Time spent: 3 hours spent in total
Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress
- CVE-2016-7168
- Summary:
- Vulnerability types: XSS
- Tested in version: 4.2
- Fixed in version: 4.6.1
- Steps to recreate:
- Create an image with a name containing something like
<img src=a onerror=alert(document.cookie)>
- Convince an administrator to upload the image
- Open the image to trigger the exploit
- Create an image with a name containing something like
- CVE-2017-6814
- Summary:
- Vulnerability types: XSS
- Tested in version: 4.2
- Fixed in version: 4.7.3
- Steps to recreate:
- Create an mp3 file and modify its metadata to contain the malicious payload (e.g.
</noscript><script>alert(document.cookie)\;</script>
) - Convince an administrator to upload the mp3 file
- Open the mp3 to trigger the exploit
- Create an mp3 file and modify its metadata to contain the malicious payload (e.g.
- CVE-2017-6817
- Summary:
- Vulnerability types: CSRF
- Tested in version: 4.2
- Fixed in version: 4.7.3
- Steps to recreate:
- Convince an administrator to embed a YouTube link containing the malicious payload (e.g.
<svg onload=alert(document.cookie)>
in a post - View the post
- Convince an administrator to embed a YouTube link containing the malicious payload (e.g.
N/A
N/A.
Version 2, December 2004
Copyright (C) 2018 Alexander Schmidt <aas405@msstate.edu>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. You just DO WHAT THE FUCK YOU WANT TO.