yeukhon / minion-wpscan-plugin

Minion plugin for the famous wpscan security tool
Mozilla Public License 2.0
3 stars 0 forks source link

Expose issues #1

Open yeukhon opened 10 years ago

yeukhon commented 10 years ago

These are the issues we probably should expose.

  1. The wordpress version detected
  2. Whether readme.html is found or not
  3. How many known vulnerabilties are associated with this version of wordpress
  4. Whether the theme currently used has any vulnerabilities or not (and report the theme that is being used)
  5. How many known vulnerable plugins the target has installed
  6. How many users are detected
yeukhon commented 10 years ago

It would be nice if we can expose this

wordpress
   version:
   is_multi_site
   is_outdated
   readme_exists
   theme
   vulnerability [
       title
       references:  [    ]
   ]
plugins = [
    {
        name
        vulnerability:
            title
            references: [   ]
    }
]

themes = [
    {
        name:
        vulnerability:
             title
             references: [  ]
        in_use: true/false
    }
]

users = [
    {
         id
         login
         name
         password
    }
]
yeukhon commented 10 years ago

Something like this:


{
    "wordpress": {
        "version": "3.8",
        "is_multi_site": false,
        "is_outdated": false,
        "readme_exists": true,
        "theme": "twentyten",
        "vulnerabilities": [
            {
                "title": "wp-admin/link-manager.php Multiple Parameter SQL Injection",
                "references": [
                    "http://secunia.com/advisories/45099",
                    "http://osvdb.org/73723",
                    "http://www.exploit-db.com/exploits/17465/"
                ],
                "fixed_since": "3.1.4"
            }
        ]
    },
    "plugins": [
        {
            "name": "advanced-custom-fields",
            "vulnerabilities": {
                "title": "Advanced Custom Fields <= 3.5.1 - Remote File Inclusion",
                "references": [
                    "http://packetstormsecurity.com/files/119221/",
                    "http://www.exploit-db.com/exploits/23856/"
                ],
                "fixed_since": "3.5.2"
            }
        }
    ],
    "themes": [
        {
            "name": "xxxxx",
            "vulnerabilities": {}
        }
    ],
    "users": [
        {
            "id": "1",
            "login": "admin",
            "name": "admin",
            "password": ""
        },
        {
            "id": "2",
            "login": "bob",
            "name": "Bob",
            "password": "123456"
        }
    ]
}

When there are no vulnerabilities, the dict remains empty.

{
    "wordpress": {
        "version": "",
        "is_multi_site": False,
        "is_outdated": False,
        "readme_exists": True,
        "theme": "",
        "vulnerabilities": [
            {
                "title": "",
                "references": [
                ],
                "fixed_since": ""
            }
        ]
    },
    "plugins": [
        {
            "name": "",
            "vulnerabilities": {
                "title": "",
                "references": [
                ],
                "fixed_since": ""
            }
        }
    ],
    "themes": [
        {
            "name": "",
            "vulnerabilities": {}
        }
    ],
    "users": [
        {
            "id": "",
            "login": "",
            "name": "",
            "password": ""
        }
    ]