garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #380 - Redirects in WP 3.6-3.0

Browse Source
This commit is contained in:
erwanlr
2014-02-26 13:05:25 +01:00
parent f3b26b1101
commit 92d99c6d64
1 changed files with 352 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

353
data/wp_vulns.xml
View File

@@ -59,8 +59,9 @@
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>UNKNOWN</type>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
<vulnerability>
@@ -129,6 +130,20 @@
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.5.1">
@@ -202,6 +217,20 @@
<type>SSRF</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.5">
@@ -245,6 +274,20 @@
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4.2">
@@ -295,6 +338,20 @@
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4.1">
@@ -338,6 +395,20 @@
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4">
@@ -381,6 +452,20 @@
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.4-beta4">
@@ -412,6 +497,20 @@
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3.3">
@@ -436,6 +535,20 @@
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3.2">
@@ -498,6 +611,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3.1">
@@ -560,6 +687,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.3">
@@ -615,6 +756,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.2.1">
@@ -663,6 +818,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.2">
@@ -711,6 +880,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.4">
@@ -759,6 +942,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.3">
@@ -817,6 +1014,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.2">
@@ -873,6 +1084,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1.1">
@@ -928,6 +1153,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.1">
@@ -976,6 +1215,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.6">
@@ -1024,6 +1277,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.5">
@@ -1080,6 +1347,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.4">
@@ -1136,6 +1417,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.3">
@@ -1206,6 +1501,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.2">
@@ -1269,6 +1578,20 @@
<type>UNKNOWN</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0.1">
@@ -1364,6 +1687,20 @@
<type>AUTHBYPASS</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="3.0">
@@ -1460,6 +1797,20 @@
<type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<exploitdb>28958</exploitdb>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
<url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
</references>
<type>REDIRECT</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</wordpress>
<wordpress version="2.9.2">