Time spent: 11 hours spent in total
Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress
- (Required) Vulnerability Name or ID: Authenticated Stored Cross-site scripting
- Summary:
- Vulnerability types: XSS
- Tested in version: 4.2
- Fixed in version: 4.6.1
- GIF Walkthrough:
- Steps to recreate: Create a new post and insert code in text:
<a onmouseover= "alert('Hi there!!!')" >click here</a>
. Click "Preview" and the post you intend to post appears. When the cursor hovers over the click here link, the alert pops up. - Affected source code:
- (Required) Vulnerability Name or ID
- Summary:
- Vulnerability types:
- Tested in version: 4.2
- Fixed in version: 4.7.5
- GIF Walkthrough:
- Steps to recreate: Go to the login page of WordPress and first check for admin with no password, which leads to the empty password field. Next, check for admin but with an incorrect password, resulting to incorrect password for admin to display. Then, when we write in a random username and password, it shows error that username doesn't exist.
- Affected source code:
- (Required) Vulnerability Name or ID: Authenticated Stored Cross-Site Scripting via Image Filename
- Summary:
- Vulnerability types:
- Tested in version: 4.2
- Fixed in version:
- GIF Walkthrough:
- Steps to recreate: Go to create the media page and upload a picture. Once uploaded, click on the image and insert the following code to the title of the image:
filename<img src=a onerror=alert(1)>.png
. Then click on "View attachment page" and the alert will pop up. - Affected source code:
- (Optional) Vulnerability Name or ID: Stored XSS through embedded URL
- Summary:
- Vulnerability types:
- Tested in version: 4.2
- Fixed in version: 4.2.13
- GIF Walkthrough:
- Steps to recreate:
- Create a page containing a harmful embedded link; for instance:
" [embed src='https://youtube.com/embed/123\x3csvg onload=alert(59938)\x3e'][/embed] "
So when you public/ preview the page the alert will appear.
- Create a page containing a harmful embedded link; for instance:
- Affected source code:
List any additional assets, such as scripts or files
GIFs created with LiceCap.
Describe any challenges encountered while doing the work
Copyright [2018] [Connie Wu]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.