Add Wordpress under web app technologies about pwnwiki.github.io HOT 12 CLOSED

Do you just want the content to be the list of exploits that they have on that site and what they are? Or take a copy of each of the exploit listing's there and paste them along with a brief explanation and some formatting for the wiki?

Bit unclear on this, though the content looks great to include :)

from pwnwiki.github.io.

Hey @mubix any explanation about this? Sorry to interrupt, just wanted to clarify things up.

from pwnwiki.github.io.

There is a ton of information on that page, testing stuff out, seeing how to look for that stuff, and documenting anything that can be reliably used to pwn wordpress I think would be the ticket

from pwnwiki.github.io.

Cheers, will look into that.

from pwnwiki.github.io.

@tekwizz123 Any progress on this?

from pwnwiki.github.io.

@WebBreacher Sorry haven't been working on this tbh. If you want I can spend some time next week looking this over some more? Appologies for not updating the issue to reflect this.

from pwnwiki.github.io.

@tekwizz123 no worries man. Trying to get back into putting content into pwnwiki, closing issues, etc. No rush.

from pwnwiki.github.io.

@WebBreacher Ok updated to latest version now, will get working on trying to fix that issue for you now that I have some time :)

from pwnwiki.github.io.

@mubix Correct me if I'm wrong but isn't a lot of this included in WP-Scan already? It seems a bit pointless documenting all of the exploits when theres potentially hundreds of them to document.

from pwnwiki.github.io.

I agree that documenting all the modules in a tool is not really worth it. But I also know that sometimes people cannot use a certain tool or have to run manual tests. For those people this would be good. Not saying we have to do it...maybe there is some middle ground? "WPScan, a fabulous tool, has the following modules as of 8/26/2014 and can be used to..."?????

from pwnwiki.github.io.

Ok, so I'lve looked up a lot of different news articles and it seems most
of the problems are related to bad passwords, old plugins, and the usual
stuff. Theres a few good articles I found of specific cases of these
vulnerabilities such as a TimThumb 0day bug in the image handler that was
found (good explanation of this on exploit-db), and a corresponding article
in which the author of TimThumb actually recommends that people don't use
his code anymore, which I found interesting.

To compliment @mubix's original post, I found an excellent and updated site
dedicated to wordpress security and flaws in plugins. Its also got guides
to securing yourself, the exploits page is in a nice list that you could
scrape with a tool, and on the main page the exploits also contain the type
of vulnerability that was found. Its located at: http://wpsecure.net/

I'll probably scrape a lot of content off of that site, since they have
guides to securing wordpress installs from the basic level up to the
advanced specifics for the server side.

Perhaps we can post a link to this rather?
http://wpsecure.net/category/exploits/

On Tue, Aug 26, 2014 at 11:18 AM, WebBreacher [email protected]
wrote:

I agree that documenting all the modules in a tool is not really worth it.
But I also know that sometimes people cannot use a certain tool or have to
run manual tests. For those people this would be good. Not saying we have
to do it...maybe there is some middle ground? "WPScan, a fabulous tool, has
the following modules as of 8/26/2014 and can be used to..."?????

—
Reply to this email directly or view it on GitHub
#57 (comment)
.

from pwnwiki.github.io.

Considering this issue has been fixed with the last pull request (bc09ed9), I'm going to close this issue until someone has a reason to reopen it.

from pwnwiki.github.io.