Trying to Find a Bug in WordPress

Channel:
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=lLjgskJgaRU



Duration: 18:07
91,488 views
4,668


I stumbled over some WordPress code involving caching. Immediately I had this idea about MD5 collision and how this could affect the implemented logic. I started going down a rabbit hole exploring the feasibility and eventually setting up a PHP debug environment. Only to realize that the idea was flawed from the start. So while this ends up being failed security research, we still learn a lot along the process.

Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)

Support these videos: https://liveoverflow.com/support/

---

get_page_by_path: https://developer.wordpress.org/reference/functions/get_page_by_path/
Hash Collision Overview: https://github.com/corkami/collisions#fastcoll-md5
MD5 Collision Demo: https://www.mscs.dal.ca/~selinger/md5collision/
Is there an ASCII only MD5 hash collision? https://twitter.com/LiveOverflow/status/1664280653519810563
Wordpress docker image with xdebug: https://github.com/wpdiaries/wordpress-xdebug
Debugging wordpress with xdebug: https://www.wpdiaries.com/wordpress-with-xdebug-for-docker/

What is a Server? https://www.youtube.com/watch?v=VXmvM2QtuMU

---

Chapters:
00:00 - Intro
00:36 - Finding the Research Topic
03:03 - Dumb Ideas Are NOT a Problem
03:40 - "What happens with a MD5 Hash Collision?"
04:38 - MD5 Hash Collision Feasibility
09:25 - WordPress Development Environment
11:18 - Debugging PHP
12:57 - Configuring xdebug
14:42 - Realizing the Research Idea was Flawed
15:58 - What we learned from the failed research
17:10 - hextree.io
17:47 - Outro

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/







Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
wordpress
xdebug
php debugging
wordpress security
hacking wordpress
wordpress plugin
caching plugin
md5 hash
md5 collision
md5 collission
hash collision
fastcol
failed security research
failed research
docker
dev containers
vscode
auditing php
cache
object cache
wp plugins
wp development
php debug