garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated WordPress Plugin Security Testing Cheat Sheet (markdown)

Ryan Dewhurst
2021-01-04 10:19:47 +01:00
parent 3f2b5f6218
commit d90fb63a97
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
WordPress-Plugin-Security-Testing-Cheat-Sheet.md

@@ -32,6 +32,19 @@ When doing dynamic testing for XSS the following setting in the wp-config.php fi
define( 'DISALLOW_UNFILTERED_HTML', true ); define( 'DISALLOW_UNFILTERED_HTML', true );
``` ```
### Enable error logging
Add the following to your wp-config.php file:
```
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
```
The PHP errors will be saved to the `/wp-content/debug.log` file.
To do some logging yourself, you can use the `error_log( 'This is a log' );` function.
## Cross-Site Scripting (XSS) ## Cross-Site Scripting (XSS)
Check if the following global PHP variables are echo'd to pages, or stored in the database and echo'd at a later time without first being sanitised or output encoded. Check if the following global PHP variables are echo'd to pages, or stored in the database and echo'd at a later time without first being sanitised or output encoded.