86 lines
3.0 KiB
Plaintext
86 lines
3.0 KiB
Plaintext
# WPScan Changelog
|
|
|
|
Version 1.1 - Released 25.11.2011
|
|
|
|
Added a few plugin vulns to the database
|
|
Fix for issue 54
|
|
CREDITS file update
|
|
Fix for Issue 51.
|
|
Moved the uniq! method in generate_plugin_list
|
|
SVN output redirected to /dev/null
|
|
Added 2 new plugin vulns
|
|
Added Clickdesk Live Chat Support XSS vuln
|
|
Improved non responsive server method
|
|
Improved update class to hide STDERR when there is no outbound conn
|
|
Added adminimize plugin XSS.
|
|
Fix for Issue 57, slight amendment.
|
|
Fix for Issue 57
|
|
Fix for Issue 50 (redirect)
|
|
Added advanced-text-widget XSS vuln
|
|
Added XSS vuln in all versions of WP-Cumulus
|
|
Typo in bruter
|
|
Couple of output changes + removal of flash gallery plugin duplicate
|
|
Implemented version scrapping from RSS feed
|
|
Issue 50
|
|
Issue 50 fix
|
|
404 checking on plugin detection implemented
|
|
Full Path Disclosure (FPD) check added.
|
|
timthumb.txt file uniqued by michee08
|
|
Added Miche08 to credits
|
|
Added new SQLI vulnerability in adrotate plugin
|
|
Fixed bug where theme name needed URL encoding before being used in the timthumb method.
|
|
Fix for issue 48. Not tested.
|
|
Added new Zingiri Web Shop RCE vulnerability
|
|
Fix for issue 48. Not tested.
|
|
Cleaned up plugin enum output a little
|
|
Output improvements, method name improvements
|
|
GPL code changed for future YARD documentayion
|
|
improved user input handling
|
|
Improved error_log file detection
|
|
Improved the timthumb method slightly
|
|
Amended contribution from tripmonster
|
|
Added contribution from tripmonster
|
|
Moved update code under the banner so that it shows during an update
|
|
Moved update code to run before anything
|
|
Fixed a bug in wordpress detection
|
|
Added timthumb reference, not everyone will know what timthumb is...
|
|
small typo
|
|
better timthumb discovery
|
|
timthumb enumeration checks added
|
|
Fix for issue 44 and updates to auto-update
|
|
Commented update class
|
|
Forgot to add class file
|
|
Auto updating implemented
|
|
Fix for issue 43
|
|
Added 4 new SQLI and 1 RCE from ExploitDB
|
|
Issue 39 tested and working
|
|
Some work on issue 39
|
|
Exploitation refactoring
|
|
Fix for issue 31
|
|
Fix for issue 34
|
|
Bug with when session is 1
|
|
Meterpreter interaction working
|
|
Further work on metasploit intergration
|
|
Some functionality of exploitation through MSFRPC implemented. NOT FINISHED
|
|
type, uri and postdata XML tags added to all RFI vulns
|
|
Output tweaking
|
|
MSFRPC + WPSCAN XMLRPC CLIENT WORKING WITH ADDITIONAL METHODS
|
|
XMLRPC Client in a working state
|
|
Added WordPress AdRotate plugin <= 3.6.5 SQL Injection Vulnerability to vuln library
|
|
MSF XMLRPC CLIENT PoC (NOT WORKING YET)
|
|
Some slight output tidying up
|
|
Added 3.1.2 Clickjacking Vulnerability
|
|
Added a ton of new plugin vulns discovered by Ben Schmidt (@_supernothing)
|
|
Addedd 2 new plugin vulns: Count per Day <= 2.17 and Filedownload 0.1
|
|
Added Gianluca to CREDITS file
|
|
Issue 25: patched plugin_vulns.xml
|
|
removed WP 3.0.4 common_post_ID Blind SQLi false positive
|
|
added 1-flash-gallery plugin vuln
|
|
version update
|
|
discover.advanced_version_fingerprinting method imeplemented
|
|
Issue 23: Patch for /trunk/data/plugin_vulns.xml
|
|
some small amendments
|
|
wp versions file initial commit with only scores of 1
|
|
updated published plugin vulns
|
|
progress indicators
|