Trying to Find a Bug in WordPress
I stumbled over some WordPress code involving caching. Immediately I had this idea about MD5 collision and how this could affect the implemented logic. I started going down a rabbit hole exploring the feasibility and eventually setting up a PHP debug environment. Only to realize that the idea was flawed from the start. So while this ends up being failed security research, we still learn a lot along the process.
Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)
Support these videos: https://liveoverflow.com/support/
---
get_page_by_path: https://developer.wordpress.org/refer...
Hash Collision Overview: https://github.com/corkami/collisions...
MD5 Collision Demo: https://www.mscs.dal.ca/~selinger/md5...
Is there an ASCII only MD5 hash collision? / 1664280653519810563
Wordpress docker image with xdebug: https://github.com/wpdiaries/wordpres...
Debugging wordpress with xdebug: https://www.wpdiaries.com/wordpress-w...
What is a Server? • What is a Server? (Deepdive)
---
Chapters:
00:00 - Intro
00:36 - Finding the Research Topic
03:03 - Dumb Ideas Are NOT a Problem
03:40 - "What happens with a MD5 Hash Collision?"
04:38 - MD5 Hash Collision Feasibility
09:25 - WordPress Development Environment
11:18 - Debugging PHP
12:57 - Configuring xdebug
14:42 - Realizing the Research Idea was Flawed
15:58 - What we learned from the failed research
17:10 - hextree.io
17:47 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
