garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added XSD checking for XML files

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-21 22:00:09 +01:00
parent 63f6bb7181
commit c2cdf97bee
6 changed files with 234 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
data/plugin_vulns.xml
View File

@@ -1,40 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
This file contains vulnerabilities associated with WordPress plugins.
TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "CSRF", "AUTHBYPASS", "FPD"]
<plugin name="">
<vulnerability>
<title></title>
<reference></reference>
<reference></reference>
<metasploit></metasploit>
<metasploit></metasploit>
<type></type>
</vulnerability>
</plugin>
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<vulnerabilities>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<plugin name="crayon-syntax-highlighter">
<vulnerability>
@@ -1459,8 +1444,6 @@ File Upload Vulnerability</title>
<title>AllWebMenus 1.1.3 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17861/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php</uri>
<postdata>abspath=XXpathXX</postdata>
</vulnerability>
</plugin>
@@ -2087,7 +2070,6 @@ File Upload Vulnerability</title>
<title>DM Albums 1.9.2 Remote File Inclusion Vuln</title>
<reference>http://www.exploit-db.com/exploits/9043/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2286,10 +2268,9 @@ File Upload Vulnerability</title>
<plugin name="backupwordpress">
<vulnerability>
<title>BackUp&lt;= 0.4.2b RFI Vulnerability</title>
<title>BackUp &lt;= 0.4.2b RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4593/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/BackUp/Archive.php?bkpwp_plugin_path=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2298,7 +2279,6 @@ File Upload Vulnerability</title>
<title>plugin myflash &lt;= 1.00 (wppath) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3828/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/myflash/myflash-button.php?wpPATH=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2307,7 +2287,6 @@ File Upload Vulnerability</title>
<title>plugin wordTube &lt;= 1.43 (wpPATH) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3825/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/wordtube/wordtube-button.php?wpPATH=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2316,7 +2295,6 @@ File Upload Vulnerability</title>
<title>plugin wp-Table &lt;= 1.43 (inc_dir) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3824/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2325,7 +2303,6 @@ File Upload Vulnerability</title>
<title>myGallery &lt;= 1.4b4 Remote File Inclusion Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3814/</reference>
<type>RFI</type>
<uri>/mygallery/myfunctions/mygallerybrowser.php?myPath=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2684,7 +2661,6 @@ File Upload Vulnerability</title>
<title>TheCartPress 1.1.1 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17860/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&amp;tcp_class_name=asdf&amp;tcp_class_path=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2693,7 +2669,6 @@ File Upload Vulnerability</title>
<title>WPEasyStats 1.8 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17862/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/wpeasystats/export.php?homep=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2702,7 +2677,6 @@ File Upload Vulnerability</title>
<title>Annonces 1.2.0.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17863/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2711,8 +2685,6 @@ File Upload Vulnerability</title>
<title>Livesig 0.4 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17864/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/livesig/livesig-ajax-backend.php</uri>
<postdata>wp-root=XXpathXX&amp;action=asdf</postdata>
</vulnerability>
</plugin>
@@ -2721,7 +2693,6 @@ File Upload Vulnerability</title>
<title>Disclosure Policy 1.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17865/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&amp;blogUrl=asdf&amp;abspath=XXpathXX</uri>
</vulnerability>
</plugin>
@@ -2730,7 +2701,6 @@ File Upload Vulnerability</title>
<title>Mailing List 1.3.2 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17866/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/mailz/lists/config/config.php?wpabspath=XXpathXX</uri>
</vulnerability>
<vulnerability>
<title>Mailing List &lt; 1.4.1 Arbitrary file download</title>
@@ -2744,7 +2714,6 @@ File Upload Vulnerability</title>
<title>Zingiri Web Shop 2.2.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17867/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/g-web-shop/fws/ajax/init.inc.php?wpabspath=XXpathXX</uri>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.2.3 Remote Code Execution</title>
@@ -2771,7 +2740,6 @@ File Upload Vulnerability</title>
<title>Relocate Upload 0.14 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17869/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&amp;abspath=XXpathXX</uri>
</vulnerability>
</plugin>

40
data/theme_vulns.xml
View File

@@ -1,27 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
This file contains vulnerabilities associated with WordPress themes.
TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "FPD"]
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<themes>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<theme name="onepagewebsite">
<vulnerability>
@@ -1172,4 +1170,4 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
</vulnerability>
</theme>
</themes>
</vulnerabilities>

60
data/vuln.xsd Normal file
View File

@@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string"/>
</xs:simpleType>
<xs:simpleType name="typetype">
<xs:restriction base="xs:string">
<xs:enumeration value="SQLI"/>
<xs:enumeration value="MULTI"/>
<xs:enumeration value="REDIRECT"/>
<xs:enumeration value="RCE"/>
<xs:enumeration value="RFI"/>
<xs:enumeration value="LFI"/>
<xs:enumeration value="UPLOAD"/>
<xs:enumeration value="UNKNOWN"/>
<xs:enumeration value="XSS"/>
<xs:enumeration value="CSRF"/>
<xs:enumeration value="AUTHBYPASS"/>
<xs:enumeration value="FPD"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="itemtype">
<xs:sequence>
<xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
</xs:sequence>
<xs:attribute type="stringtype" name="name" use="required"/>
</xs:complexType>
<xs:complexType name="wordpresstype">
<xs:sequence>
<xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
</xs:sequence>
<xs:attribute type="stringtype" name="version" use="required"/>
</xs:complexType>
<xs:complexType name="vulntype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="title" type="stringtype"/>
<xs:element name="reference" type="stringtype" maxOccurs="unbounded" minOccurs="1"/>
<xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="type" type="typetype"/>
</xs:sequence>
</xs:complexType>
<xs:element name="vulnerabilities">
<xs:complexType>
<xs:sequence>
<xs:element name="plugin" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="theme" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

167
data/wp_vulns.xml
View File

@@ -1,37 +1,36 @@
<?xml version="1.0"?>
<?xml version="1.0" encoding="UTF-8"?>
<!--
WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
This file contains vulnerabilities associated with WordPress verions.
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<vulnerabilities>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<wordpress version="3.5">
<vulnerability>
<title>XMLRPC Pingback API Internal/External Port Scanning</title>
<reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress XMLRPC pingback additional issues</title>
<reference>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</reference>
<type>UNKNOWN</type>
</vulnerability>
</wordpress>
@@ -39,6 +38,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress 3.4.2 Cross Site Request Forgery</title>
<reference>http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html</reference>
<type>CSRF</type>
</vulnerability>
</wordpress>
@@ -46,6 +46,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18791/</reference>
<type>CSRF</type>
</vulnerability>
</wordpress>
@@ -53,10 +54,12 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18791/</reference>
</vulnerability>
<vulnerability>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>WordPress 3.3.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/113254</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -64,14 +67,17 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Multiple vulnerabilities including XSS and Privilege Escalation</title>
<reference>http://wordpress.org/news/2012/04/wordpress-3-3-2/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18791/</reference>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -79,31 +85,36 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Reflected Cross-Site Scripting in WordPress 3.3</title>
<reference>http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.2.1">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.2">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.1.4">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -111,10 +122,12 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Multiple SQL Injection Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/17465/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -122,10 +135,12 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress &lt;= 3.1.2 Clickjacking Vulnerability</title>
<reference>http://seclists.org/fulldisclosure/2011/Sep/219</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -133,38 +148,44 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS</title>
<reference>http://osvdb.org/show/osvdb/72142</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.1">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.0.6">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.0.5">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.0.4">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -172,14 +193,17 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>SQL injection vulnerability in do_trackbacks() Wordpress function</title>
<reference>http://www.exploit-db.com/exploits/15684/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Wordpress 3.0.3 stored XSS IE7,6 NS8.1</title>
<reference>http://www.exploit-db.com/exploits/15858/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -187,42 +211,49 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress XML-RPC Interface Access Restriction Bypass</title>
<reference>http://osvdb.org/69761</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.0.1">
<wordpress version="3.0.1">
<vulnerability>
<title>WordPress: Information Disclosure via SQL Injection Attack</title>
<reference>http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.0">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.9.2">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.9.1">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -230,21 +261,25 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress 2.9 Failure to Restrict URL Access</title>
<reference>http://www.exploit-db.com/exploits/11441/</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress DOS &lt;= 2.9</title>
<reference>http://www.exploit-db.com/exploits/11441/</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.8.6">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -252,17 +287,20 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress &lt;= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution</title>
<reference>http://www.exploit-db.com/exploits/10089/</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.8.4">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -270,10 +308,12 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress &lt;= 2.8.3 Remote Admin Reset Password Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9410/</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -281,17 +321,20 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit</title>
<reference>http://www.exploit-db.com/exploits/9250/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.8">
<vulnerability>
<wordpress version="2.8">
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -299,24 +342,28 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/10088/</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.7">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.6.5">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -324,20 +371,23 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.6.3">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.6.2">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -345,31 +395,36 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit</title>
<reference>http://www.exploit-db.com/exploits/6421/</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.6">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.5.1">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="2.5">
<vulnerability>
<vulnerability>
<title>XSS vulnerability in swfupload in WordPress</title>
<reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
<type>XSS</type>
</vulnerability>
</wordpress>
@@ -377,6 +432,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress &lt;= 2.3.1 Charset Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4721/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -384,10 +440,12 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit</title>
<reference>http://www.exploit-db.com/exploits/4113/</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/4039/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -395,6 +453,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit</title>
<reference>http://www.exploit-db.com/exploits/3960/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -402,6 +461,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/3656/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -409,6 +469,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress &lt;= 2.0.6 wp-trackback.php Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/3109/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -416,6 +477,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/3095/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -423,6 +485,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress &lt;= 2.0.2 (cache) Remote Shell Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/6/</reference>
<type>UNKNOWN</type>
</vulnerability>
</wordpress>
@@ -430,6 +493,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress &lt;= 1.5.1.3 Remote Code Execution eXploit (metasploit)</title>
<reference>http://www.exploit-db.com/exploits/1145/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -437,6 +501,7 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>Wordpress &lt;= 1.5.1.2 xmlrpc Interface SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/1077/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>
@@ -444,10 +509,12 @@ This file contains vulnerabilities associated with WordPress verions.
<vulnerability>
<title>WordPress &lt;= 1.5.1.1 &quot;add new admin&quot; SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/1059/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress &lt;= 1.5.1.1 SQL Injection Exploit </title>
<title>WordPress &lt;= 1.5.1.1 SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/1033/</reference>
<type>SQLI</type>
</vulnerability>
</wordpress>

1
lib/common_helper.rb
View File

@@ -39,6 +39,7 @@ THEMES_FILE = DATA_DIR + "/themes.txt"
THEMES_FULL_FILE = DATA_DIR + "/themes_full.txt"
THEMES_VULNS_FILE = DATA_DIR + "/theme_vulns.xml"
WP_VULNS_FILE = DATA_DIR + "/wp_vulns.xml"
VULNS_XSD = DATA_DIR + "/vuln.xsd"
WPSCAN_VERSION = "2.0"

19
spec/xml_checks_spec.rb
View File

@@ -25,27 +25,44 @@ describe "XML checks" do
FileTest.exists?(full_path).should be_true
expect { Nokogiri::XML(File.read(full_path)) { |config| config.strict } }.to_not raise_error
if @xsd
xsd = Nokogiri::XML::Schema(File.read(@xsd))
doc = Nokogiri::XML(File.read(full_path))
errors = []
xsd.validate(doc).each do |error|
errors << error.message
end
errors.should === []
else
expect { Nokogiri::XML(File.read(full_path)) { |config| config.strict } }.to_not raise_error
end
end
it "check plugin_vulns.xml for syntax errors" do
@file = "plugin_vulns.xml"
@xsd = VULNS_XSD
end
it "check theme_vulns.xml for syntax errors" do
@file = "theme_vulns.xml"
@xsd = VULNS_XSD
end
it "check wp_versions.xml for syntax errors" do
@file = "wp_versions.xml"
@xsd = nil
end
it "check wp_vulns.xml for syntax errors" do
@file = "wp_vulns.xml"
@xsd = VULNS_XSD
end
it "check local_vulnerable_files.xml for syntax errors" do
@file = "local_vulnerable_files.xml"
@xsd = nil
end
end