Laurence Bramblett
Time spent: X hours spent in total
Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress
-
Summary: Enumerating Users
- Vulnerability types: Web Application vulnerability
- Tested in version:4.2
- Fixed in version: 4.6
-
GIF Walkthrough:
-
Steps to recreate: Use command wpscan --url http://192.168.33.10/ -e u vt
-
Affected source code:
-
Summary: You will receive a “confirmation” if you have chosen a correct username.
- Vulnerability types: Information Exposure
- Tested in version:4.2
- Fixed in version: unknown
-
GIF Walkthrough:
-
Steps to recreate: Enter a username with any password and the ERROR message will tell you if it is a valid username.
-
Affected source code:
-
Summary: You can navigate to /wp-admin/css or /wp-admin/js to view the directory listing
- Vulnerability types: Information Overexposure
- Tested in version: 4.2
- Fixed in version: unknown
-
GIF Walkthrough:
-
Steps to recreate: navigate to /wp-admin/css or /wp-admin/js to view directories.
-
Affected source code:
List any additional assets, such as scripts or files WPScan
GIFs created with ScreenToGif.
Describe any challenges encountered while doing the work