{"id":2890,"date":"2015-12-23T14:52:05","date_gmt":"2015-12-23T14:52:05","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2015\/12\/23\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/"},"modified":"2024-03-18T16:02:00","modified_gmt":"2024-03-18T16:02:00","slug":"from-0-to-100-innocuous-source-code-to-web-server-compromise","status":"publish","type":"post","link":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/","title":{"rendered":"From 0 to 100: Innocuous Source Code to Web Server Compromise"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2890\" class=\"elementor elementor-2890\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-531d8caf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"531d8caf\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6254c321\" data-id=\"6254c321\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-65888c28 elementor-widget elementor-widget-text-editor\" data-id=\"65888c28\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Antonio S\u00e1nchez, Lead Consultant<\/p><p>In a recent web application penetration test I was challenged with figuring out how to fully compromise a client&#8217;s website. The site was using the latest version of WordPress, and although they had a few plugins installed, they seemed to be patched as well. However, I did find an interesting web directory that was anonymously browseable:<\/p><p><a href=\"https:\/\/www.example.com\/.hg\">https:\/\/www.example.com\/.hg<\/a><\/p><p><img decoding=\"async\" style=\"border-width: 1px; border-style: solid;\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/1.jpg\" alt=\"\" \/><\/p><p>This directory is used by Mercurial, a source code version control platform that eases the task of software development, to keep track of files throughout the development stages. Like all version control platforms, it is possible to browse earlier versions of stored code, as shown in the Mercurial documentation referenced below:<\/p><p><a href=\"https:\/\/www.mercurial-scm.org\/wiki\/FileFormats\">https:\/\/<\/a><a href=\"https:\/\/www.mercurial-scm.org\/wiki\/FileFormats\">www.mercurial-scm.org\/wiki\/FileFormats<\/a><\/p><blockquote><p>4.7. data\/<br \/>Revlogs for each file in the project history. Names are escaped in various increasingly-complex ways:<\/p><ul><li>old (see mercurial\/filelog.py:encodedir()):<\/li><li>directory names ending in .i or .d have .hg appended<\/li><li>store (see mercurial\/store.py:encodedstore):<\/li><li>uppercase is escaped: &#8216;FOO&#8217; -&gt; &#8216;_f_o_o&#8217;<\/li><li>character codes outside of 32-126 are converted to &#8216;~XX&#8217; hex format<\/li><li>fncache (see mercurial\/store.py:hybridencode):<\/li><li>windows reserved filename prefixes are ~XX-encoded<\/li><li>very long filenames and stored by hash<\/li><\/ul><\/blockquote><p><a href=\"https:\/\/www.mercurial-scm.org\/wiki\/Revlog\">https:\/\/www.mercurial-scm.org\/wiki\/Revlog\u00a0<\/a><\/p><blockquote><p>A revlog, for example .hg\/data\/somefile.d, is the most important data structure and represents all versions of a file in a repository. Each version is stored compressed in its entirety or stored as a compressed binary delta (difference) relative to the preceeding version in the revlog. Whether to store a full version is decided by how much data would be needed to reconstruct the file. This system ensures that Mercurial does not need huge amounts of data to reconstruct any version of a file, no matter how many versions are stored.<\/p><\/blockquote><p>While it would be straightforward to manually download the content of the &#8220;.hg&#8221; directory and then use a local instance of Mercurial to retrieve the source code, the web application was relatively large, and doing so was likely to impact on the client&#8217;s agreement with their hosting provider. Instead, I used an alternative approach, based on a readily available tool, currently hosted on Github, called DVCS-Pillage: <a href=\"https:\/\/github.com\/evilpacket\/DVCS-Pillage\">https:\/\/<\/a><a href=\"https:\/\/github.com\/evilpacket\/DVCS-Pillage\">github.com\/evilpacket\/DVCS-Pillage<\/a>.<\/p><p>In short, this tool automatically downloads the latest version of each file in the target repository or web application by calling the Mercurial &#8220;revert&#8221; command. The end result of performing this action against the target website was a complete local copy of the website, including configuration files.<\/p><p>The configuration files included credentials for a locally hosted MySQL database instance but the web server was configured to permit access only over HTTP and HTTPS (TCP ports 80 and 443), so these credentials were not under any immediate threat. There was, however, a custom &#8220;File Upload&#8221; page included in the web application that was not linked from any area of the public website.<\/p><p>This meant the original source code, including PHP, SQL, and configuration files were vulnerable.<\/p><p>Now what? Although the configuration files revealed credentials for the MySQL database used by the application, the web server only allowed access to ports 80 and 443, and therefore although this information was valuable it was of no use.\u00a0 There was no password reuse for the WordPress admin area. After having another look at the website, the page below caught my eye:<\/p><p><img decoding=\"async\" style=\"width: 198px; height: 238px; border-width: 1px; border-style: solid;\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/2.jpg\" alt=\"\" \/><\/p><p>As far as I know, WordPress does not come with a default file upload functionality, so the developers either installed a plugin or they wrote their own custom code. After having a look at the source code, I found out they actually had implemented their own upload functionality, reason enough to have a closer inspection of the source code for the file upload:<\/p><p><img decoding=\"async\" style=\"width: 743px; height: 376px; border-width: 1px; border-style: solid;\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/3.jpg\" alt=\"\" \/><\/p><p>The image above shows the source code fragment that takes the processes and stores the uploaded files. There are four important details within this fragment we analysed in detail to understand how the uploading functionality works, and therefore enabled opportunities for further exploitation.<\/p><ul><li>The first red arrow points to the &#8220;validateForm&#8221; function. The application checks the client made a POST request, and then passes the values of the form to this function, which is shown below:<\/li><\/ul><pre style=\"margin-top: 0.5em; margin-bottom: 0.5em; font-family: 'Courier New', 'DejaVu Sans Mono', monospace, sans-serif; font-size: 14px; line-height: 1.5em; white-space: pre-wrap; word-wrap: break-word; background-color: #ffffff;\">&lt;?php\n[...]\nprivate function validateForm() {\n\u00a0 \u00a0 if ((!isset($this-&gt;request-&gt;post['expense_id']) &amp;&amp; empty($this-&gt;request-&gt;post['expense_id'])) &amp;&amp; (!isset($_FILES) || empty($_FILES['file1']['size']))) {\n\u00a0 \u00a0 \u00a0 \u00a0 $this-&gt;error['file1'] = 'You must upload a document!';\n\u00a0 \u00a0 }\n\u00a0 \u00a0 if ($_FILES['file1']['size'] &gt; 18000000) {\n\u00a0 \u00a0 \u00a0 \u00a0 $this-&gt;error['file1'] = 'You must upload a smaller document!';\n\u00a0 \u00a0 }\n\u00a0 \u00a0 if(count($this-&gt;error)) {\n\u00a0 \u00a0 \u00a0 \u00a0 $this-&gt;error['errors'] = 'Please check the form for errors!';\n\u00a0 \u00a0 }\n\u00a0 \u00a0 if (!$this-&gt;error) {\n\u00a0 \u00a0 \u00a0 \u00a0 return true;\n\u00a0 \u00a0 } else {\n\u00a0 \u00a0 \u00a0 \u00a0 return false;\n\u00a0 \u00a0 }\n}\n[...]\n?&gt;\n<\/pre><p class=\"rteindent1\">The validation is quite simple, and it just involves a check to verify that all the necessary parameters have been supplied and the file size does not exceed 18000000 MB (that\u2019s big!). So far, so good.<\/p><p>The second red arrow points to the portion of code that sets the path where the files will be stored. Of particular relevance is the value of the &#8220;DIR_UPLOADS&#8221; folder, which after a quick search was found to be set as a static variable:<\/p><pre style=\"margin-top: 0.5em; margin-bottom: 0.5em; font-family: 'Courier New', 'DejaVu Sans Mono', monospace, sans-serif; font-size: 14px; line-height: 1.5em; white-space: pre-wrap; word-wrap: break-word; background-color: #ffffff;\">define('DIR_UPLOADS','\/var\/www\/repos\/******\/application\/uploads\/');<\/pre><p class=\"rteindent1\">Verifying that I had access to this directory was as simple as force browsing to <a href=\"https:\/\/www.example.com\/application\/uploads\/\" rel=\"nofollow\">https:\/\/www.example.com\/application\/uploads\/<\/a>, and although directory listing was disabled and therefore an error was returned by the server, it did mean they were uploading the files to a browseable directory!<\/p><ul><li>The next red arrow points to another element used to construct the path where the files will be stored, in this case an application ID. I completed the main application form the web application provided, after which I received the following email:<\/li><\/ul><p class=\"rteindent1\"><img decoding=\"async\" style=\"width: 555px; height: 176px; border-width: 1px; border-style: solid;\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/4.jpg\" alt=\"\" \/><\/p><p class=\"rteindent1\">As observed in the image above, the parameter &#8220;token&#8221; could potentially be used as an application ID.<\/p><ul><li>Finally, the last red arrow points to the function that creates the file on the server. The code corresponding to this function is shown below:<\/li><\/ul><pre style=\"margin-top: 0.5em; margin-bottom: 0.5em; font-family: 'Courier New', 'DejaVu Sans Mono', monospace, sans-serif; font-size: 14px; line-height: 1.5em; white-space: pre-wrap; word-wrap: break-word; background-color: #ffffff;\">if (isset($data['filename'])) {\n\u00a0\u00a0 \u00a0$ext = pathinfo($data['filename'], PATHINFO_EXTENSION);\n<span style=\"line-height: 1.5em;\">}\n<\/span><span style=\"line-height: 1.5em; background-color: #ffff00;\">$sql .= \" `generated_filename` = '\" . $this-&gt;db-&gt;escape(substr(md5(date('ymdhis').$data['filename']),0,35).'.'.$ext) . \"',\";<\/span>\n$sql .= \" date_added = NOW()\";\n$this-&gt;db-&gt;query($sql);\n$id = $this-&gt;db-&gt;getLastId();\nreturn $this-&gt;getId($id);\n<\/pre><p class=\"rteindent1\">The most important line has been highlighted. It crafts a SQL query with the final name of the file. To create the name, the developers decided to keep the original extension (!), and append it to the MD5 hash of the current date linked to the filename. This is a major issue which can allow a malicious attacker to control or guess all the variables in play which are in charge of generating the final filename.<\/p><p>Are we now in the place of exploiting the file upload functionality? Below shows what we found:<\/p><ol><li><u>Upload directory:<\/u> [\u2026]\/application\/uploads\/applications\/&lt;application_id&gt;\/&lt;filename&gt;.&lt;ext&gt;<\/li><li><u>Application_id:<\/u> 980353d4-8d0b-11e5-8429-feff000051bc<\/li><li><u>Filename + ext:<\/u> ?\u00a0<\/li><\/ol><p>The only piece missing in the puzzle is the final filename \u00a0the application generates, as we have knowledge of all the other key values. Fortunately enough, creating a function that does exactly what the original application does is trivial, as shown below:<\/p><p><img decoding=\"async\" style=\"width: 456px; height: 44px; border-width: 1px; border-style: solid;\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/5.jpg\" alt=\"\" \/><\/p><p>And after we run the previous PHP script\u2026<\/p><p><img decoding=\"async\" src=\"data:image\/jpeg;base64,\/9j\/4AAQSkZJRgABAQEAYABgAAD\/4QBaRXhpZgAATU0AKgAAAAgABQMBAAUAAAABAAAASgMDAAEAAAABAAAAAFEQAAEAAAABAQAAAFERAAQAAAABAAAAAFESAAQAAAABAAAAAAAAAAAAAYagAACxj\/\/bAEMAAgEBAgEBAgICAgICAgIDBQMDAwMDBgQEAwUHBgcHBwYHBwgJCwkICAoIBwcKDQoKCwwMDAwHCQ4PDQwOCwwMDP\/bAEMBAgICAwMDBgMDBgwIBwgMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDP\/AABEIABwBIQMBIgACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APkD4D8fA7wZjp\/YVjj\/AMB0rq68O+F3xN8baR+z\/Z6jp\/hHwXrWk+F\/Dcd\/dNafEvRJL6GzgjRGmlsY5GuYTkqPLaPeGdVxk1wK\/wDBTwnr4HwOx\/tg47Z\/5d+wOa\/KMTwzmUq05Kn1f2o935n+kmR+P3AdDLcPRq4+0owgmvZVnZqKTWlNrc+r6K8F+Nn7ZWqfAnVtEs9V8I6fdSa\/oGn+IrZrTXHZVgvLdJ40ctbLiRVfawAIDAjJ61xZ\/wCCnbKvPgXvj\/kM9\/8AvxWK4XzN6Kl3+1Hpv1PW\/wCJg+ALc31\/S1\/4Vfb\/AMF+Z9XUV4o\/7TfiuP4T2fjaTwT4XtdA1S1mvrEXfxC0q31C8gimkhZ47F2F0\/7yKRcJE3KHr1rz1v8Agp1s6+COOBn+2eOf+2H1pvhXNE7Ol\/5NH07i\/wCJhPD\/AP6GHb\/l1W67f8uz6tor5Q\/4edtu\/wCRFbrgf8Tnr\/5Ar1PSvjt408QfDrUPFOm+C\/BmpaVpekHXbtLb4m6LLfWtoBHueSzEn2lCrSohQxb9zbdu75aP9V8ztf2X\/k0f8xf8TC+H239oL\/wVW\/8AlZ65RXifxC\/aS+IXwi+HGj+LPFfwb1jw3oXiC4e20+bUdVW3kunWNZSVieIS+WY3DLIV2Pn5Sa89P\/BTrauW8D7eCf8AkMf\/AGip\/wBWMz\/59fjH\/Mr\/AImE8P3a2Yb7fuq3\/wArPq6ivEfiN+0r8Qfg98OdH8V+LPg7q3hvRNeuXtLCTUdU+zzXEixxy8QtAJAjRyKyuVCuM7ScVpaX8dvG2ufD688T2PgrwXqGl6bpL61eR2fxP0S4v7O1VAxeSzWQ3C\/eUbTHvywG3d8tU+Fc0W9L8Y+vcmP0hPD92tmG\/wD06rf\/ACvzOL\/4KDfCbxH8UP8AhEW0HR77UodPN59snij\/AHNkr\/Z9rzSHCRodp+Z2VeOtangeS1+Jn\/BK7WNN+Hel+ErfX\/C91FJ4wstR0CzuL7VI449RkkvrO8uI3kMot5I\/3cZjkt0tZDGSJJM\/Nv7UP7Ux\/aSbQv8AiRf2L\/Yv2j\/l9+0+d5vlf9M0248v3zntjn0L4n\/G74nfs5fBW0+FdxdeC7bSfGmgaXrzXuleH7OHUp7G4tTLHbT3gt47iTKSeXJ5hfoYxJ5ZkD\/qGR0JUMnhhakOWor395dZNrRLt5s\/hPxi4hwOecbYnNMqqe0oVPZ8srSjflpQi9JJSVpJrVLa60PmVU+Q\/hX2ZL+xf8Lbm40\/wfazePE8Za18Lo\/H6avNqNmNJsZxpA1GS2ktvs\/mPERHJ+9+0RmPzU\/dy+WZJPmf4N\/CXUvjf4jvdL0u4sbWex0m\/wBZla6dkj8iztpLmUfIhJfy4nPv7V9SftAfGT4keNf2fPCuqeGZ\/C3hvwLdfDnT\/Dty2p3\/AIasfEmrW9nGLW8jt8y\/2rJZyXMEv7tMCT58x9RXoSt7P+v5Zf8Atx+Zq\/N\/X906P4yfCH4d\/HD4j\/DHwlqf\/CZR+MdV+D+kXVvqFnd21vpukyW2gfaY0kgkjkku\/N8v58S2\/l+Yf9ZiuSuP2MfhbdXWn+D7Wbx2njLWvhfH4\/TV5dSsxpNjONIGoyW0lt9n8x4iI5P3v2iMx+Yn7uTyzJJwsej\/ABxj03TfixbX+j3h8H+GrewSSy1fRr3UNI0f7MLKP7Rp8cj3EcX2ecR+ZLb9JBz3qf8AaC\/b51rxt4a0Xwz4VuP7M0W38C6R4R1WWTRNPj1O5FtbRR3FvHfoj3P2OSSPPleaI5MnMY3kUq12pf3pf\/Jf\/alR3iv7v\/yJ8xDrX2hD+x58I\/8AhNPBvgX7R8RZfFPjf4eQeLhqn9oWkenaLdyaK+o+V9n+zmS7jLpjPm25jDYzJ\/rD4G\/7JHjgfDO68YRWGi32j2VlHqt5Hp\/iLT73UrCzk8vZcT2UVw9zbxnzY\/nkjAHmCvSIW8c6N4D8I\/GDXPiZ4Q8L6tJoFxofhO0vrC4l1DVNMs7eXTikaW9hJbDAEluHuZUkJ5zgb6cn7vJ\/XwyJp\/GWtU\/Yz8MWPjKfT1vNekhh+DMXxF8zzo8nUJNOjufL\/wBXj7P5kmMffx\/HXonx0+PXhn4W\/sBfCjQvB9v8XfDOn+PNA1u4e007x9Hb2d3P\/aNzbO+pxR6egv8AiMcfu8RDyv8AppXn3h74l\/H9v2ZxcprOh6L4JuPDtxoKPqt3oWl6jrukxKY5LeP7R5d7qFvGXkjjEfmiOQFI8SR4Hm37Sui+MPAnh34e+E\/E2sabqWm6f4Zt9Z8P29rFt+w2mp\/6bsd\/LR3k3y5OS4HODjiprK\/\/AIF\/8l\/XyHH4Lf19k+ifjl8efDPww\/4J\/wDwn0Hwjb\/F3wzp3jvw\/rc8lpp3xAjt7K7n\/tG5tnfU4I9PQX\/EYHWP90PL\/wCmlfCv8X4V1fij4qa5418IeFfD+pXYuNJ8IW01tpMBgjjFtHLcSXEnzYy+ZZJD85OM4FeteOfAHxm8bfsqeHbe+uNB1v4e\/DWzl1Ww03T9Z0e61DQbfUJYpJLie0t5DepHJJJGc3EeI\/M\/gzTlvKYv7h6U\/wCxd8LbibT\/AAfazePE8Za18Lo\/H6avNqNmNJsZxpA1GS1ktvs\/mPERHJ+9+0RmPzE\/dyeWZJOu+Mnwe+Hfxw+JHwv8J6p\/wmUfjLVPg9pF1b6jZ3dtb6bpUltoH2mNJIJI5JLvzfL+fEtv5fmH\/WYrn\/j38ZfiN41\/Z88K6t4Zn8L+G\/At18OtO8O3D6nf+GrHxJqtvZxi2vEt8y\/2rJZyXMEn7tMCT58x9RXzf\/w1F44XxtpXiZdcA1zw\/okfh6wuRZW5Nrp8dr9jji2+Xs\/4928veQXx3zzTre9OUP73\/wAl\/wDJIIW9nzf19n\/7Y+g2\/Yz+Fs93p\/hC1m8eL4y1r4XR+P01ebUbMaTYzjSP7RktZLb7P5jxERyfvftEZj81P3cnlmST4wfp+Ffb3xq+LvxO+LH7Pum3ngBdFXwTovw60rQ\/EZtbnw\/ceJYLO3it7e7Ev2eSTVYtONz5Z2SeXHiUb0HmHPzrN+yT44Hw0uvGENhot9o9lZR6reJp\/iLT7zUrCzk8rZcT2UU73NvGfNj+eSMAeYKmp\/El\/X2mXH4I\/wBfZieT0V7FpX7HXjbWvh3qHiiwj8G6lpWl6P8A25ex2vjbRZ7+0tAFy8lpHdm5Q\/Og8sxeZkhMZ4rL+If7L\/xC+Dnw40bxb4n8J6x4a0PW7p7TT5NSi+zTXUgijlJ8iTEvlmORMSeX5bjABNE1ykHmNFemfET9l\/4hfBv4caN4t8TeE9Y8M6Hrd09pp8mpx\/ZprqQRRyk+RJiXyzHIn7zy\/LcYAJrzOpAKKMUYoAKK7742\/A3U\/gRrOi2OqXVhcv4g0Gw8R25tGdvJtr23FxEsm9E\/eeW4yB+dcDjmgAooooA9i8a61pvw1\/Z40Hw9o+oWd9q3jpP7e8STWc6S\/ZIo5ZIrPTn2f6s\/JJcSRn\/nrbd46+wE+OXhOP8AZH8O6X4VWx1jw3L8OJNH8QeHpfito+g6ZHq\/lyfaLyfQruD7ReXsdwY7iK4jkk8wxxCPHl+WPzgPRqXOCKqfvQlEqn7s4yP0o1z43paeBNPn1D4jeEb74R23wRstGv8AwvB4js5LjU9a\/sqOKO3k0+OT7TJcx3X2d\/tHl\/uo4v8AWR+X5Y8t+L3jnxV4l\/Zm8Fw\/Cn4n6H4f+Htj4KSz8S+FrbxxZ+H7qTUI45P7QNzp8k8EmoSXGTskjjkMkZEfOMH4pBwaCcn6U5R5pyn\/AF9r\/N\/chU5cun9fZ\/8AkT60+FHiKPVf2PvEVr8Tbz4Z33hLSfC9xF4IRLvRpfFlnqhvTJBGnkZ1FIPNluHkjuMReW\/r5de1J8c\/Ccf7I3h3S\/Cq2Os+G5PhxJo\/iDw9L8VdH0HTI9X8uT7ReT6FeQfaLy9juDHcRXEcknmGOIR48vyx+cP8VGKc\/eUl\/X2v839yFT92fOfanxc8ceKvEv7MvguD4U\/FDQ\/D\/wAPLDwTHZeJfCtt44s\/D91JqEccn9oG50+SeCXUJLjPySRxyGSMiPnGD4T401nTfhr+zvoPh7R9Qsr3VvHSf294kns50l+yRRyyR2enPs\/1ZGyS4kjP\/PW27x14+O\/0oXqKTXxB5n154m+E9xZf8E1dJ0VvEXwzk1zS\/GGoeJrnTYfH2hTXJ0+TT7KONxGl2ZHl8yOQeQmZc\/8ALOvaPgdq\/h\/Tf2RL7wjc\/FeTxJpfij4aXaWVlrPxP0ux0PStcl\/0lNOTQZ\/31vJFJEP9MkkjjkkyRjzI8\/m3vOKN5pzd+b+9\/wDI8pUdFD+7\/wDJcx9ceJ\/hJdWX\/BNjSdFbxF8MZNb0vxnqHie50yHx\/oUtydPk06yijcRpdmR5fMjkH2ePMn\/TOvJ\/Gus6b8Nf2eNB8PaRf2V7q3jtP7d8STWc6S\/ZIo5ZI7PTn2f6sjZJcSRn\/nrbd468hNB7VM\/em5BH4T9Hx8dPCafsleHdM8KrY6x4bl+HMmj+IPD0vxV0fQdMi1fypPtF5PoV3B9ovL2O48u4iuI5JPMMcQTHl+WLGv8AxxS18D6fcah8RvCN78I7f4I2ejX\/AIXg8RWb3Gp63\/ZUcUdvJp8cn2mS5juvs7\/aPL\/dRxf62Py\/LH5q7zmgsSaJe9z\/AN7\/AO2\/zCOnI\/5f\/tf8j9IvCXxiWz8IaX\/YfxO8H6L8H1+DWo6XH4Xm8R29vLLr8mk3MdxHJpnmeYl5LfebJ9pkjjjkjdI45D5kUcninws8QR6t+x\/4jtfidefDK+8J6T4XuIvBCJdaPL4rstUN4ZII4\/IzqKQebLcvIlxiLy3\/AOudfJq87vpSN2oevM\/5v05v\/ktCYe7CMUfVun\/DSb9nj9k261Hwr4m+HOua98SfDoHiO7Txro\/n6DpkkgkOlR6e9x9pkvJDHDJLJ5WYx+7j\/wCWkle3p8c\/Ccf7I3h3S\/Cq2Os+G5PhxJo\/iDw9L8VtH0HTItX8uT7ReT6FdwfaLy9juPLuIriOSTzDHEI8eX5Y\/OH1pB0WiUebmCn7s+c+sdO+Gk37PH7Jt3qnhXxL8Ota1\/4keHQPEl2vjXRzPoGmSSCQ6VDp8lx9pkvJDHE8sgizGP3cfPmSVZ\/aY\/bS8eeLP2SPgroNv8WPFmqXF94e1W28V2C+KLiX7Uf7VufKjvI\/M5\/0by8eZ\/yzxXyOOlIehqprmV\/66hHex+hWrfFfwX8Rfg\/4Vv76f4RyfDvTPhOdC1i3vm06Xxha69BayxQC0jk\/4mMeb027p9n\/ANG8qSV5P+Wtb\/iD44JaeB9PuNQ+I3hK9+Edv8EbPRr\/AMLweIrN7jU9a\/sqOKO3k0+OT7TJcx3X2d\/tHl\/uo4v9bH5flj81lPNBPNFVOSn\/AHv\/ALb\/ADf3IcXy8lvs\/wD2v\/yJ9q\/Fzxx4q8Sfsy+DLf4U\/FDQ\/D\/w8sPBMdl4l8K23jiz8P3UmoRxyf2gbnT5J4JdQkuMnZJHHIZIyI+2DzOn\/DWb9nn9k261Hwr4l+HOua98SvDuPEd2njXR\/P0HTJHEh0qPTnuPtMl5IY4XlkEWYx+7j\/5aSV8ovwT9KF+8tS5X5v7w4r4T60+FHiGPVf2PfEVr8Tbz4Z33hHSfC9xD4JRLrRpfFdnqhvTJBGnkZ1FIPNluHkjuMReW\/r5de0p8cvCcf7I3h3S\/Cq2Os+G5PhxJo\/iDw9L8VdH0HTI9X8uT7ReT6FeQfaLy9juDHcRXEcknmGOIR48vyx+cX8VGKqa5lJf19r\/P8ETT9yfMfWXwNs7DwP8AsqfEO41qT4d+GbfxB4UnjtNa0fxfb3HirWLiS4ikt9Nk0\/7XPJHbvJHiXFtbyeXH+8lx+7ki0\/4aTfs8fsl3Wo+FPE3w51zXviV4dx4ju08a6P5+g6ZI\/mHSo9PkuPtMl5IY4ZJZPKzGP3cf\/LSSvk6gdazn7wU\/dPYvG2s6b8Nf2dtC8P6PqFle6v47T+3fEk1nOkv2SKOWSOz059n+rI8uS4kjP\/PW27x16x4k+El1Yf8ABNrR9GbxF8MpNb0vxlqPie50yHx9oUtydPk06yijcRpdmSSXzI5B9njzJn\/lnXyO3WpB99fpVOp7sl\/MOK96J9aeKPhJc2P\/AATW0nRW8RfDGTW9L8Zah4nudMh8faFLcnT5NOso43EaXZkeXzI5B5EeZc\/8s63\/AIs+OvFXiT9mbwXB8KfifoXh\/wCHlh4KjsvEvhW28b2egXUmoRxyf2gbnT5J4JNQkuMnZJHHIZIyI+cYPxXjOKUjCLTnLmv\/AF9nlHDRxX9b3O48W\/CMeE\/hP4R8WHxR4N1IeLHvANGsNT83V9G+zSeX\/pkG0eQJPvxnJ8xcmvv74lfEfVvA\/hLSZPFPjfw\/F8Jbr4C6fZ3HhB9fthcaxqkuixx2f\/Er8z7Q9x9p+zyfbPK\/dRx\/6z935dfmOBn9a6r4k\/FnXvixdabda\/ffb5tH0y10azJiWPyLS2jEUEY2gcIgAGfSiWsOT+vhl\/mFNWnz\/wBfFE+4Yv2vGk+Onw18K\/8ACf6ZF8NZvhNZ6dremxX1vFo93ef8I5LH5WoY\/dT3Ecnlxj7T5kkcgSPtXXfEf4kat4H8K6TL4p8b+H4fhLd\/AbT7O48IPr9sLjV9Uk0aOOz\/AOJX5n2h7j7T9nk+2eV+7ii\/1n7vy6\/MVuFrpfiP8XNf+LV9pd14gvvt02j6Za6NZnykj8i0tohFBGNoHCJgD6UqnvRl\/e\/+2\/zCHuzh\/d\/+1\/8AkTn8r\/eoqOis+U29uf\/Z\" alt=\"\" \/><\/p><p>Now the million dollar question, did this work?!<\/p><p><a href=\"https:\/\/www.example.com\/application\/uploads\/applications\/980353d4-8d0b-11e5-8429-feff000051bc\/7ebc5ec71a17ebd52e2f6bc25e32711c.php\" rel=\"nofollow\">https:\/\/www.example.com\/application\/uploads\/applications\/980353d4-8d0b-11e5-8429-feff000051bc\/7ebc5ec71a17ebd52e2f6bc25e32711c.php<\/a><\/p><p><img decoding=\"async\" style=\"width: 659px; height: 383px; border-width: 1px; border-style: solid;\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/7.jpg\" alt=\"\" \/><\/p><p>Indeed! Quite an interesting find that highlights the importance of paying attention to the small details and not assuming an issue may look like something minor.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Antonio S\u00e1nchez, Lead Consultant In a recent web application penetration test I was challenged with figuring out how to fully compromise a client&#8217;s website. The site was using the latest version of WordPress, and although they had a few plugins installed, they seemed to be patched as well. However, I did find an interesting web [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[207],"class_list":["post-2890","post","type-post","status-publish","format-standard","hentry","category-researchblog","tag-web_applications","wpbf-post"],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>From 0 to 100: Innocuous Source Code to Web Server Compromise<\/title>\n<meta name=\"description\" content=\"Antonio S\u00e1nchez, Lead ConsultantIn a recent web application penetration test I was challenged with figuring out how to fully compromise a client&#039;s\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"From 0 to 100: Innocuous Source Code to Web Server Compromise\" \/>\n<meta property=\"og:description\" content=\"Antonio S\u00e1nchez, Lead ConsultantIn a recent web application penetration test I was challenged with figuring out how to fully compromise a client&#039;s\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2015-12-23T14:52:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-18T16:02:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Geschreven door\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Geschatte leestijd\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\"},\"headline\":\"From 0 to 100: Innocuous Source Code to Web Server Compromise\",\"datePublished\":\"2015-12-23T14:52:05+00:00\",\"dateModified\":\"2024-03-18T16:02:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/\"},\"wordCount\":1144,\"publisher\":{\"@id\":\"https:\/\/dionach.com\/nl\/#organization\"},\"keywords\":[\"web applications\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"nl-NL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/\",\"url\":\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/\",\"name\":\"From 0 to 100: Innocuous Source Code to Web Server Compromise\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/nl\/#website\"},\"datePublished\":\"2015-12-23T14:52:05+00:00\",\"dateModified\":\"2024-03-18T16:02:00+00:00\",\"description\":\"Antonio S\u00e1nchez, Lead ConsultantIn a recent web application penetration test I was challenged with figuring out how to fully compromise a client's\",\"breadcrumb\":{\"@id\":\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/#breadcrumb\"},\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dionach.com\/nl\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"From 0 to 100: Innocuous Source Code to Web Server Compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dionach.com\/nl\/#website\",\"url\":\"https:\/\/dionach.com\/nl\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\/\/dionach.com\/nl\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dionach.com\/nl\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"nl-NL\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/dionach.com\/nl\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\/\/dionach.com\/nl\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/dionachcyber\",\"https:\/\/x.com\/dionachcyber\",\"https:\/\/uk.linkedin.com\/company\/dionach-ltd\",\"https:\/\/www.instagram.com\/dionachcyber\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"From 0 to 100: Innocuous Source Code to Web Server Compromise","description":"Antonio S\u00e1nchez, Lead ConsultantIn a recent web application penetration test I was challenged with figuring out how to fully compromise a client's","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/","og_locale":"nl_NL","og_type":"article","og_title":"From 0 to 100: Innocuous Source Code to Web Server Compromise","og_description":"Antonio S\u00e1nchez, Lead ConsultantIn a recent web application penetration test I was challenged with figuring out how to fully compromise a client's","og_url":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2015-12-23T14:52:05+00:00","article_modified_time":"2024-03-18T16:02:00+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Geschreven door":"Dionach Admin","Geschatte leestijd":"7 minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8"},"headline":"From 0 to 100: Innocuous Source Code to Web Server Compromise","datePublished":"2015-12-23T14:52:05+00:00","dateModified":"2024-03-18T16:02:00+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/"},"wordCount":1144,"publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"keywords":["web applications"],"articleSection":["researchblog"],"inLanguage":"nl-NL"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/","url":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/","name":"From 0 to 100: Innocuous Source Code to Web Server Compromise","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/#website"},"datePublished":"2015-12-23T14:52:05+00:00","dateModified":"2024-03-18T16:02:00+00:00","description":"Antonio S\u00e1nchez, Lead ConsultantIn a recent web application penetration test I was challenged with figuring out how to fully compromise a client's","breadcrumb":{"@id":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/nl\/from-0-to-100-innocuous-source-code-to-web-server-compromise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/nl\/"},{"@type":"ListItem","position":2,"name":"From 0 to 100: Innocuous Source Code to Web Server Compromise"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/nl\/#website","url":"https:\/\/dionach.com\/nl\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/dionach.com\/nl\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/nl\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-KC","_links":{"self":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/comments?post=2890"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2890\/revisions"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/media?parent=2890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/categories?post=2890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/tags?post=2890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}