WPScan files
This commit is contained in:
ethicalhack3r
85
CHANGELOG
Normal file
85
CHANGELOG
Normal file
@@ -0,0 +1,85 @@
|
||||
# WPScan Changelog
|
||||
|
||||
Version 1.1 - Released 25.11.2011
|
||||
|
||||
Added a few plugin vulns to the database
|
||||
Fix for issue 54
|
||||
CREDITS file update
|
||||
Fix for Issue 51.
|
||||
Moved the uniq! method in generate_plugin_list
|
||||
SVN output redirected to /dev/null
|
||||
Added 2 new plugin vulns
|
||||
Added Clickdesk Live Chat Support XSS vuln
|
||||
Improved non responsive server method
|
||||
Improved update class to hide STDERR when there is no outbound conn
|
||||
Added adminimize plugin XSS.
|
||||
Fix for Issue 57, slight amendment.
|
||||
Fix for Issue 57
|
||||
Fix for Issue 50 (redirect)
|
||||
Added advanced-text-widget XSS vuln
|
||||
Added XSS vuln in all versions of WP-Cumulus
|
||||
Typo in bruter
|
||||
Couple of output changes + removal of flash gallery plugin duplicate
|
||||
Implemented version scrapping from RSS feed
|
||||
Issue 50
|
||||
Issue 50 fix
|
||||
404 checking on plugin detection implemented
|
||||
Full Path Disclosure (FPD) check added.
|
||||
timthumb.txt file uniqued by michee08
|
||||
Added Miche08 to credits
|
||||
Added new SQLI vulnerability in adrotate plugin
|
||||
Fixed bug where theme name needed URL encoding before being used in the timthumb method.
|
||||
Fix for issue 48. Not tested.
|
||||
Added new Zingiri Web Shop RCE vulnerability
|
||||
Fix for issue 48. Not tested.
|
||||
Cleaned up plugin enum output a little
|
||||
Output improvements, method name improvements
|
||||
GPL code changed for future YARD documentayion
|
||||
improved user input handling
|
||||
Improved error_log file detection
|
||||
Improved the timthumb method slightly
|
||||
Amended contribution from tripmonster
|
||||
Added contribution from tripmonster
|
||||
Moved update code under the banner so that it shows during an update
|
||||
Moved update code to run before anything
|
||||
Fixed a bug in wordpress detection
|
||||
Added timthumb reference, not everyone will know what timthumb is...
|
||||
small typo
|
||||
better timthumb discovery
|
||||
timthumb enumeration checks added
|
||||
Fix for issue 44 and updates to auto-update
|
||||
Commented update class
|
||||
Forgot to add class file
|
||||
Auto updating implemented
|
||||
Fix for issue 43
|
||||
Added 4 new SQLI and 1 RCE from ExploitDB
|
||||
Issue 39 tested and working
|
||||
Some work on issue 39
|
||||
Exploitation refactoring
|
||||
Fix for issue 31
|
||||
Fix for issue 34
|
||||
Bug with when session is 1
|
||||
Meterpreter interaction working
|
||||
Further work on metasploit intergration
|
||||
Some functionality of exploitation through MSFRPC implemented. NOT FINISHED
|
||||
type, uri and postdata XML tags added to all RFI vulns
|
||||
Output tweaking
|
||||
MSFRPC + WPSCAN XMLRPC CLIENT WORKING WITH ADDITIONAL METHODS
|
||||
XMLRPC Client in a working state
|
||||
Added WordPress AdRotate plugin <= 3.6.5 SQL Injection Vulnerability to vuln library
|
||||
MSF XMLRPC CLIENT PoC (NOT WORKING YET)
|
||||
Some slight output tidying up
|
||||
Added 3.1.2 Clickjacking Vulnerability
|
||||
Added a ton of new plugin vulns discovered by Ben Schmidt (@_supernothing)
|
||||
Addedd 2 new plugin vulns: Count per Day <= 2.17 and Filedownload 0.1
|
||||
Added Gianluca to CREDITS file
|
||||
Issue 25: patched plugin_vulns.xml
|
||||
removed WP 3.0.4 common_post_ID Blind SQLi false positive
|
||||
added 1-flash-gallery plugin vuln
|
||||
version update
|
||||
discover.advanced_version_fingerprinting method imeplemented
|
||||
Issue 23: Patch for /trunk/data/plugin_vulns.xml
|
||||
some small amendments
|
||||
wp versions file initial commit with only scores of 1
|
||||
updated published plugin vulns
|
||||
progress indicators
|
||||
Reference in New Issue
Block a user