garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WpItems, WpPlugins, WpThemes specs

Browse Source
This commit is contained in:
erwanlr
2013-03-29 22:27:43 +01:00
parent 565bfceb49
commit 68876bffb9
34 changed files with 456 additions and 390 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
spec/samples/common/collections/wp_items/detectable/passive_detection.html Normal file
View File

@@ -0,0 +1,51 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="fr-FR">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta property="fb:page_id" content="18968879441564"/>
<title>Example.com</title>
<link rel="alternate" type="application/rss+xml" title="Example RSS Feed" href="http://example.com/feed"/>
<link rel="alternate" type="application/atom+xml" title="Example Atom Feed" href="http://example.com/feed/atom"/>
<link rel="pingback" href="http://example.com/xmlrpc.php"/>
<link rel='stylesheet' href='http://example.com/wp-content/items/link-tag/cache/7f8155a5485bc445ed0adb136722b.css?m=1224763007' type='text/css' media='screen'/>
<script type="text/javascript">
var TB_pluginPath = 'http://www.welovebug.com/wp-content/items/js-source';
var TB_config = {
'widget_show_photos':true,
'widget_show_source':true,
'widget_show_header':true,
'general_link_screen_names':true,
'general_link_hash_tags':true,
'general_link_urls':true,
'widget_check_sources':true,
'widget_show_user':true
}
</script>
<style type="text/css">
#fancybox-loading.fancybox-ie div { background: transparent; filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://example.com/wp-content/items/style-tag/fancybox/fancy_loading.png', sizingMethod='scale'); }
</style>
<script type='text/javascript' src='http://example.com/wp-content/items/script-tag/s2member-o.php?ws_plugin__s2member_js_w_globals=1'></script>
</head>
<body>
<div class="top">
<div class="header">
<h1 class="logo">
Blablabla the following plugin should not match : /wp-content/items/this-plugin-should-not-match/sub.css
</h1>
</div>
</div>
</body>
<script type='text/javascript'>
/* <![CDATA[ */
var pollsL10n = {"ajax_url":"http:\/\/example.com\/wp-content\/items\/escaped-url\/wp-polls.php","text_wait":"Your last request is still being processed. Please wait a while ...","text_valid":"Please choose a valid poll answer.","text_multiple":"Maximum number of choices allowed: ","show_loading":"1","show_fading":"1"};
/* ]]> */
</script>
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=1.0.0'></script>
<!-- a duplicate one -->
<script type='text/javascript' src='http://example.com/wp-content/items/script-tag/s2member-o.php?ws_plugin__s2member_js_w_globals=1'></script>
</html>

3
spec/samples/common/collections/wp_items/detectable/targets.txt Normal file
View File

@@ -0,0 +1,3 @@
item1
item-2
mr-smith

7
spec/samples/common/collections/wp_items/detectable/vulns.xml Normal file
View File

@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed there -->
<vulnerabilities>
<item name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<item name="neo"/>
</vulnerabilities>

19
spec/samples/wpscan/modules/wp_plugins/passive_detection/various_plugins.htm → spec/samples/common/collections/wp_plugins/detectable/passive_detection.html
View File

@@ -7,15 +7,10 @@
<link rel="alternate" type="application/rss+xml" title="Example RSS Feed" href="http://example.com/feed"/>
<link rel="alternate" type="application/atom+xml" title="Example Atom Feed" href="http://example.com/feed/atom"/>
<link rel="pingback" href="http://example.com/xmlrpc.php"/>
<link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/cache/7f8155a5485bc445ed0adb136722b.css?m=1224763007' type='text/css' media='screen'/>
<link rel='stylesheet' href='http://example.com/wp-content/plugins/link-tag/cache/7f8155a5485bc445ed0adb136722b.css?m=1224763007' type='text/css' media='screen'/>
<!-- Start Comment Info Tip Plugin -->
<link type="text/css" rel="stylesheet" href="http://example.com/wp-content/plugins/comment-info-tip/comment-info-tip.css" />
<!-- End Comment Info Tip Plugin -->
<!-- #121 : http://code.google.com/p/wpscan/issues/detail?id=121 -->
<script type="text/javascript">
var TB_pluginPath = 'http://www.welovebug.com/wp-content/plugins/tweet-blender';
var TB_pluginPath = 'http://www.welovebug.com/wp-content/plugins/js-source';
var TB_config = {
'widget_show_photos':true,
'widget_show_source':true,
@@ -27,13 +22,12 @@
'widget_show_user':true
}
</script>
<!-- /#121 -->
<style type="text/css">
#fancybox-loading.fancybox-ie div { background: transparent; filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://example.com/wp-content/plugins/optinpop/fancybox/fancy_loading.png', sizingMethod='scale'); }
#fancybox-loading.fancybox-ie div { background: transparent; filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://example.com/wp-content/plugins/style-tag/fancybox/fancy_loading.png', sizingMethod='scale'); }
</style>
<script type='text/javascript' src='http://example.com/wp-content/plugins/s2member/s2member-o.php?ws_plugin__s2member_js_w_globals=1'></script>
<script type='text/javascript' src='http://example.com/wp-content/plugins/script-tag/s2member-o.php?ws_plugin__s2member_js_w_globals=1'></script>
</head>
<body>
<div class="top">
@@ -47,12 +41,11 @@
<script type='text/javascript'>
/* <![CDATA[ */
var pollsL10n = {"ajax_url":"http:\/\/example.com\/wp-content\/plugins\/wp-polls\/wp-polls.php","text_wait":"Your last request is still being processed. Please wait a while ...","text_valid":"Please choose a valid poll answer.","text_multiple":"Maximum number of choices allowed: ","show_loading":"1","show_fading":"1"};
var pollsL10n = {"ajax_url":"http:\/\/example.com\/wp-content\/plugins\/escaped-url\/wp-polls.php","text_wait":"Your last request is still being processed. Please wait a while ...","text_valid":"Please choose a valid poll answer.","text_multiple":"Maximum number of choices allowed: ","show_loading":"1","show_fading":"1"};
/* ]]> */
</script>
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=1.0.0'></script>
<script type="text/javascript" src="http://example.com/wp-content/plugins/commentluv/js/commentluv.js?ver=3.3.1"></script>
<!-- a duplicate one -->
<script type='text/javascript' src='http://example.com/wp-content/plugins/s2member/s2member-o.php?ws_plugin__s2member_js_w_globals=1'></script>
<script type='text/javascript' src='http://example.com/wp-content/plugins/script-tag/s2member-o.php?ws_plugin__s2member_js_w_globals=1'></script>
</html>

3
spec/samples/common/collections/wp_plugins/detectable/targets.txt Normal file
View File

@@ -0,0 +1,3 @@
plugin1
plugin-2
mr-smith

7
spec/samples/common/collections/wp_plugins/detectable/vulns.xml Normal file
View File

@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed there -->
<vulnerabilities>
<plugin name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<plugin name="neo"/>
</vulnerabilities>

4
spec/samples/wpscan/modules/wp_themes/passive_detection/various_themes.htm → spec/samples/common/collections/wp_themes/detectable/passive_detection.html
View File

@@ -9,8 +9,8 @@
<link rel="pingback" href="http://example.com/xmlrpc.php"/>
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme1/style.css" />
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme2/javascript.js" />
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme3/test.png" />
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme 2/javascript.js" />
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme-3/test.png" />
</head>
<body>

3
spec/samples/common/collections/wp_themes/detectable/targets.txt Normal file
View File

@@ -0,0 +1,3 @@
3colours
42k
a-ri

5
spec/samples/common/collections/wp_themes/detectable/vulns.xml Normal file
View File

@@ -0,0 +1,5 @@
<themes>
<theme name="shopperpress"/>
<not-valid name="wise"/>
<theme name="webfolio"/>
</themes>

21
spec/samples/wpscan/modules/wp_plugins/passive_detection/no_plugins.htm
View File

@@ -1,21 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="fr-FR">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta property="fb:page_id" content="18968879441564"/>
<title>Example.com</title>
<link rel="alternate" type="application/rss+xml" title="Example RSS Feed" href="http://example.com/feed"/>
<link rel="alternate" type="application/atom+xml" title="Example Atom Feed" href="http://example.com/feed/atom"/>
<link rel="pingback" href="http://example.com/xmlrpc.php"/>
</head>
<body>
<div class="top">
<div class="header">
<h1 class="logo">
Blablabla
</h1>
</div>
</div>
</body>
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=1.0.0'></script>
</html>

26
spec/samples/wpscan/modules/wp_plugins/passive_detection/one_plugin.htm
View File

@@ -1,26 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="fr-FR">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta property="fb:page_id" content="18968879441564"/>
<title>Example.com</title>
<link rel="alternate" type="application/rss+xml" title="Example RSS Feed" href="http://example.com/feed"/>
<link rel="alternate" type="application/atom+xml" title="Example Atom Feed" href="http://example.com/feed/atom"/>
<link rel="pingback" href="http://example.com/xmlrpc.php"/>
<!-- Start Comment Info Tip Plugin -->
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/plugins/comment-info-tip/comment-info-tip.css" />
<!-- End Comment Info Tip Plugin -->
</head>
<body>
<div class="top">
<div class="header">
<h1 class="logo">
Blablabla
</h1>
</div>
</div>
</body>
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=1.0.0'></script>
</html>

18
spec/samples/wpscan/modules/wp_plugins/plugin_vulns.xml
View File

@@ -1,18 +0,0 @@
<?xml version="1.0"?>
<vulnerabilities>
<plugin name="media-library">
<vulnerability>
<title>Wordpress Media Library Categories plugin&lt;= 1.0.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17628/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="deans">
<vulnerability>
<title>Wordpress FCKeditor Deans With Pwwangs Code Plugin &lt;= 1.0.0 Remote Shell Upload</title>
<reference>http://packetstormsecurity.org/files/111319/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
</vulnerabilities>

5
spec/samples/wpscan/modules/wp_plugins/plugins.txt
View File

@@ -1,5 +0,0 @@
display-widgets/display-widgets.php
regenerate-thumbnails/readme.txt
formidable/formidable.php
exclude-pages/exclude_pages.php
regenerate-thumbnails/readme.txt

9
spec/samples/wpscan/modules/wp_themes/passive_detection/no_theme.htm
View File

@@ -1,9 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
</body>
</html>

179
spec/samples/wpscan/modules/wp_themes/passive_detection/one_theme.htm
View File

@@ -1,179 +0,0 @@
<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>ddd</title>
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="stylesheet" type="text/css" media="all" href="http://10.211.55.8/wordpress/wp-content/themes/custom-twentyten/style.css" />
<link rel="pingback" href="http://10.211.55.8/wordpress/xmlrpc.php" />
<meta name='robots' content='noindex,nofollow' />
<link rel="alternate" type="application/rss+xml" title="test &raquo; Feed" href="http://10.211.55.8/wordpress/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="test &raquo; Comments Feed" href="http://10.211.55.8/wordpress/?feed=comments-rss2" />
<!-- AL2FB CSS -->
<style type="text/css" media="screen">
.al2fb_widget_comments { }
.al2fb_widget_comments li { }
.al2fb_widget_picture { width: 32px; height: 32px; }
.al2fb_widget_name { }
.al2fb_widget_comment { }
.al2fb_widget_date { font-size: smaller; }
</style>
<link rel='stylesheet' id='al2fb_style-css' href='http://10.211.55.8/wordpress/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=3.3.1' type='text/css' media='all' />
<link rel='stylesheet' id='events-manager-css' href='http://10.211.55.8/wordpress/wp-content/plugins/events-manager/includes/css/events_manager.css?ver=3.3.1' type='text/css' media='all' />
<link rel='stylesheet' id='NextGEN-css' href='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/css/nggallery.css?ver=1.0.0' type='text/css' media='screen' />
<link rel='stylesheet' id='shutter-css' href='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.css?ver=1.3.4' type='text/css' media='screen' />
<link rel='stylesheet' id='contact-form-7-css' href='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.2.1' type='text/css' media='all' />
<link rel='stylesheet' id='cntctfrmStylesheet-css' href='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-plugin/css/style.css?ver=3.3.1' type='text/css' media='all' />
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/jquery.js?ver=1.7.1'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.position.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.mouse.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.sortable.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.datepicker.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.autocomplete.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.resizable.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.draggable.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.button.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.dialog.min.js?ver=1.8.16'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var EM = {"ajaxurl":"http:\/\/10.211.55.8\/wordpress\/wp-admin\/admin-ajax.php","bookingajaxurl":"http:\/\/10.211.55.8\/wordpress\/wp-admin\/admin-ajax.php","locationajaxurl":"http:\/\/10.211.55.8\/wordpress\/wp-admin\/admin-ajax.php?action=locations_search","firstDay":"1","locale":"en","dateFormat":"dd\/mm\/yy","bookingInProgress":"Please wait while the booking is being submitted.","ui_css":"http:\/\/10.211.55.8\/wordpress\/wp-content\/plugins\/events-manager\/includes\/css\/ui-lightness.css","show24hours":"","is_ssl":"","tickets_save":"Save Ticket","bookings_export_save":"Export Bookings","bookings_settings_save":"Save Settings","booking_delete":"Are you sure you want to delete?","bb_full":"Sold Out","bb_book":"Book Now","bb_booking":"Booking...","bb_booked":"Booking Submitted","bb_error":"Booking Error. Try again?","bb_cancel":"Cancel","bb_canceling":"Canceling...","bb_cancelled":"Cancelled","bb_cancel_error":"Cancellation Error. Try again?","txt_search":"Search","txt_searching":"Searching...","txt_loading":"Loading..."};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/events-manager/includes/js/events-manager.js?ver=3.3.1'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var shutterSettings = {"msgLoading":"L O A D I N G","msgClose":"Click to Close","imageCount":"1"};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06'></script>
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://10.211.55.8/wordpress/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://10.211.55.8/wordpress/wp-includes/wlwmanifest.xml" />
<meta name="generator" content="WordPress 3.3.1" />
<!-- All in One SEO Pack 1.6.15 by Michael Torbert of Semper Fi Web Design[78,119] -->
<meta name="description" content="ddddd" />
<meta name="keywords" content="dd" />
<link rel="canonical" href="http://10.211.55.8/wordpress/" />
<!-- /all in one seo pack -->
<!-- <meta name="NextGEN" version="1.9.6" /> -->
<script charset="utf-8" type="text/javascript">var switchTo5x=true;</script><script charset="utf-8" type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script><script type="text/javascript">stLight.options({publisher:'wp.d54da82c-32aa-4efc-ab15-d4e2ed4f0b4d'});var st_type='wordpress3.3.1';</script></head>
<body class="home blog">
<div id="wrapper" class="hfeed">
<div id="header">
<div id="masthead">
<div id="branding" role="banner">
<h1 id="site-title">
<span>
<a href="http://10.211.55.8/wordpress/" title="test" rel="home">test</a>
</span>
</h1>
<div id="site-description">Just another WordPress site</div>
<img src="http://10.211.55.8/wordpress/wp-content/themes/custom-twentyten/images/headers/path.jpg" width="940" height="198" alt="" />
</div><!-- #branding -->
<div id="access" role="navigation">
<div class="skip-link screen-reader-text"><a href="#content" title="Skip to content">Skip to content</a></div>
<div class="menu"><ul><li class="current_page_item"><a href="http://10.211.55.8/wordpress/" title="Home">Home</a></li><li class="page_item page-item-11"><a href="http://10.211.55.8/wordpress/?page_id=11">Events</a><ul class='children'><li class="page_item page-item-13"><a href="http://10.211.55.8/wordpress/?page_id=13">Categories</a></li><li class="page_item page-item-12"><a href="http://10.211.55.8/wordpress/?page_id=12">Locations</a></li><li class="page_item page-item-14"><a href="http://10.211.55.8/wordpress/?page_id=14">My Bookings</a></li></ul></li><li class="page_item page-item-2"><a href="http://10.211.55.8/wordpress/?page_id=2">Sample Page</a></li></ul></div>
</div><!-- #access -->
</div><!-- #masthead -->
</div><!-- #header -->
<div id="main">
<div id="container">
<div id="content" role="main">
<div id="post-1" class="post-1 post type-post status-publish format-standard hentry category-uncategorized">
<h2 class="entry-title"><a href="http://10.211.55.8/wordpress/?p=1" title="Permalink to Hello world!" rel="bookmark">Hello world!</a></h2>
<div class="entry-meta">
<span class="meta-prep meta-prep-author">Posted on</span> <a href="http://10.211.55.8/wordpress/?p=1" title="8:41 pm" rel="bookmark"><span class="entry-date">September 15, 2012</span></a> <span class="meta-sep">by</span> <span class="author vcard"><a class="url fn n" href="http://10.211.55.8/wordpress/?author=1" title="View all posts by admin">admin</a></span> </div><!-- .entry-meta -->
<div class="entry-content">
<p>Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!</p>
<p><span class='st_facebook_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Facebook'></span><span class='st_twitter_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Twitter'></span><span class='st_email_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Email'></span><span class='st_sharethis_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='ShareThis'></span><span class='st_fblike_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Facebook Like'></span><span class='st_plusone_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Google +1'></span><span class='st_pinterest _buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Pinterest'></span></p> </div><!-- .entry-content -->
<div class="entry-utility">
<span class="cat-links">
<span class="entry-utility-prep entry-utility-prep-cat-links">Posted in</span> <a href="http://10.211.55.8/wordpress/?cat=1" title="View all posts in Uncategorized" rel="category">Uncategorized</a> </span>
<span class="meta-sep">|</span>
<span class="comments-link"><a href="http://10.211.55.8/wordpress/?p=1#comments" title="Comment on Hello world!">1 Comment</a></span>
</div><!-- .entry-utility -->
</div><!-- #post-## -->
</div><!-- #content -->
</div><!-- #container -->
<div id="primary" class="widget-area" role="complementary">
<ul class="xoxo">
<li id="search-2" class="widget-container widget_search"><form role="search" method="get" id="searchform" action="http://10.211.55.8/wordpress/" >
<div><label class="screen-reader-text" for="s">Search for:</label>
<input type="text" value="" name="s" id="s" />
<input type="submit" id="searchsubmit" value="Search" />
</div>
</form></li> <li id="recent-posts-2" class="widget-container widget_recent_entries"> <h3 class="widget-title">Recent Posts</h3> <ul>
<li><a href="http://10.211.55.8/wordpress/?p=1" title="Hello world!">Hello world!</a></li>
</ul>
</li><li id="recent-comments-2" class="widget-container widget_recent_comments"><h3 class="widget-title">Recent Comments</h3><ul id="recentcomments"><li class="recentcomments"><a href='http://wordpress.org/' rel='external nofollow' class='url'>Mr WordPress</a> on <a href="http://10.211.55.8/wordpress/?p=1#comment-1">Hello world!</a></li></ul></li><li id="archives-2" class="widget-container widget_archive"><h3 class="widget-title">Archives</h3> <ul>
<li><a href='http://10.211.55.8/wordpress/?m=201209' title='September 2012'>September 2012</a></li>
</ul>
</li><li id="categories-2" class="widget-container widget_categories"><h3 class="widget-title">Categories</h3> <ul>
<li class="cat-item cat-item-1"><a href="http://10.211.55.8/wordpress/?cat=1" title="View all posts filed under Uncategorized">Uncategorized</a>
</li>
</ul>
</li><li id="meta-2" class="widget-container widget_meta"><h3 class="widget-title">Meta</h3> <ul>
<li><a href="http://10.211.55.8/wordpress/wp-login.php">Log in</a></li>
<li><a href="http://10.211.55.8/wordpress/?feed=rss2" title="Syndicate this site using RSS 2.0">Entries <abbr title="Really Simple Syndication">RSS</abbr></a></li>
<li><a href="http://10.211.55.8/wordpress/?feed=comments-rss2" title="The latest comments to all posts in RSS">Comments <abbr title="Really Simple Syndication">RSS</abbr></a></li>
<li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress.org</a></li>
</ul>
</li> </ul>
</div><!-- #primary .widget-area -->
</div><!-- #main -->
<div id="footer" role="contentinfo">
<div id="colophon">
<div id="site-info">
<a href="http://10.211.55.8/wordpress/" title="test" rel="home">
test </a>
</div><!-- #site-info -->
<div id="site-generator">
<a href="http://wordpress.org/" title="Semantic Personal Publishing Platform" rel="generator">Proudly powered by WordPress.</a>
</div><!-- #site-generator -->
</div><!-- #colophon -->
</div><!-- #footer -->
</div><!-- #wrapper -->
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-7/includes/js/jquery.form.js?ver=3.14'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var _wpcf7 = {"loaderUrl":"http:\/\/10.211.55.8\/wordpress\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.2.1'></script>
</body>
</html>

25
spec/samples/wpscan/modules/wp_themes/theme_vulns.xml
View File

@@ -1,25 +0,0 @@
<themes>
<theme name="shopperpress">
<vulnerability>
<title>ShopperPress WordPress Theme 2.7 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/115630/</reference>
<type>XSS</type>
</vulnerability>
</theme>
<theme name="wise">
<vulnerability>
<title>Site5 Wordpress Themes Email Spoofing</title>
<reference>http://packetstormsecurity.org/files/114750/</reference>
<type>UNKNOWN</type>
</vulnerability>
</theme>
<theme name="webfolio">
<vulnerability>
<title>Site5 Wordpress Themes Email Spoofing</title>
<reference>http://packetstormsecurity.org/files/114750/</reference>
<type>UNKNOWN</type>
</vulnerability>
</theme>
</themes>

10
spec/samples/wpscan/modules/wp_themes/themes.txt
View File

@@ -1,10 +0,0 @@
zenpro/404.php
zeta-zip/404.php
zfirst/404.php
zgrey/404.php
zindi-ii/404.php
zindi/404.php
zombie-apocalypse/404.php
zsofa/404.php
zwei-seiten/404.php
twentyten/404.php

4
spec/samples/wpscan/wp_plugin/plugins.txt
View File

@@ -1,4 +0,0 @@
plugin1
plugin2
plugin3
plugin4

27
spec/samples/wpscan/wp_plugin/vulnerabilities/plugin_vulns.xml
View File

@@ -1,27 +0,0 @@
<?xml version="1.0"?>
<vulnerabilities>
<plugin name="spec-plugin">
<vulnerability>
<title>WPScan Spec</title>
<reference>http://secu.org/files/111319/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Spec SQL Injection</title>
<reference>http://secu.org/files/1245/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-login-lockdown">
<vulnerability>
<title>Simple Login Lockdown XSS</title>
<reference>http://secu.org/files/1234/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
</vulnerabilities>

5
spec/samples/wpscan/wp_theme/themes.txt
View File

@@ -1,5 +0,0 @@
theme1
theme2
theme3
theme4
theme5

22
spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml
View File

@@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<theme name="onepagewebsite">
<vulnerability>
<title>onepagewebsite Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20027</reference>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>onepagewebsite Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20027</reference>
<type>FPD</type>
</vulnerability>
</theme>
<theme name="vithy">
<vulnerability>
<title>vithy Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20040</reference>
<type>FPD</type>
</vulnerability>
</theme>
</vulnerabilities>

9
spec/samples/wpscan/wp_version/404.htm
View File

@@ -1,9 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at lamp Port 80</address>
</body></html>