View Issue Details

IDProjectCategoryView StatusLast Update
0000634Kali Linux[All Projects] Tool Upgrade Requestpublic2013-10-31 16:00
Reporterg0tmi1k Assigned Todookie  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version1.0.6 
Summary0000634: WPscan
DescriptionName: WPScan
Version: v2.1r51ad9bd
Homepage: http://wpscan.org/
Download: https://github.com/wpscanteam/wpscan/zipball/master
Description: WPScan is a black box WordPress vulnerability scanner.
Additional InformationFound a couple of bugs in the version of WPscan thats currently in kali.
For example:

    root@kali-offsec ~$ wpscan --url http://192.168.0.18/
    ____________________________________________________
     __ _______ _____
     \ \ / / __ \ / ____|
      \ \ /\ / /| |__) | (___ ___ __ _ _ __
       \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
        \ /\ / | | ____) | (__| (_| | | | |
         \/ \/ |_| |_____/ \___|\__,_|_| |_| v2.1rNA
    
        WordPress Security Scanner by the WPScan Team
     Sponsored by the RandomStorm Open Source Initiative
    _____________________________________________________
    
    | URL: http://192.168.0.18/
    | Started on Mon Oct 7 15:36:23 2013
    
    [!] The WordPress 'http://192.168.0.18/readme.html' file exists
    [+] XML-RPC Interface available under http://192.168.0.18/xmlrpc.php
    [+] WordPress version 3.5. 1 identified from meta generator
    
    [!] We have identified 1 vulnerabilities from the version number :
     |
     | * Title: CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php
     | * Reference: http://seclists.org/fulldisclosure/2013/Jun/65
     | * Reference: http://secunia.com/advisories/53676/
     | * Reference: http://osvdb.org/94235
    
    [+] The WordPress theme in use is twentyeleven v1.5
    
     | Name: twentyeleven v1.5
     | Location: http://192.168.0.18/wp-content/themes/twentyeleven/
     | Readme: http://192.168.0.18/wp-content/themes/twentyeleven/readme.txt
    
    [+] Enumerating plugins from passive detection ...
    [ERROR] can't convert Array to String
    Trace :
    /usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:45:in `match'
    /usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:45:in `from_header'
    /usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:23:in `passive_detection'
    ./wpscan.rb:173:in `main'
    ./wpscan.rb:327:in `<main>'
    root@kali-offsec ~$



Latest version in git:
    root@kali-offsec ~/wpscan$ ./wpscan.rb --url http://192.168.0.18/ 127 ↵ master
    _______________________________________________________________
            __ _______ _____
            \ \ / / __ \ / ____|
             \ \ /\ / /| |__) | (___ ___ __ _ _ __
              \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
               \ /\ / | | ____) | (__| (_| | | | |
                \/ \/ |_| |_____/ \___|\__,_|_| |_|
    
            WordPress Security Scanner by the WPScan Team
                        Version v2.1r51ad9bd
         Sponsored by the RandomStorm Open Source Initiative
     @_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
    _______________________________________________________________
    
    | URL: http://192.168.0.18/
    | Started on Mon Oct 7 15:38:20 2013
    
    [!] The WordPress 'http://192.168.0.18/readme.html' file exists
    [+] Interesting header: SERVER: Microsoft-IIS/7.0
    [+] Interesting header: X-POWERED-BY: PHP/5.2.1
    [+] Interesting header: X-POWERED-BY: ASP.NET
    [+] XML-RPC Interface available under http://192.168.0.18/xmlrpc.php
    [+] WordPress version 3.5.1 identified from meta generator
    
    [!] We have identified 8 vulnerabilities from the version number :
     |
     | * Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
     | * Reference: http://seclists.org/fulldisclosure/2013/Jul/70
     | * Reference: http://osvdb.org/95060
     |
     | * Title: WordPress 3.4-3.5.1 DoS in class-phpass.php
     | * Reference: http://seclists.org/fulldisclosure/2013/Jun/65
     | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173
     | * Reference: http://secunia.com/advisories/53676
     | * Reference: http://osvdb.org/94235
     |
     | * Title: WordPress Multiple XSS
     | * Refe rence: http://osvdb.org/94791
     | * Reference: http://osvdb.org/94785
     | * Reference: http://osvdb.org/94786
     | * Reference: http://osvdb.org/94790
     |
     | * Title: WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness
     | * Reference: http://osvdb.org/94787
     |
     | * Title: WordPress File Upload Unspecified Path Disclosure
     | * Reference: http://osvdb.org/94788
     |
     | * Title: WordPress oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure
     | * Reference: http://osvdb.org/94789
     |
     | * Title: WordPress Multiple Role Remote Privilege Escalation
     | * Reference: http://osvdb.org/94783
     |
     | * Title: WordPress HTTP API Unspecified Server Side Request Forgery (SSRF)
     | * Reference: http://osvdb.org/94784
    
    [+] The WordPress theme in use is twentyeleven v1.5
    
     | Name: twentyeleven v1.5
     | Location: http://192.168.0.18/wp-content/themes/twentyeleven/
     | Readme: http://192.168.0.18/wp-content/themes/twentyeleven/readme.txt
    
    [+] Enumerating plugins from passive detection ...
    1 plugins found :
    
     | Name: front-end-upload v0.5.3
     | Location: http://192.168.0.18/wp-content/plugins/front-end-upload/
     | Readme: http://192.168.0.18/wp-content/plugins/front-end-upload/readme.txt
     |
     | * Title: Front End Upload 0.5.3 Arbitrary File Upload
     | * Reference: http://www.exploit-db.com/exploits/19008/
     |
     | * Title: Front End Upload v0.5.4 Arbitrary PHP File Upload
     | * Reference: http://www.exploit-db.com/exploits/20083/
    
    [+] Finished at Mon Oct 7 15:38:32 2013
    [+] Memory Used: 3.566 MB
    [+] Elapsed time: 00:00:12
    Exiting!
    root@kali-offsec ~/wpscan$

Activities

dookie

2013-10-31 16:00

reporter   ~0001050

Updated to wpscan_2.1+git20131024-1kali0.

Thanks

Issue History

Date Modified Username Field Change
2013-10-07 14:38 g0tmi1k New Issue
2013-10-31 16:00 dookie Note Added: 0001050
2013-10-31 16:00 dookie Status new => resolved
2013-10-31 16:00 dookie Fixed in Version => 1.0.6
2013-10-31 16:00 dookie Resolution open => fixed
2013-10-31 16:00 dookie Assigned To => dookie
2021-05-31 13:37 rhertzog Category Tool Upgrade => Tool Upgrade Request