Skip to content

alvarezpj/websecurity-week7

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
csrf
csrf
 
 
sqli
sqli
 
 
wpscan
wpscan
 
 
xss-e1
xss-e1
 
 
xss-e2
xss-e2
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
exploits.md
exploits.md
 
 

Repository files navigation

Project 7 - WordPress Pentesting

Time spent: 15 hours spent in total

Objective: Find, analyze, recreate, and document four vulnerabilities affecting an old version of WordPress

Pentesting Report

  1. Unauthenticated stored cross-site scripting (CVE-2015-3440)
  • Summary:
    • Vulnerability types: XSS
    • Tested in version: Wordpress 4.2
    • Fixed in version: WordPress 4.2.1
  • GIF Walkthrough: xss-comment1 xss-comment2
  • Steps to recreate:
    • An unauthenticated attacker first injects code as a (long) comment such as this one.
    • When an administrator approves and sees the comment, the injected code is executed.
  • Affected source code:
  1. Cross-site scripting in media upload when file too large
  • Summary:
    • Vulnerability types: XSS
    • Tested in version: WordPress 4.7.2
    • Fixed in version: WordPress 4.7.5
  • GIF Walkthrough: xss-upload
  • Steps to recreate:
    • An attacker injects a malicious script into the filename of a large file. The file must exceed WordPress' maximum upload size.
    • The attacker then lures an administrator of the site to upload the file. The upload will fail but the malicious script is executed.
  • Affected source code:
  1. Multiple authenticated blind SQL injection (EDB-ID 40137)
  • Summary:
    • Vulnerability types: SQLI
    • Tested in version: WordPress 4.7, Spider Video Player 1.5.16
    • Fixed in version: Spider Video Player 1.5.18
  • GIF Walkthrough: sqli-1 sqli-2
  • Steps to recreate:
    • A logged on contributor (or higher - author, editor, or administrator) of a WordPress site (with the Spider Video Player 1.5.16 plugin installed) submits a request containing SQL statements. This page can be used as example.
    • The WordPress instance responds with the data requested by the attacker.
  • Affected source code:
  1. Cross-site request forgery in Insert Html Snippet plugin
  • Summary:
    • Vulnerability types: CSRF
    • Tested in version: WordPress 4.6, Insert Html Snippet 1.2
    • Fixed in version: Insert Html Snippet 1.2.1
  • GIF Walkthrough: csrf-1 csrf-2
  • Steps to recreate:
    • An administrator of a WordPress site (with the Insert HTML Snippet 1.2 plugin installed) clicks a link that leads to a malicious site.
    • The site, carefully crafted by an attacker, submits a POST request which changes the contents of a specific snippet kept by the plugin.
  • Affected source code:

Assets

The following four files were used to carry out the attacks:

Resources

GIFs created with GIPHY Capture.

Notes

The file exploits.md contains a list of all exploits I tried to recreate. I was not able to recreate the majority, fact that lead me to install plugins in order to open up the attack surface.

License

Copyright [2018] [Victor Alvarez Pajaro]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

WordPress Pentesting

Topics

xss sql-injection csrf pentesting wordpress-pentesting

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages