Skip to content

PatyRey/Codepath-WordPress-Pentesting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

README.md

README.md

 
 

Xss01.gif

Xss01.gif

 
 

Xss02.gif

Xss02.gif

 
 

login.gif

login.gif

 
 

Repository files navigation

Project 7 - WordPress Pentesting

Time spent: 12 hours spent in total

Objective: Find, analyze, recreate, and document Three vulnerabilities affecting an old version of WordPress

Pentesting Report

1. Authenticated XSS in comments (CVE-2019-9787)

  • Summary: Wordpress did not properly filter comments, leading to remote code execution by unauthenticated user configuration.
    • Vulnerability types: Cross-Site Scripting (XSS)
    • Tested in version:3.9-5.1
    • Fixed in version: 4.2.23
  • GIF Walkthrough:
  • Steps to recreate:
    • Insert the value in the input attribute
    • Once the comment is approved the alert will appear on the screen
  • Affected source code:

2. Authenticated Cross-Site Scripting (XSS) via Media File Metadata (CVE-2017-6814)

  • Summary:

    • Vulnerability types: Authenticated XSS in comments field
    • Tested in version: 4.2
    • Fixed in version: 4.2.13

  • GIF Walkthrough:

  • Steps to recreate:

    • Create a new post
    • Click on add media
    • Select an image
    • On the Caption input the XSS query

  • Affected source code:

3. User Enumeration (CVE-2017-5487)

  • Summary: Before 4.7.1 WordPress does not properly restrict listing of post authors, which allows remote attackers to obtain sensitive information

    • Vulnerability types: User Authentication
    • Tested in version: 4.2
    • Fixed in version: 4.7.1

  • GIF Walkthrough:

  • Steps to recreate:

    • in the login page type 'admin' in the user field
    • input a password in the password field
    • Press the login button

  • Affected source code:

Assets

List any additional assets, such as scripts or files

  • Puppy picture
  • XSS Queries

Resources

GIFs created with LiceCap.

Notes

  • Setting up the enviroment was challenging
  • Once VM- kali linux, WPdestillery and vagrant where up and running finding vulneravilities in WordPress was easy with the aid of wpscan

License

Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published