Updated WordPress Plugin Security Testing Cheat Sheet (markdown)
Ryan Dewhurst
@@ -178,6 +178,13 @@ Use this [simple Burp Suite extention](https://gist.github.com/ethicalhack3r/7c2
|
|||||||
- ```wp_nonce_url()``` adds CSRF token to URL
|
- ```wp_nonce_url()``` adds CSRF token to URL
|
||||||
- ```wp_verify_nonce()``` checks the CSRF token validity server side
|
- ```wp_verify_nonce()``` checks the CSRF token validity server side
|
||||||
- ```check_admin_referer()``` checks the CSRF token validity server side and came from admin screen
|
- ```check_admin_referer()``` checks the CSRF token validity server side and came from admin screen
|
||||||
|
- ```check_ajax_referer()``` checks the CSRF token validity server side for AJAX scripts
|
||||||
|
|
||||||
|
### Gotcha
|
||||||
|
|
||||||
|
Passing `false` or `0` as the third argument to `check_ajax_referer()` will not cause the script to die, making the check useless.
|
||||||
|
|
||||||
|
Example:`check_ajax_referer( 'ajax-login-nonce', 'security', false );`
|
||||||
|
|
||||||
## SSL/TLS
|
## SSL/TLS
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user