Once you’ve found some potentially vulnerable code you will need to figure out how to reach it. The file and function names are often give us a clue of where we should start looking, but this isn’t always enough. This challenge can range from incredibly easy, pretty difficult, to all the way to actually impossible, where the code can never be reached.

There are a few things you can do to try and help you with this quest, I would highly recommend getting used to Xdebug as it massively simplifies finding how to reach bits of code by setting breakpoints. Then you can stumble around the application clicking on everything like a monkey until the breakpoint is triggered.

Poor Man’s Debugging

However, it can be a bit of a learning curve. So, if starting off with Xdebug seems too daunting or complicated, you can start with “Poor man’s” or “poor person’s” debugging methods such as the following:

echo "here\n";

file_put_contents("/tmp/hacked", "the var is $variable");

print_r($variable);

die("this class loaded");

Xdebug

Xdebug is an interactive debugger for PHP, this will allow you to set breakpoints to pause execution at certain points. This is an extremely powerful debugging tool and it can massively speed up how you find how to navigate code, find how to reach specific code flows, and inspect variables on the fly.

• Automattic provide a Docker image in GitHub you can use with everything set up
• Wordfence provide a Docker image in the resources channel in their Discord

After getting XDebug set up on the PHP / WordPress side you will need to have an IDE set up that the debugger can connect to so that you can control it. This can be done in PHPStorm or VSCode. This can sometimes be a little fiddly to get working, but once you’ve started using it you’ll really appreciate how much power it gives you.