Operation WTF Hackathon by Hackers Mauritius – Day 2

After having set up our network environment for the operation WTF, Hackers Mauritius team started working on several vulnerabilities around WordPress content management system. It started on Saturday the 14th of May where several proof of concept (POC) were established. I was shocked to see how come it is easy to exploit a WordPress website. For security purpose, we have to blank parts of  URLs before posting on social networks. No wonder, Loganaden Velvindron #2 of hackers.mu did not hesitate to give his opinion on Medium.com - "Many bloggers use it, because it is both easy to setup, and there is a rich ecosystem of wordpress plugins. WordPress has often been criticized due to its security record. What is more worrying is the varying quality of the wordpress plugins." 

POC - Vulnerability found !
POC - Vulnerability found !

Operation WTF - WordPress Tiny flaws end up on Sunday the 15th of May 2016 after lines of codes were fixed up from many wordpress plugins. We can also noticed how dangerous it is if a proper audit is not carried out on wordpress before putting a website to production. Here is another example where the /etc/passwd was retrieved by hackers Mauritius.

CiZlRQFXEAA7Qbq

Patches were also written to fix up bugs. However, it is to be noted that for security reasons patches are not disclosed for the time being as at Hackers Mauritius we follow ethical rules and the aim to stay within the grey line is of paramount importance.