View Issue Details

IDProjectCategoryView StatusLast Update
0000634Kali LinuxTool Upgrade Requestpublic2013-10-31 16:00
Reporterg0tmi1k Assigned Todookie  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version1.0.6 
Summary0000634: WPscan
Description

Name: WPScan
Version: v2.1r51ad9bd
Homepage: http://wpscan.org/
Download: https://github.com/wpscanteam/wpscan/zipball/master
Description: WPScan is a black box WordPress vulnerability scanner.

Additional Information

Found a couple of bugs in the version of WPscan thats currently in kali.
For example:

root@kali-offsec ~$ wpscan --url http://192.168.0.18/
____________________________________________________
 __          _______   _____                  
 \ \        / /  __ \ / ____|                 
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v2.1rNA

    WordPress Security Scanner by the WPScan Team
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

| URL: http://192.168.0.18/
| Started on Mon Oct  7 15:36:23 2013

[!] The WordPress 'http://192.168.0.18/readme.html' file exists
[+] XML-RPC Interface available under http://192.168.0.18/xmlrpc.php
[+] WordPress version 3.5.    1 identified from meta generator

[!] We have identified 1 vulnerabilities from the version number :
 |
 | * Title: CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php
 | * Reference: http://seclists.org/fulldisclosure/2013/Jun/65
 | * Reference: http://secunia.com/advisories/53676/
 | * Reference: http://osvdb.org/94235

[+] The WordPress theme in use is twentyeleven v1.5

 | Name: twentyeleven v1.5
 | Location: http://192.168.0.18/wp-content/themes/twentyeleven/
 | Readme: http://192.168.0.18/wp-content/themes/twentyeleven/readme.txt

[+] Enumerating plugins from passive detection ... 
[ERROR] can't convert Array to String
Trace :
/usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:45:in `match'
/usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:45:in `from_header'
/usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:23:in `passive_detection'
./wpscan.rb:173:in `main'
./wpscan.rb:327:in `<main>'
root@kali-offsec ~$       

Latest version in git:
root@kali-offsec ~/wpscan$ ./wpscan.rb --url http://192.168.0.18/ 127 ↵ master


        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                    Version v2.1r51ad9bd
     Sponsored by the RandomStorm Open Source Initiative
 @_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
_______________________________________________________________

| URL: http://192.168.0.18/
| Started on Mon Oct  7 15:38:20 2013

[!] The WordPress 'http://192.168.0.18/readme.html' file exists
[+] Interesting header: SERVER: Microsoft-IIS/7.0
[+] Interesting header: X-POWERED-BY: PHP/5.2.1
[+] Interesting header: X-POWERED-BY: ASP.NET
[+] XML-RPC Interface available under http://192.168.0.18/xmlrpc.php
[+] WordPress version 3.5.1 identified from meta generator

[!] We have identified 8 vulnerabilities from the version number :
 |
 | * Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
 | * Reference: http://seclists.org/fulldisclosure/2013/Jul/70
 | * Reference: http://osvdb.org/95060
 |
 | * Title: WordPress 3.4-3.5.1 DoS in class-phpass.php
 | * Reference: http://seclists.org/fulldisclosure/2013/Jun/65
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173
 | * Reference: http://secunia.com/advisories/53676
 | * Reference: http://osvdb.org/94235
 |
 | * Title: WordPress Multiple XSS
 | * Refe    rence: http://osvdb.org/94791
 | * Reference: http://osvdb.org/94785
 | * Reference: http://osvdb.org/94786
 | * Reference: http://osvdb.org/94790
 |
 | * Title: WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness
 | * Reference: http://osvdb.org/94787
 |
 | * Title: WordPress File Upload Unspecified Path Disclosure
 | * Reference: http://osvdb.org/94788
 |
 | * Title: WordPress oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure
 | * Reference: http://osvdb.org/94789
 |
 | * Title: WordPress Multiple Role Remote Privilege Escalation
 | * Reference: http://osvdb.org/94783
 |
 | * Title: WordPress HTTP API Unspecified Server Side Request Forgery (SSRF)
 | * Reference: http://osvdb.org/94784

[+] The WordPress theme in use is twentyeleven v1.5

 | Name: twentyeleven v1.5
 | Location: http://192.168.0.18/wp-content/themes/twentyeleven/
 | Readme: http://192.168.0.18/wp-content/themes/twentyeleven/readme.txt

[+] Enumerating plugins from passive detection ... 
1 plugins found :

 | Name: front-end-upload v0.5.3
 | Location: http://192.168.0.18/wp-content/plugins/front-end-upload/
 | Readme: http://192.168.0.18/wp-content/plugins/front-end-upload/readme.txt
 |
 | * Title: Front End Upload 0.5.3 Arbitrary File Upload
 | * Reference: http://www.exploit-db.com/exploits/19008/
 |
 | * Title: Front End Upload v0.5.4 Arbitrary PHP File Upload
 | * Reference: http://www.exploit-db.com/exploits/20083/

[+] Finished at Mon Oct  7 15:38:32 2013
[+] Memory Used: 3.566 MB
[+] Elapsed time: 00:00:12
Exiting!
root@kali-offsec ~/wpscan$     

Activities

dookie

dookie

2013-10-31 16:00

reporter   ~0001050

Updated to wpscan_2.1+git20131024-1kali0.

Thanks

Issue History

Date Modified Username Field Change
2013-10-07 14:38 g0tmi1k New Issue
2013-10-31 16:00 dookie Note Added: 0001050
2013-10-31 16:00 dookie Status new => resolved
2013-10-31 16:00 dookie Fixed in Version => 1.0.6
2013-10-31 16:00 dookie Resolution open => fixed
2013-10-31 16:00 dookie Assigned To => dookie
2021-05-31 13:37 rhertzog Category Tool Upgrade => Tool Upgrade Request