CVE-2017-6817

Pen-testing - Finding, analyzing, recreating, and documenting five vulnerabilities affecting an old version of WordPress

Project 7 - WordPress Pen Testing Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Unauthenticated Stored Cross-Site Scripting (CVE-2015-3440) Summary: An unathorized user/attacker can inject JavaScrip in WordPress comments, which will be triggered when the comment is viewed If triggered by a

Stored XSS in Wordpress Core for embed youtube urls: created by adding crafted xss youtube embed url WPScan summary: Title: WordPress 40-472 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Reference: wpvulndbcom/vulnerabilities/8768 Reference: wordpressorg/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ Reference: ht

Project 7 - WordPress Pentesting Time spent: 4 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds (CVE-2017-6817) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 4213 GIF Walk

Project 7 - WordPress Pentesting Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress 33-474 - Large File Upload Error XSS (CVE-ID: CVE-2017-9061) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 4215 GIF Walkthrough: user-imagesgithubuserconten

Project 7 - WordPress Pentesting Time spent: 4 hours spent in total Objective: Find, analyze, recreate, and document three vulnerabilities affecting an old version of WordPress Pentesting Report (Required) File Too Large XSS Summary: The media upload section in Wordpress does not properly sanitize the name of the uploaded media, causing accesses to it to run arbitrary jav

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Unauthenticated Stored Cross-Site Scripting(CVE-2015-3440) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 GIF Walkthrough:

Hung_Nguyen_Cybersecurity_University Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document three (required) to five (optional) vulnerabilities affecting an old version of WordPress Pentesting Report (Required) 40-472 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerabi

Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress, using wpscan in Kali linux.

Project 7 - WordPress Pentesting Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Stored Cross-Site Scripting via Image Filename Summary: Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/mediaphp in

Experimenting with Kali Linux tools to exploit vulnerabilities in WordPress

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) WordPress 40-428 - Pupload Same-Origin Method Execution (SOME) attack Summary: a cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2016-4566 b wpvulndbco

Procedures and proofs of concept for Assignment 7, Kali Linux vs. Wordpress

Codepath-Assignment-7 Procedures and proofs of concept for Assignment 7, Kali Linux vs Wordpress Exploit 1: Cross-site scripting via comment section, CVE unknown, Ver <=42 klikkifi/adv/wordpress2html Go to the comment section of any post on version 42 of Wordpress or earlier Inject a malicious script into a comment There appear to be no escaping requirem

Project 7 - WordPress Pentesting (CSE 4253)

Project 7 - WordPress Pentesting Time spent: 3 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2016-7168 Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 461 Steps to recreate: Create an image with a name containing something like <

CodePath-Assignments Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE 2015-5622 Wordpress 43 - Authenticated Shortcode Tags Cross-Site Scripting Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 43

Testing certain penetration methods on WordPress

Pen Testing Report On Wordpress Testing certain penetration methods on WordPress 41 Intial Scan The first step in my initial scan was to have the docker images of both wordpress and kali running With kali invoked we will first update the WordPress scans database using wpscan --update Now, I ran wpscan against the running WordPress instance on my local host Using the foll

Project 7 - WordPress Pentesting Time spent: 15 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 1 CVE-2017-6817: Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerability types: XSS Tested in version: 4116 Fixed in version: 603 GIF W

WordPress Pen Testing Objective: Find, analyze, recreate, and document three vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Authenticated Stored Cross-Site Scripting (CVE-2015-5732) Summary: XSS vulnerability in WordPress before 423 allowing remote authenticated users to inject malicious scripts by utlizing Contributor role Vulnerability ty