WebApp Sec mailing list archives
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner
From: "Chris Weber" <chris () casabasecurity com>
Date: Mon, 20 Jun 2011 09:49:38 -0700
Ryan - I'm I correct that the two methods you use for identifying the WP version are: a) Parse the readme.html file for the version number b) Parse the meta tag generator content for the WP version number In the case where both of these failed, what do you do? Does Seth's plan of comparing hashes of the js/css/other files sound like it would work? -Chris -----Original Message----- From: websecurity-bounces () lists webappsec org [mailto:websecurity-bounces () lists webappsec org] On Behalf Of seth Sent: Sunday, June 19, 2011 12:14 AM To: ryandewhurst () gmail com Cc: webappsec () securityfocus com; websecurity () webappsec org Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner I have started a wp scanner but lost the files before finishing and never started again. It had three ways of identifying the version: Generator meta tag Readme file (you already download it, and the only valuable information i see is the version number. Why not showing it?) Downloading some javascript, css, images, etc. Then comparing the hashes of these files against an array that was like [file][hash]=>version Hope it's usefull This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 18)
- Re: Introducing WPScan – WordPress Security Scanner seth (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Veronica (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 19)
- Message not available
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Message not available
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Ryan Dewhurst (Jun 20)
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Re: Introducing WPScan – WordPress Security Scanner seth (Jun 19)