0000634: WPscan - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0000634	Kali Linux	Tool Upgrade Request	public	2013-10-07 14:38	2013-10-31 16:00

Reporter	g0tmi1k	Assigned To	dookie
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Fixed in Version	1.0.6

Summary	0000634: WPscan
Description	Name: WPScan Version: v2.1r51ad9bd Homepage: http://wpscan.org/ Download: https://github.com/wpscanteam/wpscan/zipball/master Description: WPScan is a black box WordPress vulnerability scanner.
Additional Information	Found a couple of bugs in the version of WPscan thats currently in kali. For example: root@kali-offsec ~$ wpscan --url http://192.168.0.18/ ____________________________________________________ __ _______ _____ \ \ / / __ \ / ____\| \ \ /\ / /\| \|__) \| (___ ___ __ _ _ __ \ \/ \/ / \| ___/ \___ \ / __\|/ _` \| '_ \ \ /\ / \| \| ____) \| (__\| (_\| \| \| \| \| \/ \/ \|_\| \|_____/ \___\|\__,_\|_\| \|_\| v2.1rNA WordPress Security Scanner by the WPScan Team Sponsored by the RandomStorm Open Source Initiative _____________________________________________________ \| URL: http://192.168.0.18/ \| Started on Mon Oct 7 15:36:23 2013 [!] The WordPress 'http://192.168.0.18/readme.html' file exists [+] XML-RPC Interface available under http://192.168.0.18/xmlrpc.php [+] WordPress version 3.5. 1 identified from meta generator [!] We have identified 1 vulnerabilities from the version number : \| \| * Title: CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php \| * Reference: http://seclists.org/fulldisclosure/2013/Jun/65 \| * Reference: http://secunia.com/advisories/53676/ \| * Reference: http://osvdb.org/94235 [+] The WordPress theme in use is twentyeleven v1.5 \| Name: twentyeleven v1.5 \| Location: http://192.168.0.18/wp-content/themes/twentyeleven/ \| Readme: http://192.168.0.18/wp-content/themes/twentyeleven/readme.txt [+] Enumerating plugins from passive detection ... [ERROR] can't convert Array to String Trace : /usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:45:in `match' /usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:45:in `from_header' /usr/share/wpscan/lib/common/collections/wp_plugins/detectable.rb:23:in `passive_detection' ./wpscan.rb:173:in `main' ./wpscan.rb:327:in `<main>' root@kali-offsec ~$ Latest version in git: root@kali-offsec ~/wpscan$ ./wpscan.rb --url http://192.168.0.18/ 127 ↵ master __ _______ _____ \ \ / / __ \ / ____\| \ \ /\ / /\| \|__) \| (___ ___ __ _ _ __ \ \/ \/ / \| ___/ \___ \ / __\|/ _` \| '_ \ \ /\ / \| \| ____) \| (__\| (_\| \| \| \| \| \/ \/ \|_\| \|_____/ \___\|\__,_\|_\| \|_\| WordPress Security Scanner by the WPScan Team Version v2.1r51ad9bd Sponsored by the RandomStorm Open Source Initiative @_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_ _______________________________________________________________ \| URL: http://192.168.0.18/ \| Started on Mon Oct 7 15:38:20 2013 [!] The WordPress 'http://192.168.0.18/readme.html' file exists [+] Interesting header: SERVER: Microsoft-IIS/7.0 [+] Interesting header: X-POWERED-BY: PHP/5.2.1 [+] Interesting header: X-POWERED-BY: ASP.NET [+] XML-RPC Interface available under http://192.168.0.18/xmlrpc.php [+] WordPress version 3.5.1 identified from meta generator [!] We have identified 8 vulnerabilities from the version number : \| \| * Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure \| * Reference: http://seclists.org/fulldisclosure/2013/Jul/70 \| * Reference: http://osvdb.org/95060 \| \| * Title: WordPress 3.4-3.5.1 DoS in class-phpass.php \| * Reference: http://seclists.org/fulldisclosure/2013/Jun/65 \| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173 \| * Reference: http://secunia.com/advisories/53676 \| * Reference: http://osvdb.org/94235 \| \| * Title: WordPress Multiple XSS \| * Refe rence: http://osvdb.org/94791 \| * Reference: http://osvdb.org/94785 \| * Reference: http://osvdb.org/94786 \| * Reference: http://osvdb.org/94790 \| \| * Title: WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness \| * Reference: http://osvdb.org/94787 \| \| * Title: WordPress File Upload Unspecified Path Disclosure \| * Reference: http://osvdb.org/94788 \| \| * Title: WordPress oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure \| * Reference: http://osvdb.org/94789 \| \| * Title: WordPress Multiple Role Remote Privilege Escalation \| * Reference: http://osvdb.org/94783 \| \| * Title: WordPress HTTP API Unspecified Server Side Request Forgery (SSRF) \| * Reference: http://osvdb.org/94784 [+] The WordPress theme in use is twentyeleven v1.5 \| Name: twentyeleven v1.5 \| Location: http://192.168.0.18/wp-content/themes/twentyeleven/ \| Readme: http://192.168.0.18/wp-content/themes/twentyeleven/readme.txt [+] Enumerating plugins from passive detection ... 1 plugins found : \| Name: front-end-upload v0.5.3 \| Location: http://192.168.0.18/wp-content/plugins/front-end-upload/ \| Readme: http://192.168.0.18/wp-content/plugins/front-end-upload/readme.txt \| \| * Title: Front End Upload 0.5.3 Arbitrary File Upload \| * Reference: http://www.exploit-db.com/exploits/19008/ \| \| * Title: Front End Upload v0.5.4 Arbitrary PHP File Upload \| * Reference: http://www.exploit-db.com/exploits/20083/ [+] Finished at Mon Oct 7 15:38:32 2013 [+] Memory Used: 3.566 MB [+] Elapsed time: 00:00:12 Exiting! root@kali-offsec ~/wpscan$

Date Modified	Username	Field	Change
2013-10-07 14:38	g0tmi1k	New Issue
2013-10-31 16:00	dookie	Note Added: 0001050
2013-10-31 16:00	dookie	Status	new => resolved
2013-10-31 16:00	dookie	Fixed in Version	=> 1.0.6
2013-10-31 16:00	dookie	Resolution	open => fixed
2013-10-31 16:00	dookie	Assigned To	=> dookie
2021-05-31 13:37	rhertzog	Category	Tool Upgrade => Tool Upgrade Request