When attacking web applications, what do you do when there are no injection points? No false-assumptions? No logical errors? Most of the times you just move on, perhaps look for bad code in a different component or third party plugin. What if that target is just too important to give up on? What if your target is the most popular web platform in the world?
This talk will focus on the recent vulnerabilities found in WordPress core, one of the most securely written web apps in the world. We will begin with a carefully orchestrated race condition leading to Privilege Escalation, and all the way to SQL injection and persistent XSS attacks, in 20% of the top 1M sites on the Internet. We will dive deep into a system that seems un-penetrable, and analyze a chain of bugs no one thought exploitable, in order to describe one of the most interesting WebApp vulnerabilities in CMS history.
Join us for a journey through the eyes of one researcher who made it to core WordPress and lived, to get a glimpse of how one searches for vulnerabilities in massive code and how to catch oh-so-important developer misses.