garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WPScan files

Browse Source
This commit is contained in:
ethicalhack3r
2012-07-11 22:49:18 +02:00
parent 6da2da90f7
commit 3d78cbc4ac
190 changed files with 43701 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/malwares.txt Normal file
View File

@@ -0,0 +1,3 @@
http://.*.rr.nu
http://www.thesea.org/media.php

2241
data/plugin_vulns.xml Normal file
View File

File diff suppressed because it is too large Load Diff

2716
data/plugins.txt Normal file
View File

File diff suppressed because it is too large Load Diff

2447
data/timthumbs.txt Normal file
View File

File diff suppressed because it is too large Load Diff

865
data/wp_theme_vulns.xml Normal file
View File

@@ -0,0 +1,865 @@
<?xml version="1.0"?>
<!--
WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
This file contains vulnerabilities associated with WordPress themes.
TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS"]
-->
<themes>
<theme name="famous">
<vulnerability>
<title>WordPress Famous Theme 2.0.5 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113842/</reference>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="deep-blue">
<vulnerability>
<title>WordPress Deep-Blue Theme 1.9.2 Arbitrary File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113843/</reference>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="classipress">
<vulnerability>
<title>WordPress Classipress Theme &lt;= 3.1.4 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/18053/</reference>
<type>XSS</type>
</vulnerability>
</theme>
<theme name="merchant">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="smpl">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="drawar">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="sentient">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="whitelight">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="unsigned">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="shelflife">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="olya">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="sliding">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="beveled">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="empire-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="buro-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="briefed-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="wikeasi">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="currents">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="emporium">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="biznizz-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="kaboodle-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="inspire-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="teamster">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="argentum">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="statua-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="simplicity-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="canvas-commerce">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="wootique">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="woostore">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="coquette">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="buro">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="swatch">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="announcement">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="empire">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="supportpress">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="editorial">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="statua">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="briefed">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="faultpress">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="kaboodle">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="savinggrace">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="premiere">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="simplicity">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="deliciousmagazine">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="bookclub">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="boldnews">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="placeholder">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="biznizz">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="auld">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="listings">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="elefolio">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="chapters">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="continuum">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="diner">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="skeptical">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="caffeinated">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="crisp">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="sealight">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="estate">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="tma">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="coda">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="inspire">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="apz">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="spectrum">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="diarise">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="boast">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="retreat">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="cityguide">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="canvas">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="postcard">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="delegate">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="mystream">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="optimize">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="backstage">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="bueno">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="digitalfarm">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="headlines">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="therapy">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="rockstar">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="dailyedition">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="object">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="coffeebreak">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="mainstream">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="featurepitch">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="thejournal">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="aperture">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="metamorphosis">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="bloggingstream">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="thestation">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="groovyvideo">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="irresistible">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="cushy">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="wootube">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="abstract">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="busybee">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="blogtheme">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="typebased">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="overeasy">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="snapshot">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="openair">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="freshnews">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="livewire">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="flashnews">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="gazette">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="premiumnews">
<vulnerability>
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
<reference>https://gist.github.com/2523147</reference>
<type>RCE</type>
</vulnerability>
</theme>
</themes>

232
data/wp_versions.xml Normal file
View File

@@ -0,0 +1,232 @@
<?xml version="1.0"?>
<!--
WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
<!--
This file contains identification data to identify WordPress verions.
http://wordpress.org/download/release-archive/
Position is important, DO NOT change anything unless you know what you are doing :p
-->
<wp-versions>
<file src="wp-includes/js/customize-preview.js">
<hash md5="617d9fd858e117c7d1d087be168b5643">
<score>1</score>
<versions>3.4.1</versions>
</hash>
<hash md5="da36bc2dfcb13350c799b62de68dfa4b">
<score>1</score>
<versions>3.4</versions>
</hash>
<hash md5="a8a259fc5197a78ffe62d6be38dc52f8">
<score>1</score>
<versions>3.4-beta4</versions>
</hash>
</file>
<file src="wp-includes/js/plupload/plupload.js">
<hash md5="85199c05db63fcb5880de4af8be7b571">
<score>1</score>
<versions>3.3.2</versions>
</hash>
</file>
<file src="$wp-content$/themes/twentyeleven/style.css">
<!-- same md5 for 3.3.2 -->
<hash md5="030d3bac906ba69e9fbc99c5bac54a8e">
<score>1</score>
<versions>3.3.1</versions>
</hash>
</file>
<file src="wp-admin/js/wp-fullscreen.js">
<hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
<score>1</score>
<versions>3.2.1</versions>
</hash>
<hash md5="7b423e0b7c9221092737ad5271d09863">
<score>1</score>
<versions>3.2</versions>
</hash>
</file>
<file src="wp-admin/js/common.js">
<hash md5="4516252d47a73630280869994d510180">
<score>1</score>
<versions>3.3</versions>
</hash>
</file>
<file src="wp-includes/css/admin-bar.css">
<hash md5="181250fab3a7e2549a7e7fa21c2e6079">
<score>1</score>
<versions>3.1</versions>
</hash>
</file>
<file src="$wp-content$/themes/twentyten/style.css">
<hash md5="6211e2ac1463bf99e98f28ab63e47c54">
<score>1</score>
<versions>3.0</versions>
</hash>
</file>
<file src="$wp-plugins$/akismet/readme.txt">
<hash md5="4d5e52da417aa0101054bd41e6243389">
<score>1</score>
<versions>2.8.6</versions>
</hash>
<hash md5="58e086dea9d24ed074fe84ba87386c69">
<score>1</score>
<versions>2.8.5</versions>
</hash>
<hash md5="48c52025b5f28731e9a0c864c189c2e7">
<score>1</score>
<versions>2.8.2</versions>
</hash>
</file>
<file src="wp-includes/js/wp-ajax-response.js">
<hash md5="0289d1c13821599764774d55516ab81a">
<score>1</score>
<versions>2.7.1</versions>
</hash>
</file>
<file src="wp-includes/js/thickbox/thickbox.css">
<hash md5="9c2bd2be0893adbe02a0f864526734c2">
<score>1</score>
<versions>2.7</versions>
</hash>
</file>
<file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
<hash md5="5b140ddf0f08034402ae78b31d8a1a28">
<score>1</score>
<versions>2.6</versions>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
<hash md5="088245408531c58bb52cc092294cc384">
<score>1</score>
<versions>2.5.1</versions>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
<hash md5="19c6f3118728c38eb7779aab4847d2d9">
<score>1</score>
<versions>2.5</versions>
</hash>
</file>
<file src="wp-includes/js/wp-ajax.js">
<hash md5="c5dbce0c3232c477033e0ce486c62755">
<score>1</score>
<versions>2.2</versions>
</hash>
</file>
<file src="$wp-content$/themes/default/style.css">
<hash md5="e44545f529a54de88209ce588676231c">
<score>1</score>
<versions>2.0.1</versions>
</hash>
<hash md5="f786f66d3a40846aa22dcdfeb44fa562">
<score>1</score>
<versions>2.0</versions>
</hash>
</file>
<file src="wp-layout.css">
<hash md5="7140e06c00ed03d2bb3dad7672557510">
<score>1</score>
<versions>1.2.1</versions>
</hash>
<hash md5="1bcc9253506c067eb130c9fc4f211a2f">
<score>1</score>
<versions>1.2-delta</versions>
</hash>
</file>
<file src="layout2b.css">
<hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
<score>1</score>
<versions>0.71-gold</versions>
</hash>
</file>
</wp-versions>

211
data/wp_vulns.xml Normal file
View File

@@ -0,0 +1,211 @@
<?xml version="1.0"?>
<!--
WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
This file contains vulnerabilities associated with WordPress verions.
-->
<vulnerabilities>
<wordpress version="3.4-beta4">
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18791/</reference>
</vulnerability>
</wordpress>
<wordpress version="3.3.2">
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18791/</reference>
</vulnerability>
<vulnerability>
<title>WordPress 3.3.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/113254</reference>
</vulnerability>
</wordpress>
<wordpress version="3.3.1">
<vulnerability>
<title>Multiple vulnerabilities including XSS and Privilege Escalation</title>
<reference>http://wordpress.org/news/2012/04/wordpress-3-3-2/</reference>
</vulnerability>
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18791/</reference>
</vulnerability>
</wordpress>
<wordpress version="3.3">
<vulnerability>
<title>Reflected Cross-Site Scripting in WordPress 3.3</title>
<reference>http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html</reference>
</vulnerability>
</wordpress>
<wordpress version="3.1.3">
<vulnerability>
<title>Multiple SQL Injection Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/17465/</reference>
</vulnerability>
</wordpress>
<wordpress version="3.1.2">
<vulnerability>
<title>Wordpress &lt;= 3.1.2 Clickjacking Vulnerability</title>
<reference>http://seclists.org/fulldisclosure/2011/Sep/219</reference>
</vulnerability>
</wordpress>
<wordpress version="3.0.3">
<vulnerability>
<title>SQL injection vulnerability in do_trackbacks() Wordpress function</title>
<reference>http://www.exploit-db.com/exploits/15684/</reference>
</vulnerability>
<vulnerability>
<title>Wordpress 3.0.3 stored XSS IE7,6 NS8.1</title>
<reference>http://www.exploit-db.com/exploits/15858/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.9">
<vulnerability>
<title>WordPress 2.9 Failure to Restrict URL Access</title>
<reference>http://www.exploit-db.com/exploits/11441/</reference>
</vulnerability>
<vulnerability>
<title>Wordpress DOS &lt;= 2.9</title>
<reference>http://www.exploit-db.com/exploits/11441/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.8.5">
<vulnerability>
<title>WordPress &lt;= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution</title>
<reference>http://www.exploit-db.com/exploits/10089/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.8.3">
<vulnerability>
<title>Wordpress &lt;= 2.8.3 Remote Admin Reset Password Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9410/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.8.1">
<vulnerability>
<title>Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit</title>
<reference>http://www.exploit-db.com/exploits/9250/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.7.1">
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/10088/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.6.1">
<vulnerability>
<title>Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit</title>
<reference>http://www.exploit-db.com/exploits/6421/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.3.1">
<vulnerability>
<title>Wordpress &lt;= 2.3.1 Charset Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4721/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.2">
<vulnerability>
<title>WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit</title>
<reference>http://www.exploit-db.com/exploits/4113/</reference>
</vulnerability>
<vulnerability>
<title>Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/4039/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.1.3">
<vulnerability>
<title>Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit</title>
<reference>http://www.exploit-db.com/exploits/3960/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.1.2">
<vulnerability>
<title>Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/3656/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.0.6">
<vulnerability>
<title>Wordpress &lt;= 2.0.6 wp-trackback.php Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/3109/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.0.5">
<vulnerability>
<title>Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/3095/</reference>
</vulnerability>
</wordpress>
<wordpress version="2.0.2">
<vulnerability>
<title>WordPress &lt;= 2.0.2 (cache) Remote Shell Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/6/</reference>
</vulnerability>
</wordpress>
<wordpress version="1.5.1.3">
<vulnerability>
<title>Wordpress &lt;= 1.5.1.3 Remote Code Execution eXploit (metasploit)</title>
<reference>http://www.exploit-db.com/exploits/1145/</reference>
</vulnerability>
</wordpress>
<wordpress version="1.5.1.2">
<vulnerability>
<title>Wordpress &lt;= 1.5.1.2 xmlrpc Interface SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/1077/</reference>
</vulnerability>
</wordpress>
<wordpress version="1.5.1.1">
<vulnerability>
<title>WordPress &lt;= 1.5.1.1 &quot;add new admin&quot; SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/1059/</reference>
</vulnerability>
<vulnerability>
<title>WordPress &lt;= 1.5.1.1 SQL Injection Exploit </title>
<reference>http://www.exploit-db.com/exploits/1033/</reference>
</vulnerability>
</wordpress>
</vulnerabilities>