other Projects

What is the CloudFest Hackathon?

CloudFest 2023 Tickets

Standard Pass

399 € excl. VAT
March 21 – 23, 2023

The Standard Pass is like general admission at a sports stadium or concert: you get the run of the venue, plus free lunch and coffee breaks; as well as free shuttle service from Offenburg.

Benefits

  • Access to the entire CloudFest venue at Europa-Park and its hotels, March 21 – 23, 2023.
  • Invitation to all of the main parties networking events
  • Event bag with CloudFest documentation
  • Participation in Keynote, Breakout, and Masterclass tracks, and Exhibition Hall
  • Catering, including lunch and coffee breaks
  • Free shuttle from Offenburg to Rust and back

VIP Pass

999 € excl. VAT
March 21 – 23, 2023

The VIP Pass is like box seats at a sports stadium or convert: you get everything included in the Standard Pass, plus VIP-only perks like free shuttle service around Europa-Park in high-end cars.

Benefits

  • All benefits from the Standard Pass
  • Chauffeured luxury car service between venues and EP hotels
  • Exclusive high-level networking events
  • Hotel VIP treatment and concierge service
  • Access to VIP Lounge
  • Special lunch restaurant with gourmet catering

Newsletter

Subscribe to our newsletter and get a free ticket to CloudFest 2023. We’ll keep you up to date on the event you’re about to attend! Oh, and studies prove that subscribing makes you more awesome.

© 2023 – CloudFest | All rights reserved