Web Application Security
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Jun 20 2011 04:49PM
Chris Weber (chris casabasecurity com)
Ryan - I'm I correct that the two methods you use for identifying the WP
version are:

a) Parse the readme.html file for the version number
b) Parse the meta tag generator content for the WP version number

In the case where both of these failed, what do you do? Does Seth's plan of
comparing hashes of the js/css/other files sound like it would work?

-Chris

-----Original Message-----
From: websecurity-bounces (at) lists.webappsec (dot) org [email concealed]
[mailto:websecurity-bounces (at) lists.webappsec (dot) org [email concealed]] On Behalf Of seth
Sent: Sunday, June 19, 2011 12:14 AM
To: ryandewhurst (at) gmail (dot) com [email concealed]
Cc: webappsec (at) securityfocus (dot) com [email concealed]; websecurity (at) webappsec (dot) org [email concealed]
Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

I have started a wp scanner but lost the files before finishing and never
started again. It had three ways of identifying the version:
Generator meta tag
Readme file (you already download it, and the only valuable information i
see is the version number. Why not showing it?) Downloading some javascript,
css, images, etc. Then comparing the hashes of these files against an array
that was like [file][hash]=>version Hope it's usefull

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus