Skip to content

Calberrycoder/CodePath-Assignments

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

README.md

README.md

 
 

Shortcode.JPG

Shortcode.JPG

 
 

Stored XSS.gif

Stored XSS.gif

 
 

XSS ShortCode.gif

XSS ShortCode.gif

 
 

XSS Word Press.gif

XSS Word Press.gif

 
 

XSS YouTube.gif

XSS YouTube.gif

 
 

image.JPG

image.JPG

 
 

stored.JPG

stored.JPG

 
 

yotube.JPG

yotube.JPG

 
 

Repository files navigation

CodePath-Assignments

Project 7 - WordPress Pentesting

Time spent: 6 hours spent in total

Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress

Pentesting Report

  1. CVE 2015-5622 Wordpress 4.3 - Authenticated Shortcode Tags Cross-Site Scripting
  • Summary:
    • Vulnerability types: XSS
    • Tested in version: 4.2
    • Fixed in version: 4.3.1
  • GIF Walkthrough:
  • Steps to recreate: 1) Use social engineering to gain access to post level permissions. 2) Create a new page/post or modify an existing one. 3) Use HTML editor to insert the following code:
  • Affected source code:
  1. CVE 2015-5622 Wordpress 4.2.3 Stored Cross-Site Scripting
  • Summary:
    • Vulnerability types: XSS
    • Tested in version: 4.2
    • Fixed in version: 4.2.3
  • GIF Walkthrough:
  • Steps to recreate: 1)Utilize social engineering to gain access to admin console. 2)Create or modify new page/post. 3)Using HTML editor insert code like this:
  • Affected source code:
  1. CVE 2017-6817: Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
  • Summary:
    • Vulnerability types: XSS
    • Tested in version: 4.2
    • Fixed in version: 4.7.3
  • GIF Walkthrough:
  • Steps to recreate: 1)Get access to an account with at least post level permissions utilizing social engineering 2)Create a new page or post/modifying existing. 3)Use HTML editor to embed code similar to this:
  • Affected source code:
  1. CVE 2016-7168: Authenticated Stored Cross-Site Scripting via Image Filename
  • Summary:
    • Vulnerability types: XSS
    • Tested in version: 4.2
    • Fixed in version: 4.2.10
  • GIF Walkthrough:
  • Steps to recreate: 1)Utlize social engineering to gain access to admin console. 2)Create/Modify post or page. 3)Insert an "image" using HTML editor and code like this:
  • Affected source code:
  1. (Optional) Vulnerability Name or ID
  • Summary:
    • Vulnerability types:
    • Tested in version:
    • Fixed in version:
  • GIF Walkthrough:
  • Steps to recreate:
  • Affected source code:

Assets

List any additional assets, such as scripts or files: None used

Resources

GIFs created with LiceCap.

Notes

The non XSS assignments required significant amounts of setup.

License

Copyright [2018] [Cody Berry]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published