From d657c4d4b3364d413b423999785952eb02abecab Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Wed, 16 Oct 2013 22:54:28 +0200 Subject: [PATCH 01/17] Update plugin_vulns.xml --- data/plugin_vulns.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index b9d595cb..2096ae90 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7352,4 +7352,25 @@ + + + Finalist - Cross Site Scripting + + http://packetstormsecurity.com/files/123597/ + + XSS + + + + + + Dexs PM System Cross Site Scripting + + 28970 + http://packetstormsecurity.com/files/123634/ + + XSS + + + From d35b83518edc99fe80afd98b342240b177c930a6 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Wed, 16 Oct 2013 23:09:12 +0200 Subject: [PATCH 02/17] Vuln. found by securityundefined.com --- data/plugin_vulns.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 2096ae90..f874be41 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7373,4 +7373,15 @@ + + + Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure + + http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/ + + XSS + 1.1.1 + + + From 68698847f881fd1fd62e8a9a24b40166fc050cbc Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Thu, 17 Oct 2013 15:36:19 +0200 Subject: [PATCH 03/17] Update theme_vulns.xml --- data/theme_vulns.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml index 7270face..85bbfb33 100644 --- a/data/theme_vulns.xml +++ b/data/theme_vulns.xml @@ -1729,4 +1729,16 @@ + + + Caulk - path disclosure vulnerability. + + 96723 + 54662 + http://packetstormsecurity.com/files/120632/ + + FPD + + + From 9e2a327ca64a745cf9cbdbafc0f06ac2993146ab Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Thu, 17 Oct 2013 15:47:25 +0200 Subject: [PATCH 04/17] Update plugin_vulns.xml --- data/plugin_vulns.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index f874be41..6a7736bd 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7252,6 +7252,7 @@ 2013-5977 28959 55265 + http://packetstormsecurity.com/files/123587/ CSRF 1.5.1.15 @@ -7262,6 +7263,7 @@ 98353 2013-5978 28959 + http://packetstormsecurity.com/files/123587/ XSS 1.5.1.15 @@ -7377,6 +7379,9 @@ Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure + 98641 + 55257 + http://www.securityfocus.com/bid/63172 http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/ XSS From f5204a7efa60a60d41befd0cc316cdb6607e3e14 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Thu, 17 Oct 2013 21:43:42 +0200 Subject: [PATCH 05/17] Added 'WordPress Version Vulnerability' statistics --- lib/wpstools/plugins/stats/stats_plugin.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/wpstools/plugins/stats/stats_plugin.rb b/lib/wpstools/plugins/stats/stats_plugin.rb index 8232aa6a..ac727ac9 100644 --- a/lib/wpstools/plugins/stats/stats_plugin.rb +++ b/lib/wpstools/plugins/stats/stats_plugin.rb @@ -14,8 +14,10 @@ class StatsPlugin < Plugin if options[:stats] puts 'Wpscan Databse Statistics:' puts '--------------------------' + puts "[#] Total vulnerable versions: #{vuln_core_count}" puts "[#] Total vulnerable plugins: #{vuln_plugin_count}" puts "[#] Total vulnerable themes: #{vuln_theme_count}" + puts "[#] Total version vulnerabilities: #{version_vulns_count}" puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}" puts "[#] Total theme vulnerabilities: #{theme_vulns_count}" puts "[#] Total plugins to enumerate: #{total_plugins}" @@ -24,6 +26,10 @@ class StatsPlugin < Plugin end end + def vuln_core_count(file=WP_VULNS_FILE) + xml(file).xpath('count(//wordpress)').to_i + end + def vuln_plugin_count(file=PLUGINS_VULNS_FILE) xml(file).xpath('count(//plugin)').to_i end @@ -32,6 +38,10 @@ class StatsPlugin < Plugin xml(file).xpath('count(//theme)').to_i end + def version_vulns_count(file=WP_VULNS_FILE) + xml(file).xpath('count(//vulnerability)').to_i + end + def plugin_vulns_count(file=PLUGINS_VULNS_FILE) xml(file).xpath('count(//vulnerability)').to_i end From 52f6de1962de06ad13f4afae9c10a829c039bf3c Mon Sep 17 00:00:00 2001 From: tennc Date: Fri, 18 Oct 2013 08:50:53 +0800 Subject: [PATCH 06/17] Update plugin_vulns.xml Wordpress - wp-realty - MySQL Time Based Injection --- data/plugin_vulns.xml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index f7ec9bb4..81304f31 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7383,10 +7383,23 @@ 55257 http://www.securityfocus.com/bid/63172 http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/ - + XSS 1.1.1 + + + + Wordpress - wp-realty - MySQL Time Based Injection + + 29021 + http://www.exploit-db.com/exploits/29021/ + + Injection + + + From 65e9339740bd6f453e328500f7f5327040718f12 Mon Sep 17 00:00:00 2001 From: tennc Date: Fri, 18 Oct 2013 08:52:13 +0800 Subject: [PATCH 07/17] Update plugin_vulns.xml Wordpress - wp-realty - MySQL Time Based Injection --- data/plugin_vulns.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 81304f31..8b2999d9 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7383,8 +7383,7 @@ 55257 http://www.securityfocus.com/bid/63172 http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/ - + XSS 1.1.1 From 5a7ab231be9de4d944f81594d44c57f1e53e1de1 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Fri, 18 Oct 2013 10:13:54 +0100 Subject: [PATCH 08/17] Fix #325 --- data/plugin_vulns.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 8b2999d9..5e1243fd 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7396,9 +7396,8 @@ 29021 http://www.exploit-db.com/exploits/29021/ - Injection + SQLI - From 2c97f68726178ed9aaab1e56e98fb9d0426b19c8 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 18 Oct 2013 11:16:17 +0200 Subject: [PATCH 09/17] Added OSVDB #94804, #95134, #95135 --- data/plugin_vulns.xml | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 6a7736bd..c03d717f 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -6501,11 +6501,23 @@ - AntiVirus - FPD and Security bypass vulnerabilities + AntiVirus 1.0 - PHP Backdoor Detection Bypass + 95134 + http://packetstormsecurity.com/files/121833/ http://seclists.org/fulldisclosure/2013/Jun/0 - MULTI + UNKNOWN + + + AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure + + 95135 + http://packetstormsecurity.com/files/121833/ + http://seclists.org/fulldisclosure/2013/Jun/0 + + FPD + 1.1 @@ -7389,4 +7401,14 @@ + + + Feed - news_dt.php nid Parameter SQL Injection + + 94804 + + SQLI + + + From 986e3e59608266b03c7b27b40ffe98b6a77846bd Mon Sep 17 00:00:00 2001 From: erwanlr Date: Fri, 18 Oct 2013 10:17:42 +0100 Subject: [PATCH 10/17] all-in-one-seo-pack xss vulnerability updated (correct version + exploit reference) --- data/plugin_vulns.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 5e1243fd..d8883c0c 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -6859,16 +6859,17 @@ - All in One SEO Pack <= 2.3.0 - XSS Vulnerability + All in One SEO Pack <= 2.0.3 - XSS Vulnerability 98023 2013-5988 http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html http://packetstormsecurity.com/files/123490/ http://www.securityfocus.com/bid/62784 + http://seclists.org/bugtraq/2013/Oct/8 55133 - 2.3.0.1 + 2.0.3.1 XSS From 6dee0c7e4b08125bac190cec25c480e194fe567e Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 18 Oct 2013 17:56:50 +0200 Subject: [PATCH 11/17] Added OSVDB #98668 --- data/plugin_vulns.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index c03d717f..e2838b15 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7411,4 +7411,17 @@ + + + Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS + + 98668 + 55296 + 28970 + http://www.securityfocus.com/bid/63021 + + XSS + + + From bf3795bced3b029bea63b2a89f2c5849e03d86a9 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Sat, 19 Oct 2013 13:53:56 +0200 Subject: [PATCH 12/17] Update plugin_vulns.xml --- data/plugin_vulns.xml | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index e2838b15..eb95f2f6 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7378,10 +7378,12 @@ - Dexs PM System Cross Site Scripting + Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS + 98668 + 55296 28970 - http://packetstormsecurity.com/files/123634/ + http://www.securityfocus.com/bid/63021 XSS @@ -7411,17 +7413,4 @@ - - - Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS - - 98668 - 55296 - 28970 - http://www.securityfocus.com/bid/63021 - - XSS - - - From 49883bbc3a50da2119ed39cc1bf08bb8b7c5c0c2 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Sat, 19 Oct 2013 21:27:24 +0200 Subject: [PATCH 13/17] Update plugin_vulns.xml --- data/plugin_vulns.xml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index eb95f2f6..664ebbb4 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7002,8 +7002,9 @@ - NOSpamPTI 2.1 - Blind SQL Injection + NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection + 97528 28485 2013-5917 http://packetstormsecurity.com/files/123331/ @@ -7368,8 +7369,9 @@ - Finalist - Cross Site Scripting + Finalist - /wp-content/plugins/finalist/vote.php id Parameter Reflected XSS + 98665 http://packetstormsecurity.com/files/123597/ XSS From edf2ac481b736091cfc233859c1dfca5e2c7da5c Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Sun, 20 Oct 2013 12:06:21 +0200 Subject: [PATCH 14/17] Update plugin_vulns.xml --- data/plugin_vulns.xml | 53 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 664ebbb4..c6ca89ce 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -870,6 +870,16 @@ + + + Image Resizer - Cross Site Scripting + + http://packetstormsecurity.com/files/123651/ + + XSS + + + wp-levoslideshow - Arbitrary File Upload Vulnerability @@ -4775,13 +4785,20 @@ - WooCommerce - index.php calc_shipping_state Parameter XSS + WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS 95480 XSS 2.0.13 + + WooCommerce 2.0.17 - Cross Site Scripting + + http://packetstormsecurity.com/files/123684/ + + XSS + @@ -7114,6 +7131,18 @@ + + + Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS + + 98715 + 55292 + http://packetstormsecurity.com/files/123662/ + + XSS + + + Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability @@ -7415,4 +7444,26 @@ + + + WP Realty - Blind SQL Injection + + http://packetstormsecurity.com/files/123655/ + + SQLI + + + + + + Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF + + 98717 + 2013-2701 + 52951 + + CSRF + + + From 88611ad3e8160a0eef6509c98f7115cf4f16af3f Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Sun, 20 Oct 2013 12:16:49 +0200 Subject: [PATCH 15/17] Update plugin_vulns.xml --- data/plugin_vulns.xml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index c6ca89ce..8ee9ef4b 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7444,16 +7444,6 @@ - - - WP Realty - Blind SQL Injection - - http://packetstormsecurity.com/files/123655/ - - SQLI - - - Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF From 706774bf611d936a20c71d2567cc7eed79c39a6a Mon Sep 17 00:00:00 2001 From: FireFart Date: Tue, 22 Oct 2013 22:39:23 +0200 Subject: [PATCH 16/17] Add detection for all-in-one-seo-pack Closes issue #332 --- .../collections/wp_plugins/detectable.rb | 4 +++ .../collections/wp_plugins/detectable_spec.rb | 36 ++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/lib/common/collections/wp_plugins/detectable.rb b/lib/common/collections/wp_plugins/detectable.rb index 1c8a5df2..5a3e0ef9 100644 --- a/lib/common/collections/wp_plugins/detectable.rb +++ b/lib/common/collections/wp_plugins/detectable.rb @@ -64,6 +64,10 @@ class WpPlugins < WpItems wp_plugins.add('wp-super-cache') if body =~ /wp-super-cache/i wp_plugins.add('w3-total-cache') if body =~ /w3 total cache/i + if body =~ /' + expected.add('all-in-one-seo-pack', version: '2.0.3.1') + end + end + end end describe '::passive_detection' do From 35a75739e63b2a6e18111723ac2c4b7c71a9f56b Mon Sep 17 00:00:00 2001 From: FireFart Date: Tue, 22 Oct 2013 22:41:26 +0200 Subject: [PATCH 17/17] forgot context (issue #332) --- spec/lib/common/collections/wp_plugins/detectable_spec.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec/lib/common/collections/wp_plugins/detectable_spec.rb b/spec/lib/common/collections/wp_plugins/detectable_spec.rb index 99f6da38..bbc5fecf 100644 --- a/spec/lib/common/collections/wp_plugins/detectable_spec.rb +++ b/spec/lib/common/collections/wp_plugins/detectable_spec.rb @@ -80,10 +80,13 @@ describe 'WpPlugins::Detectable' do subject.send(:from_content, wp_target).should == expected end + context 'when w3 total cache detected' do it 'returns the w3-total-cache' do @body = 'w3 total cache' expected.add('w3-total-cache') end + end + context 'when wp-super-cache detected' do it 'returns the wp-super-cache' do @body = 'wp-super-cache'