garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wpscanteam/wpscan

Browse Source
This commit is contained in:
ethicalhack3r
2013-10-22 22:47:30 +02:00
parent 29f340ae21 35a75739e6
commit 5c4ce81793
5 changed files with 186 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
data/plugin_vulns.xml
View File

@@ -869,6 +869,16 @@
</vulnerability>
</plugin>
<plugin name="wp-image-resizer">
<vulnerability>
<title>Image Resizer - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/123651/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-levoslideshow">
<vulnerability>
<title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
@@ -4774,13 +4784,20 @@
<plugin name="woocommerce">
<vulnerability>
<title>WooCommerce - index.php calc_shipping_state Parameter XSS</title>
<title>WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS</title>
<references>
<osvdb>95480</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.13</fixed_in>
</vulnerability>
<vulnerability>
<title>WooCommerce 2.0.17 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/123684/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce-predictive-search">
@@ -6500,11 +6517,23 @@
<plugin name="antivirus">
<vulnerability>
<title>AntiVirus - FPD and Security bypass vulnerabilities</title>
<title>AntiVirus 1.0 - PHP Backdoor Detection Bypass</title>
<references>
<osvdb>95134</osvdb>
<url>http://packetstormsecurity.com/files/121833/</url>
<url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
</references>
<type>MULTI</type>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure</title>
<references>
<osvdb>95135</osvdb>
<url>http://packetstormsecurity.com/files/121833/</url>
<url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
</references>
<type>FPD</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
@@ -6859,16 +6888,17 @@
<plugin name="all-in-one-seo-pack">
<vulnerability>
<title>All in One SEO Pack &lt;= 2.3.0 - XSS Vulnerability</title>
<title>All in One SEO Pack &lt;= 2.0.3 - XSS Vulnerability</title>
<references>
<osvdb>98023</osvdb>
<cve>2013-5988</cve>
<url>http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html</url>
<url>http://packetstormsecurity.com/files/123490/</url>
<url>http://www.securityfocus.com/bid/62784</url>
<url>http://seclists.org/bugtraq/2013/Oct/8</url>
<secunia>55133</secunia>
</references>
<fixed_in>2.3.0.1</fixed_in>
<fixed_in>2.0.3.1</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -6990,8 +7020,9 @@
<plugin name="nospampti">
<vulnerability>
<title>NOSpamPTI 2.1 - Blind SQL Injection</title>
<title>NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection</title>
<references>
<osvdb>97528</osvdb>
<exploitdb>28485</exploitdb>
<cve>2013-5917</cve>
<url>http://packetstormsecurity.com/files/123331/</url>
@@ -7101,6 +7132,18 @@
</vulnerability>
</plugin>
<plugin name="quick-paypal-payments">
<vulnerability>
<title>Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS</title>
<references>
<osvdb>98715</osvdb>
<secunia>55292</secunia>
<url>http://packetstormsecurity.com/files/123662/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="email-newsletter">
<vulnerability>
<title>Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability</title>
@@ -7252,6 +7295,7 @@
<cve>2013-5977</cve>
<exploitdb>28959</exploitdb>
<secunia>55265</secunia>
<url>http://packetstormsecurity.com/files/123587/</url>
</references>
<type>CSRF</type>
<fixed_in>1.5.1.15</fixed_in>
@@ -7262,6 +7306,7 @@
<osvdb>98353</osvdb>
<cve>2013-5978</cve>
<exploitdb>28959</exploitdb>
<url>http://packetstormsecurity.com/files/123587/</url>
</references>
<type>XSS</type>
<fixed_in>1.5.1.15</fixed_in>
@@ -7352,4 +7397,75 @@
</vulnerability>
</plugin>
<plugin name="finalist">
<vulnerability>
<title>Finalist - /wp-content/plugins/finalist/vote.php id Parameter Reflected XSS</title>
<references>
<osvdb>98665</osvdb>
<url>http://packetstormsecurity.com/files/123597/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dexs-pm-system">
<vulnerability>
<title>Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS</title>
<references>
<osvdb>98668</osvdb>
<secunia>55296</secunia>
<exploitdb>28970</exploitdb>
<url>http://www.securityfocus.com/bid/63021</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="video-metabox">
<vulnerability>
<title>Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure</title>
<references>
<osvdb>98641</osvdb>
<secunia>55257</secunia>
<url>http://www.securityfocus.com/bid/63172</url>
<url>http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/</url>
</references>
<type>XSS</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-realty">
<vulnerability>
<title>Wordpress - wp-realty - MySQL Time Based Injection</title>
<references>
<exploitdb>29021</exploitdb>
<url>http://www.exploit-db.com/exploits/29021/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="feed">
<vulnerability>
<title>Feed - news_dt.php nid Parameter SQL Injection</title>
<references>
<osvdb>94804</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="social-sharing-toolkit">
<vulnerability>
<title>Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF</title>
<references>
<osvdb>98717</osvdb>
<cve>2013-2701</cve>
<secunia>52951</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
</vulnerabilities>

12
data/theme_vulns.xml
View File

@@ -1729,4 +1729,16 @@
</vulnerability>
</theme>
<theme name="Caulk">
<vulnerability>
<title>Caulk - path disclosure vulnerability.</title>
<references>
<osvdb>96723</osvdb>
<secunia>54662</secunia>
<url>http://packetstormsecurity.com/files/120632/</url>
</references>
<type>FPD</type>
</vulnerability>
</theme>
</vulnerabilities>

4
lib/common/collections/wp_plugins/detectable.rb
View File

@@ -64,6 +64,10 @@ class WpPlugins < WpItems
wp_plugins.add('wp-super-cache') if body =~ /wp-super-cache/i
wp_plugins.add('w3-total-cache') if body =~ /w3 total cache/i
if body =~ /<!-- all in one seo pack ([^\s]+)/i
wp_plugins.add('all-in-one-seo-pack', version: $1)
end
wp_plugins
end

10
lib/wpstools/plugins/stats/stats_plugin.rb
View File

@@ -14,8 +14,10 @@ class StatsPlugin < Plugin
if options[:stats]
puts 'Wpscan Databse Statistics:'
puts '--------------------------'
puts "[#] Total vulnerable versions: #{vuln_core_count}"
puts "[#] Total vulnerable plugins: #{vuln_plugin_count}"
puts "[#] Total vulnerable themes: #{vuln_theme_count}"
puts "[#] Total version vulnerabilities: #{version_vulns_count}"
puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}"
puts "[#] Total theme vulnerabilities: #{theme_vulns_count}"
puts "[#] Total plugins to enumerate: #{total_plugins}"
@@ -24,6 +26,10 @@ class StatsPlugin < Plugin
end
end
def vuln_core_count(file=WP_VULNS_FILE)
xml(file).xpath('count(//wordpress)').to_i
end
def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
xml(file).xpath('count(//plugin)').to_i
end
@@ -32,6 +38,10 @@ class StatsPlugin < Plugin
xml(file).xpath('count(//theme)').to_i
end
def version_vulns_count(file=WP_VULNS_FILE)
xml(file).xpath('count(//vulnerability)').to_i
end
def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
xml(file).xpath('count(//vulnerability)').to_i
end

39
spec/lib/common/collections/wp_plugins/detectable_spec.rb
View File

@@ -63,7 +63,44 @@ describe 'WpPlugins::Detectable' do
end
describe '::from_content' do
# TODO
context 'when no body' do
it 'returns an empty WpPlugins' do
stub_request(:get, url).to_return(status: 200, body: '')
subject.send(:from_content, wp_target).should == subject.new
end
end
context 'when body' do
@body = ''
let(:expected) { subject.new(wp_target) }
after :each do
stub_request(:get, url).to_return(status: 200, body: @body)
stub_request(:get, /readme\.txt/i).to_return(status: 404)
subject.send(:from_content, wp_target).should == expected
end
context 'when w3 total cache detected' do
it 'returns the w3-total-cache' do
@body = 'w3 total cache'
expected.add('w3-total-cache')
end
end
context 'when wp-super-cache detected' do
it 'returns the wp-super-cache' do
@body = 'wp-super-cache'
expected.add('wp-super-cache')
end
end
context 'when all-in-one-seo-pack detected' do
it 'returns the all-in-one-seo-pack' do
@body = '<!-- All in One SEO Pack 2.0.3.1 by Michael Torbert of Semper Fi Web Design[300,342] -->'
expected.add('all-in-one-seo-pack', version: '2.0.3.1')
end
end
end
end
describe '::passive_detection' do