README and exploit descriptions
Time spent: 4 hours spent in total
Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress
- (Required) Vulnerability Name or ID: Directory Indexing
- Summary:
- Vulnerability types: Passive
- Tested in version: All
- Fixed in version: Not fixed
- GIF Walkthrough:
- Steps to recreate: You can recreate this vulnerability by attempting to navigate to any folders on the WordPress instance. Common folders to check are the folder that contains plugins, the folder that contains themes, and both folders for uploads and images.
- Affected source code:
- (Required) Vulnerability Name or ID: CVE-2016-10148
- Summary:
- Vulnerability types: Bypass a restriction or similar
- Tested in version: 4.5.5
- Fixed in version: 4.6.0
- GIF Walkthrough:
- Steps to recreate: Activating the function wp_ajax_update_plugin in wp-admin/includes/ajax-actions.php which activates the get_plugin_data which allows remotely authenticated users to bypass access restrictions.
- Affected source code:
- (Required) Vulnerability Name or ID: CVE-2013-7240
- Summary:
- Vulnerability types: Directory traversal
- Tested in version: 3.7.2 through 3.8.2
- Fixed in version: 3.8.2
- GIF Walkthrough:
- Steps to recreate: To recreate this exploit you can exploit this vulnerability in download-file.php of the Advanced Dewplayer plugin which allows attackers to read any file they like with the dot notation.
- Affected source code:
- (Optional) Vulnerability Name or ID
- Summary:
- Vulnerability types:
- Tested in version:
- Fixed in version:
- GIF Walkthrough:
- Steps to recreate:
- Affected source code:
- (Optional) Vulnerability Name or ID
- Summary:
- Vulnerability types:
- Tested in version:
- Fixed in version:
- GIF Walkthrough:
- Steps to recreate:
- Affected source code:
List any additional assets, such as scripts or files
GIFs created with LiceCap.
Describe any challenges encountered while doing the work
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.