Skip to content

whuang8/wordpress-pentests

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

PluginXSSDemo.gif

PluginXSSDemo.gif

 
 

README.md

README.md

 
 

ShortcodeXSSDemo.gif

ShortcodeXSSDemo.gif

 
 

WidgetXSSDemo.gif

WidgetXSSDemo.gif

 
 

Repository files navigation

Project 7 - WordPress Pentesting

Time spent: 2 hours spent in total

Objective: Find, analyze, recreate, and document three-five vulnerabilities affecting an old version of WordPress

Pentesting Report

  1. Title: WordPress <= 4.2.2 - Widgets Title Cross-Site Scripting (XSS)
  • Summary: Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
  • Vulnerability types: XSS
  • Tested in version: 4.2.3
  • Fixed in version: 4.2.4
  • GIF Walkthrough:

Video Walkthrough

  • Steps to recreate:

    • Create a new html widget
    • Insert script in widget text
    • save widget to some part of the site

  • Affected source code: Source Code

  1. Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  • Summary: Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
  • Vulnerability types: XSS
  • Tested in version: 4.2.2
  • Fixed in version: 4.2.5
  • GIF Walkthrough:

Video Walkthrough

  • Steps to recreate:

    • Create or edit a post
    • Use a shortcode, created by [] tags
    • Write script tags inside the [] tags

  • Affected source code: Source Code

  1. Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  • Summary: Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
  • Vulnerability types: XSS
  • Tested in version: 4.2.2
  • Fixed in version: 4.7.1
  • GIF Walkthrough:

Video Walkthrough

  • Steps to recreate:

    • Edit a plugins name to be some script in script tags
    • go to wp-admin/update-core.php

  • Affected source code: Source Code

Resources

GIFs created with LiceCap.

License

Copyright [2017] [William]

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published