Skip to content

kennyhk418/Codepath_project7

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

1.gif

1.gif

 
 

2.gif

2.gif

 
 

3.gif

3.gif

 
 

README.md

README.md

 
 

Repository files navigation

Project 7 - WordPress Pentesting

Time spent: 8 hours spent in total

Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress

Pentesting Report

1. (Required) User Enumeration

  • Summary:

    • Vulnerability types: User Enumeration
    • Tested in version: 4.1.2
    • Fixed in version: Not yet fixed

  • GIF Walkthrough:

    Video Walkthrough 1

  • Steps to recreate: When I tried to login with the admin username and a false password, the screen will display "ERROR: The password you entered for the username admin is incorrect." However, if I tried to login with some random username which does not exist, it will show "Error: Invalid username."

  • Affected source code:

2. (Required) CVE-2015-5622

  • Summary:

    • Vulnerability types: XSS
    • Tested in version: 4.0
    • Fixed in version: 4.1.6

  • GIF Walkthrough:

    Video Walkthrough 2

  • Steps to recreate: We would perform the XSS on the post, and put in <a href="[caption code]=" onmouseover="alert('test')">link</a>.

  • Affected source code:

3. (Required) CVE-2015-5714

  • Summary:

    • Vulnerability types: XSS
    • Tested in version: 4.0
    • Fixed in version: 4.1.8

  • GIF Walkthrough:

    Video Walkthrough 3

  • Steps to recreate: We would like to exploit XSS vulnerbility in the comment section, so we can put in <script>alert('test')</script>. A pop up window will appear in the comment page.

  • Affected source code:

  1. (Optional) Vulnerability Name or ID
  • Summary:
    • Vulnerability types:
    • Tested in version:
    • Fixed in version:
  • GIF Walkthrough:
  • Steps to recreate:
  • Affected source code:
  1. (Optional) Vulnerability Name or ID
  • Summary:
    • Vulnerability types:
    • Tested in version:
    • Fixed in version:
  • GIF Walkthrough:
  • Steps to recreate:
  • Affected source code:

Assets

List any additional assets, such as scripts or files

Resources

GIFs created with LiceCap.

Notes

Describe any challenges encountered while doing the work

License

Copyright [2017] [Ki Yin Kenny Lam]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published