Kako proveriti bezbednost WordPress ili Joomla sajta i kakva je bezbednost naših blogova?

Primetio sam veću posećenost prošlog teksta o zaštiti sajta na WordPress-u te sam rešio da se pozabavim još malo ovom temom. Pozabaviću se sajtovima pravljenim u WordPress i Joomla CMS-u jer, realno, takvi sajtovi (pa i kompjuteras.com je na WordPress-u) se najviše koriste.

Sve ovde pišem (ovog puta nije fraza, ozbiljan sam) da bi ste i sami mogli da proverite vaše sajtove i blogove koje imate na WordPressu ili Joomla te kako bi iste propuste sami ispeglali pre nego što vam neko dokon i zlonameran uništi sajt…
Ovo ovde je dobronamerna analiza kako bih autorima blogova i sajtova pomogla  oko zaštite njihovog rada i nisam se bavio hakovanjem (ne znam da hakujem) već samo ispitivanju elemenata koji su dostupni svima na internetu. Autor svakog bloga koji je skeniran biće i lično obavešten putem maila, kontakt formulara ili društvenih mreža.

Šta je potrebno da bi se proverila osnovna bezbednost jednog WordPress/Joomla sajta?

Kali Linux – live verzija DVD-ja ili ako koristite neki drugi distro ili Windows možete ga instalirati kao virtualnu mašinu unutar VirtualBox-a (to je lako instalirati na VBox ali ako ne znate kako, pročitajte ovaj tekst – na engleskom je, ali šta da vam radim).

Najbolja, po meni opcija, jeste da imate Kali Linux ili BackBox Linux u dual-boot varijanti sa Windowsom ili nekom drugom varijantom. Tako možete uvek lako raditi update svih alata koji dolaze sa Kali, BackBox, BackTrack ili nekom drugom security-testing distribucijom.

Dakle, alati koje ću ja koristiti su besplatni i dostupni svima, a vi možete misliti koje alate koriste NSA/FBI/KGB ili profesionalni i zlonamerni hakeri.

Kad ste instalirali (ili pokrenuli sa live DVD-ja ili instalirali kao virtualnu mašinu) Kali Linux bilo bi dobro da uradite update svega na njemu komandama:
apt-get update
apd-get upgrade

WordPress: Skeniranje i provera bezbednosti

Ukucajte:
wpscan –url: www.wordpress_sajt.domen (npr wpscan –url https://kompjuteras.com). Ako ne postoje kritični problemi, sve će vam biti zeleno i belo 🙂
Kako proveriti bezbednost WordPress ili Joomla sajta i kakva je bezbednost naših blogova?

Ako postoje tačke koje su potencionalna pretnja biće obeležene crvenom bojom. Recimo ovo su tačke koje mogu biti upotrebnjene za prikupljanje informacija o sajtu i hakovanje istog.
KALI_03

A ovo je već ozbiljna pretnja i svako ko je imalo u hakerkim vodama znaće kako da je iskoristi. Radi se o neažuriranom All In One Seo Pack WordPress pluginu gde se putem XSS napada može preuzeti kontrola nad sajtom, odraditi difejsovanje i slično. Konkretno, korisnik ima plugin verzije 1.6.14.2 koji je prijavljen kao kritičan a trenutna, ispeglana i zakrpljena verzija je 2.1.4. Dakle, epic fail. Verzija 1.6.14.2 datira iz 2012-te godine (danas je 2014-ta).

KALI_02

 

Joomla: Skeniranje i provera bezbednosti

Za proveru bezbednosti Joomla sajta, koristi se sledeca sintaksa.
joomscan -u joomlasajt.domen > SKENIRANO.txt (npr joomscan -u www.cricbuzz.com > skenirano.txt). U fajlu SKENIRANO.txt ce biti rezultati skeniranja.
Nakon okidanja komande sačekajte par minuta da se skeniranje zavrsi i pogledajte fajl skenirano.txt. Vodite racuna, u linux razlikuje velika i mala slova (nije kao na Windowsu)

KALI_04

fajl mozete otvoriti u istom prozoru sa vi SKENIRANO.txt ili jednostavno duplim klikom na njega kako bi ga otvorili u nekom tekst editoru koji je human-friendly. Tražite one linije gde postoji Vunerable=Yes
KALI_05

 

Stanje bezbednosti najposećenijih WordPress sajtova u Srbiji

Na dan 27. Mart 2014

Problemi su podeljeni u dve kategorije, potencijalni i kritični.

Potencijalni problemi trenutno nisu aktuelni i ne moze se napraviti trenutno veća šteta sa njima ali mogu biti i preporuka je da se oni ipak okrpe. Recimo fajl readme.html okriva podatke o veziji i jeziku koji se koristi dok FDP od koje pati fajl rss-functions.php otkriva punu putanju sajta a može i da prouzrokuje u buducnosti SQL Injection napad. Tu su i pluginovi kojima nisam gledao verziju a koji su se vec pojavljivali kao kritični ranije. Pod uslovom da su ažurirani na poslednju verziju nisu problem ali ako nisu predstavljaju kritičan problem.
Apsurd je što je u ovom istraživanju pronadjen i plugin na sajtu njuz.net koji je problem samo u novoj verziji ne i u starijoj (doduše starija nije ni testirana moguce da je i tamo problem) tako da svakako treba pratiti s vremena na vreme stanje pluginova. Sajtovi koje preporučujem za tu namenu su: http://1337day.com/ i http://www.exploit-db.com

Pročitajte još i Zaštita sajtova baziranih na WordPress-u.

Kritični problemi – rešiti ih odmah, bez obzira da li se koristite nekisecurity pluginove, posebne permisije i slično…pa mislite da ste bezbedni i bole vas uši 🙂

Info: Skeniranje radjeno 27-og Marta 2014-te. Možda se u medjuvremenu stanje promenilo.

NJUZ.net – 2 potencijalna problema (pod uslovom da je plugin Comment Rating ažuriran) i ni jedan kritičan

Potencijalni problem:
[!] The WordPress ‘http://www.njuz.net/readme.html’ file exists

Potencijalno kritičan problem (imaju srecom stariji plugin koji nije ranjiv, sto ne znaci da ranjivost iz nove verzije plugina ne moze da se primeni na stariju verziju):
 | Name: comment-rating – v2.9.24
 | Location: http://www.njuz.net/wp-content/plugins/comment-rating/
 | Readme: http://www.njuz.net/wp-content/plugins/comment-rating/readme.txt
 |
 | * Title: Comment Rating 2.9.32 – Security Bypass Weakness and SQL Injection
 | * Reference: http://packetstormsecurity.com/files/120569/
 | * Reference: http://secunia.com/advisories/52348
 | * Reference: http://osvdb.org/90676
 | * Reference: http://www.exploit-db.com/exploits/24552/

ISTOKPAVLOVIC.com – 2 potencijalna problema i 1 kritičan

Potencijalni problemi:
[!] The WordPress ‘http://www.istokpavlovic.com/blog/readme.html’ file exists
[!] Full Path Disclosure (FPD) in: ‘http://www.istokpavlovic.com/blog/wp-includes/rss-functions.php’

Kritični problem (stara i bušna verzija plugina All in one SEO pack, ažurirati na najnoviju verziju  ODMAH):
 | Name: all-in-one-seo-pack – v1.6.14.2
 | Location: http://www.istokpavlovic.com/blog/wp-content/plugins/all-in-one-seo-pack/
 | Readme: http://www.istokpavlovic.com/blog/wp-content/plugins/all-in-one-seo-pack/readme.txt
 |
 | * Title: All in One SEO Pack <= 2.0.3 – XSS Vulnerability
 | * Reference: http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html
 | * Reference: http://packetstormsecurity.com/files/123490/
 | * Reference: http://www.securityfocus.com/bid/62784
 | * Reference: http://seclists.org/bugtraq/2013/Oct/8
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5988
 | * Reference: http://secunia.com/advisories/55133
 | * Reference: http://osvdb.org/98023
 | * Fixed in: 2.0.3.1

DRAGANVARAGIC.com – 6 potencijalnih problema, 1 kritičan

Potecijalni problemi:
[!] The WordPress ‘http://www.draganvaragic.com/readme.html’ file exists
[!] Directory listing is enabled: http://www.draganvaragic.com/wp-content/plugins/captcha/
[!] Directory listing is enabled: http://www.draganvaragic.com/wp-content/plugins/contact-form-7/
[!] Directory listing is enabled: http://www.draganvaragic.com/wp-content/plugins/gd-star-rating/
[!] Directory listing is enabled: http://www.draganvaragic.com/wp-content/plugins/wp-pagenavi/
[!] Directory listing is enabled: http://www.draganvaragic.com/wp-content/plugins/all-in-one-seo-pack/

Kritični problem (matori WordPress i jedna rupa vezana za njega, treba ažurirati na novu verziju ODMAH):
[+] WordPress version 3.7.1 identified from advanced fingerprinting
[!] 1 vulnerabilities identified from the version number
 |
 | * Title: wp-admin/options-writing.php Cleartext Admin Credentials Disclosure
 | * Reference: http://seclists.org/fulldisclosure/2013/Dec/135
 | * Reference: http://osvdb.org/101101

TARZANIJA.com – 4 potencijalna problema (pod uslovom da su pluginovi Contact Form 7, Digg,  NextGEN Gallery i W3 Total Cache ažurirani na poslednju verziju) i 1 kritičan.

Potencijalni problemi :

 | Name: contact-form-7
 | Location: http://tarzanija.com/wp-content/plugins/contact-form-7/
 |
 | * Title: Contact Form 7 3.5.2 – Crafted File Extension Upload Remote Code Execution
 | * Reference: http://packetstormsecurity.com/files/125018/
 | * Reference: http://seclists.org/fulldisclosure/2014/Feb/0
 | * Reference: http://osvdb.org/102776
 |
 | * Title: Contact Form 7 3.5.2 – File Upload Remote Code Execution
 | * Reference: http://packetstormsecurity.com/files/124154/
 | * Reference: http://osvdb.org/100189

 | Name: digg-digg
 | Location: http://tarzanija.com/wp-content/plugins/digg-digg/
 |
 | * Title: Digg Digg – CSRF
 | * Reference: http://wordpress.org/plugins/digg-digg/changelog/
 | * Reference: http://secunia.com/advisories/53120
 | * Reference: http://osvdb.org/93544

 | Name: nextgen-gallery
 | Location: http://tarzanija.com/wp-content/plugins/nextgen-gallery/
 |
 | * Title: NextGEN Gallery – SWF Vulnerable to XSS
 | * Reference: http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
 | * Reference: http://secunia.com/advisories/51271
 | * Fixed in: 1.9.8
 |
 | * Title: NextGEN Gallery – swfupload.swf Multiple Cross Site Scripting Vulnerabilities
 | * Reference: http://www.securityfocus.com/bid/60433
 |
 | * Title: NextGEN Gallery 1.9.12 – Arbitrary File Upload
 | * Reference: http://wordpress.org/plugins/nextgen-gallery/changelog/
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3684
 | * Reference: http://osvdb.org/94232
 | * Fixed in: 1.9.13
 |
 | * Title: NextGEN Gallery 1.9.11 – xml/json.php Crafted Request Parsing Path Disclosure
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0291
 | * Reference: http://secunia.com/advisories/52137
 | * Reference: http://osvdb.org/90242
 |
 | * Title: NextGEN Gallery 1.9.5 – gallerypath Parameter Stored XSS
 | * Reference: http://osvdb.org/97690
 |
 | * Title: NextGEN Gallery <= 1.9.0 – admin/manage-galleries.php paged Parameter XSS
 | * Reference: http://secunia.com/advisories/47588
 | * Reference: http://osvdb.org/78363
 | * Fixed in: 1.9.1
 |
 | * Title: NextGEN Gallery <= 1.9.0 – admin/manage-images.php paged Parameter XSS
 | * Reference: http://secunia.com/advisories/47588
 | * Reference: http://osvdb.org/78364
 | * Fixed in: 1.9.1
 |
 | * Title: NextGEN Gallery <= 1.9.0 – admin/manage.php Multiple Parameter XSS
 | * Reference: http://secunia.com/advisories/47588
 | * Reference: http://osvdb.org/78365
 | * Fixed in: 1.9.1
 |
 | * Title: NextGEN Gallery <= 1.8.3 – wp-admin/admin.php search Parameter XSS
 | * Reference: http://secunia.com/advisories/46602
 | * Reference: http://osvdb.org/76576
 | * Fixed in: 1.8.4
 |
 | * Title: NextGEN Gallery <= 1.8.3 – Tag Deletion CSRF
 | * Reference: http://secunia.com/advisories/46602
 | * Reference: http://osvdb.org/76577
 | * Fixed in: 1.8.4
 |
 | * Title: NextGEN Gallery <= 1.7.3 – xml/ajax.php Path Disclosure
 | * Reference: http://osvdb.org/72023
 | * Fixed in: 1.7.4
 |
 | * Title: NextGEN Gallery <= 1.5.1 – xml/media-rss.php mode Parameter XSS
 | * Reference: http://www.securityfocus.com/bid/39250
 | * Reference: http://secunia.com/advisories/39341
 | * Reference: http://osvdb.org/63574
 | * Reference: http://www.exploit-db.com/exploits/12098/
 | * Fixed in: 1.5.2

 | Name: w3-total-cache
 | Location: http://tarzanija.com/wp-content/plugins/w3-total-cache/
 |
 | * Title: W3 Total Cache – Username and Hash Extract
 | * Reference: http://seclists.org/fulldisclosure/2012/Dec/242
 | * Reference: https://github.com/FireFart/W3TotalCacheExploit
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6079
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6078
 | * Reference: http://osvdb.org/92742
 | * Reference: http://osvdb.org/92741
 | * Reference: http://www.metasploit.com/modules/auxiliary/gather/wp_w3_total_cache_hash_extract
 |
 | * Title: W3 Total Cache – Remote Code Execution
 | * Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
 | * Reference: http://wordpress.org/support/topic/pwn3d
 | * Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
 | * Reference: http://www.metasploit.com/modules/exploits/unix/webapp/php_wordpress_total_cache
 |
 | * Title: W3 Total Cache 0.9.2.9 – PHP Code Execution
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2010
 | * Reference: http://secunia.com/advisories/53052
 | * Reference: http://osvdb.org/92652
 | * Reference: http://www.exploit-db.com/exploits/25137/

 

Kritični problemi (matora verzija WordPress-a bušna na 6 strana, ažurirati to što pre):

[!] 6 vulnerabilities identified from the version number
 |
 | * Title: WordPress 3.4 – 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
 | * Reference: http://seclists.org/fulldisclosure/2013/Jul/70
 | * Reference: http://osvdb.org/95060
 | * Fixed in: 3.5.2
 |
 | * Title: WordPress 3.4 – 3.5.1 DoS in class-phpass.php
 | * Reference: http://seclists.org/fulldisclosure/2013/Jun/65
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173
 | * Reference: http://secunia.com/advisories/53676
 | * Reference: http://osvdb.org/94235
 |
 | * Title: WordPress 3.3.2 – 3.5 Cross-Site Scripting (XSS) (Issue 3)
 | * Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
 |
 | * Title: WordPress 3.4.2 Cross Site Request Forgery
 | * Reference: http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html
 |
 | * Title: XMLRPC Pingback API Internal/External Port Scanning
 | * Reference: https://github.com/FireFart/WordpressPingbackPortScanner
 |
 | * Title: WordPress XMLRPC pingback additional issues
 | * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html

AMITZDULNIKER.com – 4 potencijalna problema i ni jedan kritičan

Potencijani problemi:

[!] Full Path Disclosure (FPD) in: ‘http://amitzdulniker.com/wp-includes/rss-functions.php’
[!] Directory listing is enabled: http://amitzdulniker.com/wp-content/plugins/copy-link/
[!] Directory listing is enabled: http://amitzdulniker.com/wp-content/plugins/most-shared-posts/
[!] Directory listing is enabled: http://amitzdulniker.com/wp-content/plugins/seo-facebook-comments/

PERSONALMAG.rs – 3 potencijalna problema ni jedan kritičan

Potencijalni problemi:

[!] Full Path Disclosure (FPD) in: ‘http://www.personalmag.rs/wp-includes/rss-functions.php’
[!] Directory listing is enabled: http://www.personalmag.rs/wp-content/plugins/democracy/
[!] Directory listing is enabled: http://www.personalmag.rs/wp-content/plugins/slidedeck-pro-for-wordpress/

BASTABALKANA.com – 2 potencijalna problema i ni jedan kritičan

Potencijalni problemi (ako je W3 Total Cache ažuriran nije problem):

[!] The WordPress ‘http://www.bastabalkana.com/readme.html’ file exists

 | Name: w3-total-cache – v0.9.3
 | Location: http://www.bastabalkana.com/wp-content/plugins/w3-total-cache/
 | Readme: http://www.bastabalkana.com/wp-content/plugins/w3-total-cache/readme.txt
 |
 | * Title: W3 Total Cache 0.9.2.9 – PHP Code Execution
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2010
 | * Reference: http://secunia.com/advisories/53052
 | * Reference: http://osvdb.org/92652
 | * Reference: http://www.exploit-db.com/exploits/25137/

DRAGANADJERMANOVIC.com – 1 potencijani problem i 1 jedan kritičan

Potencijalni problemi:
[!] The WordPress ‘http://www.draganadjermanovic.com/readme.html’ file exists

Kritični problemi (matora verzija WordPress-a bušna na 8 strana, ažurirati to pod hitno):

[+] WordPress version 3.3 identified from rss generator
[!] 8 vulnerabilities identified from the version number
|
| * Title: Reflected Cross-Site Scripting in WordPress 3.3
| * Reference: http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html
|
| * Title: XSS vulnerability in swfupload in WordPress
| * Reference: http://seclists.org/fulldisclosure/2012/Nov/51
|
| * Title: XMLRPC Pingback API Internal/External Port Scanning
| * Reference: https://github.com/FireFart/WordpressPingbackPortScanner
|
| * Title: WordPress XMLRPC pingback additional issues
| * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
|
| * Title: Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php
| * Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6633
| * Fixed in: 3.3.3
|
| * Title: wp-admin/media-upload.php sensitive information disclosure or bypass
| * Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6634
| * Fixed in: 3.3.3
|
| * Title: wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
| * Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6635
| * Fixed in: 3.3.3
|
| * Title: Crafted String URL Redirect Restriction Bypass
| * Reference: http://packetstormsecurity.com/files/123589/
| * Reference: http://core.trac.wordpress.org/changeset/25323
| * Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
| * Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4339
| * Reference: http://secunia.com/advisories/54803
| * Reference: http://osvdb.org/97212
| * Reference: http://www.exploit-db.com/exploits/28958/
| * Fixed in: 3.6.1

FTW.rs – 2 potencijalna problema i ni jedan kritičan

Potencijalni problemi:
[!] The WordPress ‘http://ftw.rs/readme.html’ file exists
[!] Full Path Disclosure (FPD) in: ‘http://ftw.rs/wp-includes/rss-functions.php’

WANNABEMAGAZINE.com – 4 potencijalna problema (pod uslovom da su pluginovi NextGEN Gallery i W3 Total Cache ažurirani na poslednju verziju) i 1 kritičan

Potencijalni problem:

[!] The WordPress ‘http://wannabemagazine.com/readme.html’ file exists
[!] Full Path Disclosure (FPD) in: ‘http://wannabemagazine.com/wp-includes/rss-functions.php’

 | Name: nextgen-gallery
 | Location: http://wannabemagazine.com/wp-content/plugins/nextgen-gallery/
 | Readme: http://wannabemagazine.com/wp-content/plugins/nextgen-gallery/readme.txt
 | Changelog: http://wannabemagazine.com/wp-content/plugins/nextgen-gallery/changelog.txt
 |
 | * Title: NextGEN Gallery – SWF Vulnerable to XSS
 | * Reference: http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
 | * Reference: http://secunia.com/advisories/51271
 | * Fixed in: 1.9.8
 |
 | * Title: NextGEN Gallery – swfupload.swf Multiple Cross Site Scripting Vulnerabilities
 | * Reference: http://www.securityfocus.com/bid/60433
 |
 | * Title: NextGEN Gallery 1.9.12 – Arbitrary File Upload
 | * Reference: http://wordpress.org/plugins/nextgen-gallery/changelog/
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3684
 | * Reference: http://osvdb.org/94232
 | * Fixed in: 1.9.13
 |
 | * Title: NextGEN Gallery 1.9.11 – xml/json.php Crafted Request Parsing Path Disclosure
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0291
 | * Reference: http://secunia.com/advisories/52137
 | * Reference: http://osvdb.org/90242
 |
 | * Title: NextGEN Gallery 1.9.5 – gallerypath Parameter Stored XSS
 | * Reference: http://osvdb.org/97690
 |
 | * Title: NextGEN Gallery <= 1.9.0 – admin/manage-galleries.php paged Parameter XSS
 | * Reference: http://secunia.com/advisories/47588
 | * Reference: http://osvdb.org/78363
 | * Fixed in: 1.9.1
 |
 | * Title: NextGEN Gallery <= 1.9.0 – admin/manage-images.php paged Parameter XSS
 | * Reference: http://secunia.com/advisories/47588
 | * Reference: http://osvdb.org/78364
 | * Fixed in: 1.9.1
 |
 | * Title: NextGEN Gallery <= 1.9.0 – admin/manage.php Multiple Parameter XSS
 | * Reference: http://secunia.com/advisories/47588
 | * Reference: http://osvdb.org/78365
 | * Fixed in: 1.9.1
 |
 | * Title: NextGEN Gallery <= 1.8.3 – wp-admin/admin.php search Parameter XSS
 | * Reference: http://secunia.com/advisories/46602
 | * Reference: http://osvdb.org/76576
 | * Fixed in: 1.8.4
 |
 | * Title: NextGEN Gallery <= 1.8.3 – Tag Deletion CSRF
 | * Reference: http://secunia.com/advisories/46602
 | * Reference: http://osvdb.org/76577
 | * Fixed in: 1.8.4
 |
 | * Title: NextGEN Gallery <= 1.7.3 – xml/ajax.php Path Disclosure
 | * Reference: http://osvdb.org/72023
 | * Fixed in: 1.7.4
 |
 | * Title: NextGEN Gallery <= 1.5.1 – xml/media-rss.php mode Parameter XSS
 | * Reference: http://www.securityfocus.com/bid/39250
 | * Reference: http://secunia.com/advisories/39341
 | * Reference: http://osvdb.org/63574
 | * Reference: http://www.exploit-db.com/exploits/12098/
 | * Fixed in: 1.5.2

 | Name: w3-total-cache – v0.9.2.4
 | Location: http://wannabemagazine.com/wp-content/plugins/w3-total-cache/
 | Readme: http://wannabemagazine.com/wp-content/plugins/w3-total-cache/readme.txt
 |
 | * Title: W3 Total Cache – Username and Hash Extract
 | * Reference: http://seclists.org/fulldisclosure/2012/Dec/242
 | * Reference: https://github.com/FireFart/W3TotalCacheExploit
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6079
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6078
 | * Reference: http://osvdb.org/92742
 | * Reference: http://osvdb.org/92741
 | * Reference: http://www.metasploit.com/modules/auxiliary/gather/wp_w3_total_cache_hash_extract
 | * Fixed in: 0.9.2.5
 |
 | * Title: W3 Total Cache – Remote Code Execution
 | * Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
 | * Reference: http://wordpress.org/support/topic/pwn3d
 | * Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
 | * Reference: http://www.metasploit.com/modules/exploits/unix/webapp/php_wordpress_total_cache
 | * Fixed in: 0.9.2.9
 |
 | * Title: W3 Total Cache 0.9.2.9 – PHP Code Execution
 | * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2010
 | * Reference: http://secunia.com/advisories/53052
 | * Reference: http://osvdb.org/92652
 | * Reference: http://www.exploit-db.com/exploits/25137/

Kritični problem (matora verzija WordPress-a bušna na 5 strana, ažurirati to pod hitno):

[+] WordPress version 3.3.1 identified from advanced fingerprinting
[!] 5 vulnerabilities identified from the version number
 |
 | * Title: Multiple vulnerabilities including XSS and Privilege Escalation
 | * Reference: http://wordpress.org/news/2012/04/wordpress-3-3-2/
 |
 | * Title: WordPress 3.3.1 – Multiple CSRF Vulnerabilities
 | * Reference: http://www.exploit-db.com/exploits/18791/
 |
 | * Title: XSS vulnerability in swfupload in WordPress
 | * Reference: http://seclists.org/fulldisclosure/2012/Nov/51
 |
 | * Title: XMLRPC Pingback API Internal/External Port Scanning
 | * Reference: https://github.com/FireFart/WordpressPingbackPortScanner
 |
 | * Title: WordPress XMLRPC pingback additional issues
 | * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html

IGORMANJENCIC.com – 1 potencijalni problem

Potencijalni problem:
[!] Full Path Disclosure (FPD) in: ‘http://www.igormanjencic.com/wp-includes/rss-functions.php’

IGORTOMIC.net – 2 potencijalna problema, ni jedan kritičan

Potencijani problemi:
[!] Directory listing is enabled: http://igortomic.net/wp-content/plugins/contact-form-7/
[!] Directory listing is enabled: http://igortomic.net/wp-content/plugins/copy-link/

Rešenje:

Potecijalne probleme koje vidim, a vidim da su većinom vezani za readme.html i rss-functions.php možete rešiti ‘vako:

readme.html – obrišite ga, koji će vam
rss-functions.php – dodajte error_reporting(0); posle taga <?php

Kritične probleme, a vidim da su svi vezani za nažuriran WordPress i pluginove možete rešiti isključivo ažuriranjem na aktuelnu verziju.
Tu je i problem listanja direktorijuma, a njega možete rešiti prostim dodavnjem linije u htaccess:
 # directory browsing    
Options All -Indexes

4 komentara na tekst Kako proveriti bezbednost WordPress ili Joomla sajta i kakva je bezbednost naših blogova?

  • Bašta Balkana

    Mi bi se zahvalili u svoje ime i u ime ostalih kolega na vašem trudu oko analize postojećih sajtova. Cenimo napor i volju da se tema bezbednosti sajtova razmotri, jer što je sajt veći to bezbednost ima veći značaj.

    Respect 🙂

  • Ivan Petrović

    Joomlascan se ne ažurira već skoro godinu dana a WPScan čak malo više

    • Darko Dražović

      Znam. Možda je i bolje, ko zna šta bi sve našli po blogovima da su programi full ažurirani 🙂
      Treba uzeti u razmatranje i Vega i uniscan (ima ih na Kaliju) kad je testiranje bezbednosti u pitanju, ali nisam hteo da pokušavam sa njima jer mogu prouzrokovati resource busy problem na sajtovima…što ne želim.

  • Dragana Djermanovic

    Hvala Darko!

Komentarišite

Email neće biti javno objavljen. Sajt je neobavezan podatak, svi ostali su obavezni.