garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #357 from pvdl/vulns

Browse Source 
Update WordPress Vulnerabilities and some code cleaning
This commit is contained in:
erwanlr
2013-11-06 13:05:25 -08:00
parent 01c45afa10 843f783a7a
commit 58ebf4786d
3 changed files with 118 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
data/plugin_vulns.xml
View File

@@ -5,7 +5,7 @@
<plugin name="content-slide">
<vulnerability>
<title>Content Slide &lt;=1.4.2 - Cross Site Requst Forgery Vulnerability</title>
<title>Content Slide &lt;= 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
<references>
<osvdb>93871</osvdb>
<cve>2013-2708</cve>
@@ -123,8 +123,7 @@
<title>Crayon Syntax Highlighter - Remote File Inclusion Vulnerability</title>
<references>
<secunia>50804</secunia>
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
</url>
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</url>
</references>
<type>RFI</type>
<fixed_in>1.13</fixed_in>
@@ -152,7 +151,7 @@
<plugin name="thanks-you-counter-button">
<vulnerability>
<title>Thank You Counter Button &lt;=1.8.2 - XSS</title>
<title>Thank You Counter Button &lt;= 1.8.2 - XSS</title>
<references>
<secunia>50977</secunia>
</references>
@@ -163,7 +162,7 @@
<plugin name="bookings">
<vulnerability>
<title>Bookings &lt;=1.8.2 - XSS</title>
<title>Bookings &lt;= 1.8.2 - XSS</title>
<references>
<secunia>50975</secunia>
</references>
@@ -174,7 +173,7 @@
<plugin name="cimy-user-manager">
<vulnerability>
<title>Cimy User Manager &lt;=1.4.2 - Arbitrary File Disclosure</title>
<title>Cimy User Manager &lt;= 1.4.2 - Arbitrary File Disclosure</title>
<references>
<secunia>50834</secunia>
<url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
@@ -197,9 +196,7 @@
<title>FireStorm Professional Real Estate - Multiple SQL Injection</title>
<references>
<secunia>50873</secunia>
<url>
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
</url>
<url>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</url>
</references>
<type>SQLI</type>
<fixed_in>2.06.03</fixed_in>
@@ -208,7 +205,7 @@
<plugin name="wp125">
<vulnerability>
<title>WP125 &lt;=1.4.4 - Multiple XSS</title>
<title>WP125 &lt;= 1.4.4 - Multiple XSS</title>
<references>
<secunia>50976</secunia>
</references>
@@ -216,7 +213,7 @@
<fixed_in>1.4.5</fixed_in>
</vulnerability>
<vulnerability>
<title>WP125 &lt;=1.4.9 - CSRF</title>
<title>WP125 &lt;= 1.4.9 - CSRF</title>
<references>
<osvdb>92113</osvdb>
<cve>2013-2700</cve>
@@ -290,8 +287,7 @@
<secunia>50832</secunia>
<url>http://www.securityfocus.com/bid/57133</url>
<url>http://packetstormsecurity.com/files/119329/</url>
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
</url>
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</url>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
</references>
<type>UNKNOWN</type>
@@ -551,9 +547,7 @@
<title>Asset Manager - upload.php Arbitrary Code Execution</title>
<references>
<osvdb>82653</osvdb>
<url>
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
</url>
<url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</url>
<url>http://packetstormsecurity.com/files/113285/</url>
<url>http://xforce.iss.net/xforce/xfdb/80823</url>
</references>
@@ -676,7 +670,7 @@
<vulnerability>
<title>powerzoomer - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20253</url>
<url>http://1337day.com/exploit/20253</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -754,7 +748,7 @@
<vulnerability>
<title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20255</url>
<url>http://1337day.com/exploit/20255</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -840,7 +834,7 @@
<vulnerability>
<title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20260</url>
<url>http://1337day.com/exploit/20260</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -857,7 +851,7 @@
<vulnerability>
<title>wp-image-news-slider - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20259</url>
<url>http://1337day.com/exploit/20259</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -892,7 +886,7 @@
<vulnerability>
<title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20250</url>
<url>http://1337day.com/exploit/20250</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -919,7 +913,7 @@
<vulnerability>
<title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20252</url>
<url>http://1337day.com/exploit/20252</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -936,7 +930,7 @@
<vulnerability>
<title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20261</url>
<url>http://1337day.com/exploit/20261</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -1022,7 +1016,7 @@
<vulnerability>
<title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60079/info</url>
<url>http://www.securityfocus.com/bid/60079</url>
</references>
<type>MULTI</type>
</vulnerability>
@@ -1088,9 +1082,7 @@
<vulnerability>
<title>ABtest - Directory Traversal</title>
<references>
<url>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
</url>
<url>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
@@ -1695,7 +1687,7 @@
<plugin name="wp-property">
<vulnerability>
<title>WP Property &lt;=1.35.0 - Arbitrary File Upload</title>
<title>WP Property &lt;= 1.35.0 - Arbitrary File Upload</title>
<references>
<exploitdb>18987</exploitdb>
<exploitdb>23651</exploitdb>
@@ -2387,7 +2379,7 @@
<vulnerability>
<title>WP Cycle Playlist - Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploits/17396</url>
<url>http://1337day.com/exploit/17396</url>
</references>
<type>MULTI</type>
</vulnerability>
@@ -2456,7 +2448,7 @@
<vulnerability>
<title>WP-AutoYoutube &lt;= 0.1 - Blind SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploits/17368</url>
<url>http://1337day.com/exploit/17368</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -2739,7 +2731,7 @@
<plugin name="is-human">
<vulnerability>
<title>Is-human &lt;=1.4.2 - Remote Command Execution Vulnerability</title>
<title>Is-human &lt;= 1.4.2 - Remote Command Execution Vulnerability</title>
<references>
<exploitdb>17299</exploitdb>
</references>
@@ -4591,9 +4583,7 @@
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
<url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
</references>
<type>RCE</type>
@@ -4664,7 +4654,7 @@
<title>ipfeuilledechou - SQL Injection Vulnerability</title>
<references>
<url>http://www.exploit4arab.com/exploits/377</url>
<url>http://1337day.com/exploits/20206</url>
<url>http://1337day.com/exploit/20206</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -4771,7 +4761,7 @@
<title>Developer Formatter - CSRF and XSS Vulnerability</title>
<references>
<url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
<url>http://1337day.com/exploits/20210</url>
<url>http://1337day.com/exploit/20210</url>
<secunia>51912</secunia>
</references>
<type>MULTI</type>
@@ -5299,7 +5289,7 @@
<vulnerability>
<title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20251</url>
<url>http://1337day.com/exploit/20251</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -5309,7 +5299,7 @@
<vulnerability>
<title>accordion - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20254</url>
<url>http://1337day.com/exploit/20254</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -5319,7 +5309,7 @@
<vulnerability>
<title>wp-catpro - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20256</url>
<url>http://1337day.com/exploit/20256</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -5372,7 +5362,7 @@
<vulnerability>
<title>p1m media manager - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20270</url>
<url>http://1337day.com/exploit/20270</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -5412,7 +5402,7 @@
<vulnerability>
<title>ForumConverter - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20275</url>
<url>http://1337day.com/exploit/20275</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -5422,7 +5412,7 @@
<vulnerability>
<title>Newsletter - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20287</url>
<url>http://1337day.com/exploit/20287</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -5542,7 +5532,7 @@
<vulnerability>
<title>Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection</title>
<references>
<url>http://1337day.com/exploits/20433</url>
<url>http://1337day.com/exploit/20433</url>
</references>
<type>MULTI</type>
</vulnerability>
@@ -5962,8 +5952,7 @@
<title>WP-Banners-Lite - XSS vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</url>
</references>
<type>XSS</type>
</vulnerability>
@@ -6344,7 +6333,7 @@
<plugin name="wp-print-friendly">
<vulnerability>
<title>WP Print Friendly &lt;=0.5.2 - Security Bypass Vulnerability</title>
<title>WP Print Friendly &lt;= 0.5.2 - Security Bypass Vulnerability</title>
<references>
<osvdb>93243</osvdb>
<secunia>53371</secunia>

82
data/theme_vulns.xml
View File

@@ -1827,6 +1827,7 @@
<osvdb>98927</osvdb>
<exploitdb>29068</exploitdb>
<url>http://www.securityfocus.com/bid/63306</url>
<url>http://1337day.com/exploit/21442</url>
<url>http://themeforest.net/item/area53-a-responsive-html5-wordpress-theme/2538737</url>
</references>
<type>RCE</type>
@@ -1903,6 +1904,7 @@
<title>Saico - Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>29150</exploitdb>
<url>http://1337day.com/exploit/21440</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -1928,4 +1930,84 @@
</vulnerability>
</theme>
<theme name="anthology">
<vulnerability>
<title>Anthology - Remote File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21460</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="amoveo">
<vulnerability>
<title>Amoveo - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21451</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="switchblade">
<vulnerability>
<title>Switchblade - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21457</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="magnitudo">
<vulnerability>
<title>Magnitudo - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21457</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="ghost">
<vulnerability>
<title>Ghost - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21416</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="RightNow">
<vulnerability>
<title>Right Now - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21420</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="ColdFusion">
<vulnerability>
<title>Cold Fusion - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21431</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="chameleon">
<vulnerability>
<title>Chameleon - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21449</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
</vulnerabilities>

2
lib/common/models/wp_version/output.rb
View File

@@ -10,7 +10,7 @@ class WpVersion < WpItem
unless vulnerabilities.empty?
puts
puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number:"
puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number:"
vulnerabilities.output
end