eXtreme Development


Translate:  

  • Wordpress: Protecting WordPress instance with WPScan analysis

    2018-05

    
WPScan is a set of ruby scripts you can use to extract WordPress information
I used WPScan to find and fix common vulnerabilities on his WordPress site (actually an e-commerce)
Everything is self-explanatory:

netto@talvisota ~/Downloads/wpscan $ sudo ruby2.2 wpscan.rb -e tt,u,ap,at --url www.yourdomain.com
_______________________________________________________________
        __          _______   _____
        \ \        / /  __ \ / ____|
         \ \  /\  / /| |__) | (___   ___  __ _ _ __
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 2.9.1
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] The remote host tried to redirect to: http://yourdomain.com/
[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]y
[+] URL: http://yourdomain.com/
[+] Started: Mon Jul  4 00:12:22 2016

[+] robots.txt available under: 'http://yourdomain.com/robots.txt'
[+] Interesting entry from robots.txt: http://yourdomain.com/wp-admin/admin-ajax.php
[!] The WordPress 'http://yourdomain.com/readme.html' file exists exposing a version number
[!] Full Path Disclosure (FPD) in 'http://yourdomain.com/wp-includes/rss-functions.php':
[+] Interesting header: LINK: http://yourdomain.com/wp-json/; rel="https://api.w.org/", http://yourdomain.com/; rel=shortlink
[+] Interesting header: SERVER: nginx/1.10.1
[+] XML-RPC Interface available under: http://yourdomain.com/xmlrpc.php
[!] Upload directory has directory listing enabled: http://yourdomain.com/wp-content/uploads/
[!] Includes directory has directory listing enabled: http://yourdomain.com/wp-includes/

[+] WordPress version 4.5.3 (Released on 2016-06-21) identified from meta generator, advanced fingerprinting, readme, links opml,
 stylesheets numbers

[+] WordPress theme in use: shopkeeper-child - v1.0

[+] Name: shopkeeper-child - v1.0
 |  Location: http://yourdomain.com/wp-content/themes/shopkeeper-child/
[!] Directory listing is enabled: http://yourdomain.com/wp-content/themes/shopkeeper-child/
 |  Style URL: http://yourdomain.com/wp-content/themes/shopkeeper-child/style.css
 |  Theme Name: Shopkeeper Child
 |  Theme URI: http://shopkeeper.getbowtied.com/
 |  Description: This is a child theme for Shopkeeper.
 |  Author: Get Bowtied
 |  Author URI: http: //www.getbowtied.com/

[+] Detected parent theme: shopkeeper - v1.6.6

[+] Name: shopkeeper - v1.6.6
 |  Location: http://yourdomain.com/wp-content/themes/shopkeeper/
 |  Style URL: http://yourdomain.com/wp-content/themes/shopkeeper/style.css
 |  Theme Name: Shopkeeper
 |  Theme URI: http://www.getbowtied.com/
 |  Description: Shopkeeper is a responsive, super-mobile-friendly theme for WordPress and WooCommerce.
 |  Author: Get Bowtied
 |  Author URI: http://www.getbowtied.com/

[+] Enumerating plugins from passive detection ...
 | 4 plugins found:

[+] Name: js_composer
 |  Location: http://yourdomain.com/wp-content/plugins/js_composer/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: Visual Composer = 4.7.3 - Multiple Unspecified Cross-Site Scripting (XSS)
    Reference: https://wpvulndb.com/vulnerabilities/8208
    Reference: http://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
    Reference: https://forums.envato.com/t/visual-composer-security-vulnerability-fix/10494/7
[i] Fixed in: 4.7.4

[+] Name: revslider
 |  Location: http://yourdomain.com/wp-content/plugins/revslider/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: WordPress Slider Revolution Local File Disclosure
    Reference: https://wpvulndb.com/vulnerabilities/7540
    Reference: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
    Reference: http://marketblog.envato.com/general/affected-themes/
    Reference: http://packetstormsecurity.com/files/129761/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1579
    Reference: https://www.exploit-db.com/exploits/34511/
    Reference: https://www.exploit-db.com/exploits/36039/
[i] Fixed in: 4.1.5

[!] Title: WordPress Slider Revolution Shell Upload
    Reference: https://wpvulndb.com/vulnerabilities/7954
    Reference: https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
    Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_revslider_upload_execute
    Reference: https://www.exploit-db.com/exploits/35385/
[i] Fixed in: 3.0.96

[+] Name: yith-product-size-charts-for-woocommerce - v1.0.9
 |  Latest version: 1.0.9 (up to date)
 |  Location: http://yourdomain.com/wp-content/plugins/yith-product-size-charts-for-woocommerce/
 |  Readme: http://yourdomain.com/wp-content/plugins/yith-product-size-charts-for-woocommerce/README.txt
[!] Directory listing is enabled: http://yourdomain.com/wp-content/plugins/yith-product-size-charts-for-woocommerce/

[+] Name: yith-woocommerce-wishlist - v2.0.16
 |  Latest version: 2.0.16 (up to date)
 |  Location: http://yourdomain.com/wp-content/plugins/yith-woocommerce-wishlist/
 |  Readme: http://yourdomain.com/wp-content/plugins/yith-woocommerce-wishlist/README.txt
[!] Directory listing is enabled: http://yourdomain.com/wp-content/plugins/yith-woocommerce-wishlist/

[+] Enumerating all plugins (may take a while and use a lot of system resources) ...

   Time: 13:57:09 ========================================================================= (60945 / 60945) 100.00% Time: 13:57:09

[+] We found 6 plugins:

[+] Name: js_composer
 |  Location: http://yourdomain.com/wp-content/plugins/js_composer/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: Visual Composer = 4.7.3 - Multiple Unspecified Cross-Site Scripting (XSS)
    Reference: https://wpvulndb.com/vulnerabilities/8208
    Reference: http://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
    Reference: https://forums.envato.com/t/visual-composer-security-vulnerability-fix/10494/7
[i] Fixed in: 4.7.4

[+] Name: maintenance
 |  Latest version: 3.0
 |  Location: http://yourdomain.com/wp-content/plugins/maintenance/
[!] Directory listing is enabled: http://yourdomain.com/wp-content/plugins/maintenance/

[+] Name: revslider
 |  Location: http://yourdomain.com/wp-content/plugins/revslider/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: WordPress Slider Revolution Local File Disclosure
    Reference: https://wpvulndb.com/vulnerabilities/7540
    Reference: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
    Reference: http://marketblog.envato.com/general/affected-themes/
    Reference: http://packetstormsecurity.com/files/129761/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1579
    Reference: https://www.exploit-db.com/exploits/34511/
    Reference: https://www.exploit-db.com/exploits/36039/
[i] Fixed in: 4.1.5

[!] Title: WordPress Slider Revolution Shell Upload
    Reference: https://wpvulndb.com/vulnerabilities/7954
    Reference: https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
    Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_revslider_upload_execute
    Reference: https://www.exploit-db.com/exploits/35385/
[i] Fixed in: 3.0.96

[+] Name: woocommerce
 |  Latest version: 2.6.2
 |  Location: http://yourdomain.com/wp-content/plugins/woocommerce/
[!] Directory listing is enabled: http://yourdomain.com/wp-content/plugins/woocommerce/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS
    Reference: https://wpvulndb.com/vulnerabilities/6673
    Reference: http://packetstormsecurity.com/files/123684/
    Reference: http://www.securityfocus.com/bid/63228/
[i] Fixed in: 2.0.17

[!] Title: WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
    Reference: https://wpvulndb.com/vulnerabilities/6674
    Reference: http://packetstormsecurity.com/files/122465/
    Reference: https://secunia.com/advisories/53930/
[i] Fixed in: 2.0.13

[!] Title: WooCommerce = 2.1.12 - Reflected Cross-Site Scripting (XSS)
    Reference: https://wpvulndb.com/vulnerabilities/7575
    Reference: http://seclists.org/fulldisclosure/2014/Sep/59
    Reference: https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do/
[i] Fixed in: 2.2.3

[!] Title: WooCommerce = 2.2.2 - Reflected Cross-Site Scripting (XSS)
    Reference: https://wpvulndb.com/vulnerabilities/7699
    Reference: http://seclists.org/fulldisclosure/2014/Sep/59
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6313
    Reference: https://secunia.com/advisories/61377/
[i] Fixed in: 2.2.3

[!] Title: WooCommerce = 2.2.10 - Cross-Site Scripting (XSS)
    Reference: https://wpvulndb.com/vulnerabilities/7801
    Reference: http://seclists.org/fulldisclosure/2015/Feb/75
    Reference: http://packetstormsecurity.com/files/130458/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2069
[i] Fixed in: 2.2.11

[!] Title: WooCommerce 2.3 - 2.3.5 - SQL Injection
    Reference: https://wpvulndb.com/vulnerabilities/7846
    Reference: http://www.wordfence.com/blog/2015/03/woocommerce-sql-injection-vulnerability/
[i] Fixed in: 2.3.6

[!] Title: WooCommerce 2.0.20-2.3.10 - Object Injection / XXE
    Reference: https://wpvulndb.com/vulnerabilities/8039
    Reference: https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerability-in-woocommerce.html
[i] Fixed in: 2.3.11

[!] Title: WooCommerce = 2.4.8 - Authenticated Cross-Site Scripting (XSS)
    Reference: https://wpvulndb.com/vulnerabilities/8242
    Reference: http://blog.fortinet.com/post/fortiguard-labs-discloses-another-wordpress-woocommerce-plug-in-cross-site-scripting-vulnerability
[i] Fixed in: 2.4.9

[+] Name: yith-product-size-charts-for-woocommerce - v1.0.9
 |  Latest version: 1.0.9 (up to date)
 |  Location: http://yourdomain.com/wp-content/plugins/yith-product-size-charts-for-woocommerce/
 |  Readme: http://yourdomain.com/wp-content/plugins/yith-product-size-charts-for-woocommerce/README.txt
[!] Directory listing is enabled: http://yourdomain.com/wp-content/plugins/yith-product-size-charts-for-woocommerce/

[+] Name: yith-woocommerce-wishlist - v2.0.16
 |  Latest version: 2.0.16 (up to date)
 |  Location: http://yourdomain.com/wp-content/plugins/yith-woocommerce-wishlist/
 |  Readme: http://yourdomain.com/wp-content/plugins/yith-woocommerce-wishlist/README.txt
[!] Directory listing is enabled: http://yourdomain.com/wp-content/plugins/yith-woocommerce-wishlist/

[+] Enumerating all themes (may take a while and use a lot of system resources) ...

   Time: 00:05:43 ========================================================================= (13184 / 13184) 100.00% Time: 00:05:43

[+] We found 2 themes:

[+] Name: shopkeeper - v1.6.6
 |  Location: http://yourdomain.com/wp-content/themes/shopkeeper/
 |  Style URL: http://yourdomain.com/wp-content/themes/shopkeeper/style.css
 |  Theme Name: Shopkeeper
 |  Theme URI: http://www.getbowtied.com/
 |  Description: Shopkeeper is a responsive, super-mobile-friendly theme for WordPress and WooCommerce.
 |  Author: Get Bowtied
 |  Author URI: http://www.getbowtied.com/

[+] Name: shopkeeper-child - v1.0
 |  Location: http://yourdomain.com/wp-content/themes/shopkeeper-child/
[!] Directory listing is enabled: http://yourdomain.com/wp-content/themes/shopkeeper-child/
 |  Style URL: http://yourdomain.com/wp-content/themes/shopkeeper-child/style.css
 |  Theme Name: Shopkeeper Child
 |  Theme URI: http://shopkeeper.getbowtied.com/
 |  Description: This is a child theme for Shopkeeper.
 |  Author: Get Bowtied
 |  Author URI: http: //www.getbowtied.com/

[+] Enumerating timthumb files ...

   Time: 00:00:57 ========================================================================= (2539 / 2539) 100.00% Time: 00:00:57

[+] No timthumb files found

[+] Enumerating usernames ...
[+] We did not enumerate any usernames

[+] Finished: Mon Jul  4 14:17:46 2016
[+] Requests Done: 76791
[+] Memory used: 247.66 MB
[+] Elapsed time: 14:05:24
netto@talvisota ~/Downloads/wpscan $


 


Geraldo Netto
SourceForge
{
 "name": "Geraldo Netto" 
 "contacts": [
              
 ]
 "food": [
     
 ]
 "folk": [
         
 ]
 "mindset": [
  "Control Theory"
  "Ponde"
  "Seneca"
  "utilitarianism"
  "..."
 ]
 "praying": [
  "Hermetism"
  "Kabbalah"
  "Spiritism"
  "Tantra"
  "Umbanda Branca"
  "..."
 ]
 "music": [
  "Cafe Del Mar"
  "Fito Paez"
  "Jennifer Rostock"
  "Juli"
  "Leningrad"
  "Mafalda Veiga"
  "Oasis"
  "Raimundos"
  "Rammstein"
  "Sabaton"
  "Skank"
  "The Cure"
  "Tom Jobim"
  "Zucchero"
  "..."
 ]
 "arts": [
  "Kandinsky"
  "Pollock"
  "..."
 ]
 "tech": [
  "algorithms"
  "distributed systems"
  "linux"
  "statistics"
  "..."
 ]
}