Skip to content

MeerAbdullah/Kali-Vs-WordPress

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits

README.md

README.md

 
 

ScreenCap#2.gif

ScreenCap#2.gif

 
 

ScreenCap1.gif

ScreenCap1.gif

 
 

ScreenCap3.gif

ScreenCap3.gif

 
 

ScreenCap4.gif

ScreenCap4.gif

 
 

Repository files navigation

Kali Vs WordPress

Pentesting write-up/report:

First exploit found: XSS (Cross Site Scripting)
Summary for exploit 1:

  • The types / classes of vulnerabilities involved and any related CVE identifiers
    • The vulnerability type is XSS.
    • The CVE Identifier is: CVE-2020-11030
  • Identify affected versions and patches
    • The affected versions and patches are for versions 4.2.2 or older versions. Newer versions are fixed.
  • Links to the source code, where possible
  • Steps to recreate:
    • Enter given command on a newly created page, and hover over and you will see an assert. Follow gif if needed.

ScreenCap1

Second exploit found: XSS (Cross Site Scripting)
Summary for exploit 2:

  • A small writeup indicating the steps you used to recreate
  • The types / classes of vulnerabilities involved and any related CVE identifiers
    • The vulnerability type is XSS.
    • The CVE Identifier is: CVE-2019-16223
  • Identify affected versions and patches
    • The affected versions and patches are for versions 4.2 or older versions. Newer versions are fixed.
  • Links to the source code, where possible
  • Steps to recreate:
    • Enter given command on a newly created post, and hover over and you will see an assert. Follow gif if needed.

ScreenCap#2

Third exploit found: XSS (Cross Site Scripting)
Summary for exploit 3:

  • The types / classes of vulnerabilities involved and any related CVE identifiers
    • The vulnerability type is XSS.
    • The CVE Identifier is: CVE-2019-16223
  • Identify affected versions and patches
    • The affected versions and patches are for versions 4.2 or older versions. Newer versions are fixed.
  • Links to the source code, where possible
  • Steps to recreate:
    • Enter given command on a newly created post, and hover over and you will see an assert. Follow gif if needed.

ScreenCap3

Fourth exploit found: User Enumeration
Summary for exploit 4:

  • The types / classes of vulnerabilities involved and any related CVE identifiers
    • The vulnerability type is User Enumeration.
    • The CVE Identifier is: N/A. Most relevant: CVE-2020-35539
  • Identify affected versions and patches
    • The affected versions and patches are for versions 4.2 or older versions. Newer versions are fixed.
  • Links to the source code, where possible
  • Steps to recreate:
    • Go to login screen, enter a valid username and incorrect password and it will say the username is valid. Follow gif if needed.

ScreenCap4

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published