Time spent: 4 hours spent in total
Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress
- (Required) Cross Site Scripting Through Comments
- Summary:
- Vulnerability types: XSS
- Tested in version: 4.2
- Fixed in version: 4.2.1
- GIF Walkthrough:
- Steps to recreate:
- Make a comment post with the following text <script>alert('XSS')</script>
- Post Comment
- Script runs when the page is loaded
- Affected source code:
- (Required) Getting Usernames from the Login Page
- Summary: Finding valid usernames from brute-forcing the login page
- Vulnerability types: User enumeration
- Tested in version: 4.2
- Fixed in version: 4.2.9
- GIF Walkthrough:
- Steps to recreate:
- Guess usernames in login field and enter wrong password
- When username is valid, the error message says wrong password for 'valid' usernames
- Shows invalid username error when username is not valid
- Affected source code:
- (Required) Image Title Attribute Cross Site Scripting
- Summary: In the image title attribute can use XSS.
- Vulnerability types: XSS
- Tested in version: 4.2
- Fixed in version: 4.21
- GIF Walkthrough:
- Steps to recreate:
- Modify title attribute to malicious script
- Affected source code:
- (Optional) Non-Sanitized Post Body x
- Summary: Unfiltered HTML in post body
- Vulnerability types: XSS
- Tested in version: 4.2
- Fixed in version: 4.3.1
- GIF Walkthrough:
- Steps to recreate:
- Enter unfiltered html in post body (in this case a script alert)
- Affected source code:
- (Optional) Non Sanitized Post Title
- Summary: Unfiltered HTML in post title
- Vulnerability types: XSS
- Tested in version: 4.2
- Fixed in version: 4.3.1
- GIF Walkthrough:
- Steps to recreate:
- Enter unfiltered html in post title (in this case a script alert
- Affected source code:
List any additional assets, such as scripts or files
GIFs created with LiceCap.
I did not have the skills to try out many of the vulnerabilities documented.
Copyright [2018] [Nabil Ahmed Khatri]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.