[WEB SECURITY] Introducing WPScan - WordPress Security Scanner

Chris Weber chris at casabasecurity.com
Mon Jun 20 12:49:38 EDT 2011


Ryan - I'm I correct that the two methods you use for identifying the WP
version are:

a) Parse the readme.html file for the version number
b) Parse the meta tag generator content for the WP version number

In the case where both of these failed, what do you do?  Does Seth's plan of
comparing hashes of the js/css/other files sound like it would work?

-Chris


-----Original Message-----
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of seth
Sent: Sunday, June 19, 2011 12:14 AM
To: ryandewhurst at gmail.com
Cc: webappsec at securityfocus.com; websecurity at webappsec.org
Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

I have started a wp scanner but lost the files before finishing and never
started again. It had three ways of identifying the version:
Generator meta tag
Readme file (you already download it, and the only valuable information i
see is the version number. Why not showing it?) Downloading some javascript,
css, images, etc. Then comparing the hashes of these files against an array
that was like [file][hash]=>version Hope it's usefull 






More information about the websecurity mailing list