[Trying to Find a Bug in WordPress
I stumbled over some WordPress code involving caching. Immediately I had this idea about MD5 collision and how this could affect the implemented logic. I started going down a rabbit hole exploring the feasibility and eventually setting up a PHP debug environment. Only to realize that the idea was flawed from the start. So while this ends up being failed security research, we still learn a lot along the process.
Get my handwritten font (advertisement)
Checkout our courses on (advertisement)
Support these videos:
—
get_page_by_path:
Hash Collision Overview:
MD5 Collision Demo:
Is there an ASCII only MD5 hash collision?
Wordpress docker image with xdebug:
Debugging wordpress with xdebug:
What is a Server?
—
Chapters:
00:00 – Intro
00:36 – Finding the Research Topic
03:03 – Dumb Ideas Are NOT a Problem
03:40 – “What happens with a MD5 Hash Collision?”
04:38 – MD5 Hash Collision Feasibility
09:25 – WordPress Development Environment
11:18 – Debugging PHP
12:57 – Configuring xdebug
14:42 – Realizing the Research Idea was Flawed
15:58 – What we learned from the failed research
17:10 – hextree.io
17:47 – Outro
=[ ❤️ Support ]=
→ per Video:
→ per Month:
2nd Channel:
=[ 🐕 Social ]=
→ Twitter:
→ Streaming:
→ TikTok:
→ Instagram:
→ Blog:
→ Subreddit:
→ Facebook:
➪ Tags: #Find #Bug #WordPress
➪ Keyword: wordpress,Live Overflow,liveoverflow,hacking tutorial,how to hack,exploit tutorial,wordpress,xdebug,php debugging,wordpress security,hacking wordpress,wordpress plugin,caching plugin,md5 hash,md5 collision,md5 collission,hash collision,fastcol,failed security research,failed research,docker,dev containers,vscode,auditing php,cache,object cache,wp plugins,wp development,php debug