Skip to content

magnimusprime/WordPress-Pentesting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

Repository files navigation

Project 7 - WordPress Pentesting

Time spent: 6 hours spent in total

Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress

Pentesting Report

  1. (Required) Authenticated Stored Cross-Site Scripting )XSS_ in YouTube URL Embeds
  • Summary: Insert XSS and avoid sanitation by embedding it in a command to embed a youtube url
    • Vulnerability types: XSS
    • Tested in version: 4.2
    • Fixed in version: 4.7.3
  • GIF Walkthrough: https://i.imgur.com/527ndo4.gifv
  • Steps to recreate: Use wp scan, add Post as Admin, embed link, map < and > to the shortcode subsitute in sourcecode.
  • Affected source code: autoembed method
  1. (Required) Large File Upload Error XSS
  • Summary: Execute Xss and aovid sanitation by naming a very large file an xss command. The size checker will read the size and output size error %name reading name without sanitation.
    • Vulnerability types: XSS
    • Tested in version: 4.7.2
    • Fixed in version: 4.7.5
  • GIF Walkthrough: https://i.imgur.com/vsMLyrK.gifv
  • Steps to recreate: created a file 20mb in size and named it Din.png
  • Affected source code: script-loader.php
  1. (Required) Authenticated Cross-Site Scripting (XSS) in Visual Editor
  • Summary: Easy demo of xss by using the text tab of a new page and entering xss commands. Can be done from any user with privileges to post if the bbPost plugin is installed.
    • Vulnerability types: XSS
    • Tested in version: 4.5.3
    • Fixed in version: 4.8.2
  • GIF Walkthrough: https://i.imgur.com/RL7kBXh.gifv
  • Steps to recreate: add new page, enter xss in the text box, preview
  • Affected source code: sanitizing functions of the cms

Assets

List any additional assets, such as scripts or files

Resources

GIFs created with LiceCap.

Notes

Describe any challenges encountered while doing the work

License

Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

Codepath Week 7

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published