WordPress vulnerability on Linux with WPScan

(WPScan) Speaking of general security and privacy in WordPress in particular, in addition to the popular WordPress security measures to minimize the attack rate, we have to consider another aspect that is causing your website. You hacked that website with holes. Yes, no matter what security configuration you have, but you do not patch security holes, you will be hacked.

If you are using WordPress on your own Linux server (or have access to a server with SSH), you can use a tool to help you spot a vulnerability on the very popular WordPress website named WPScan.

What does WPScan do?

WPScan has many functions that you will be very interested in as:

  • Check out the source code for vulnerabilities in XSS, SQL Injection, Local Attack, … blah blah …. in general, the vulnerabilities were announced at  https://wpvulndb.com/ .
  • Investigate installed plugins.
  • Self-attack Brute Force Attack with the available data to evaluate the strength of the password.

Briefly this is so but when used you will find very nice because of the database vulnerabilities in WordPress in WPVULDB very large. You will know which plugins are vulnerable (even if you have patched them) to see if you’re sure you’ve used the patch version, so you know what you need to do.

Note that this tool only supports you to test, not support patches. So if you find an error, try to read the information back to see if you really have patched, if not, then find out if your plugin / theme is using the patch.

Install WPScan

To install WPScan, make sure your machine is Linux and have installed Ruby and Git .

If you use Shared Host then do not need to do the steps below, just plugin the  Security Scanner plugin .

You then install by typing the following commands in turn.

Ubuntu 12.04 or lower

sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && install bundle --without test

Ubuntu 14.04 or higher

sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && install bundle --without test

CentOS / Fedora

sudo yum install gcc libxml2
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && install bundle --without test

Mac OS

For Macs you use the commands above, without using the first command to install the necessary applications.

And now, when you need to use it, you access the directory wpscan/and then use it because we have to run the file wpscan.rbin it.

ruby wpscan.rb --update

Wpscan commands

Scan the website.

ruby wpscan.rb --url thangmedia.com

Check for errors in the plugin

ruby wpscan.rb --url thangmedia.com --enumerate p

Scan errors from a specified wp-content directory

If your website has renamed the wp-content directory then you can use the following command to scan the directory name instead of scanning the wp-content directory.

ruby wpscan.rb -u thachpham.com --wp-content-dir du-lieu

There are quite a few other commands you can look at at  https://github.com/wpscanteam/wpscan .

If the plug-in has been found to have errors, you will receive this information (if the version you are using has no errors):

[+] Name: wordpress- seo
 | Location: https://thangmedia.com/wp-content/plugins/wordpress-seo/
 | Changelog: https://thangmedia.com/wp-content/plugins/wordpress-seo/changelog.txt

[!] We could not determine a version so all the vulnerabilities are printed out

[!] Title: WordPress SEO - Security issue which allowed any user to reset settings
 Reference: https://wpvulndb.com/vulnerabilities/6837
 Reference: http://wordpress.org/plugins/wordpress-seo/changelog/
[i] Fixed in: 1.4.5

[!] Title: WordPress SEO <1.4.7 - Reset Settings Feature Access Restriction Bypass
 Reference: https://wpvulndb.com/vulnerabilities/6839
 Reference: https://secunia.com/advisories/52949/
[i] Fixed in: 1.4.7

[!] Title: WordPress SEO by Yoast <= - Blind SQL Injection
 Reference: https://wpvulndb.com/vulnerabilities/7841
 Reference: https://www.exploit-db.com/exploits/36413/
[i] Fixed in: 1.7.4

And if the version you are using has errors, it will tell you exactly which files and which parts are faulty so that you know which to study.

In general, the plugin is very useful, although the function is only so, but you should install and scan to see if our website is really clean or not.

You May Also Like

About the Author: ThangZ

ThangZ is the founder of ThangMedia.com,is a personal webblog that was launched on 2017 and is being operated / developed by ThangZ founder.

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Share This