2009/6/10 Andres Riancho <andres.rian...@gmail.com>: > Ryan, > > On Tue, Jun 9, 2009 at 9:39 PM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: >> 2009/6/10 Andres Riancho <andres.rian...@gmail.com>: >>> Stefano, All, >>> >>> On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paola<wi...@wisec.it> wrote: >>>> Guys, >>>> Sorry for getting into the middle of this thread without knocking... >>>> Inline since I hate bottom posting :) >>>> >>>> Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto: >>>>> Ryan, >>>>> >>>>> First of all, I would like to congratulate you for a job well >>>>> done. The wordpress_fingerprint plugin is now part of w3af. >>>>> >>>>> I just commited it [0] to the trunk with a couple of changes >>>>> (please review those changes, they are important). >>>>> >>>>> On the other hand, we still need to work a little more on this >>>>> plugin. One of the features that I think should be implemented is the >>>>> comparison between the fingerprinted version, and the version that's >>>>> retrieved with the regular expression, could you do that? >>>> >>>> I know is a bit out of scope with the actual implementation of the >>>> wordpress_fingerprint plugin, but I just finished reading this >>>> interesting post: >>>> >>>> Web App Version detection using fingerprinting >>>> http://sucuri.net/?page=docs&title=webapp-version-detection >>> >>> Also related, and from the same guys: >>> http://sucuri.net/index.php?page=docs&title=state-wordpress-security >>> >> >> Here he says that the readme.html bears the wordpress version, however >> this is not always true. >> >> http://sucuri.net/?page=docs&title=wordpress-hardening >> >> Here is what I found: >> >> 2.7.1 shows 2.7 >> 2.7 shows 2.7 >> 2.6.5 shows 2.6.1 >> 2.6.3 shows 2.6.1 >> 2.6.2 shows 2.6.1 >> 2.6.1 shows 2.6.1 >> 2.6 shows 2.6 >> 2.5.1 shows 2.5 >> 2.5 shows 2.5 >> 2.3.3 shows 2.3 >> 2.3.2 shows 2.3 >> 2.3.1 shows 2.3 >> 2.3 shows 2.3 >> 2.2.3 shows 2.2 >> >> As you can see it is not a reliable source for fingerprinting the >> wordpress version. > > But it's one more source of "version information", I think it should > be added and properly documented in the same way that you explain in > this email. In the best case scenario, the user would have three > information objects in the kb: > > - One with the fingerprinted version that says "2.7.1" > - One with the readme.html version that says "2.7" > - One with the index.php header information that says "2.7.1" > > If in one case we see something like readme.html=="2.6" and > fingerprinted version=="2.7.1", maybe we can report to the user that > this is a 2.6 version that was upgraded to 2.7.1? Just ideas that > should be researched a little more and maybe implemented into code. > > Cheers, >
Aye, I see what you mean. I'll have a look into it over the weekend. I like the way sucuri's information gathering tool finds the wordpress installation path from server errors also. >>>> in particular: >>>> 2- Wordpress Version Detection >>>> 3- Wordpress version fingerprinting - Comparing files >>>> >>>> which I think is on topic at least to some extent. >>>> It should not be too difficult to add a txt file and check for the >>>> existence of those files to get a double check confirmation of the WP >>>> version. >>>> >>>> >>>>> Also related, I just twitted about this [1] >>>>> >>>>> [0] >>>>> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/wordpress_fingerprint.py?view=markup >>>>> [1] http://twitter.com/w3af >>>>> >>>>> Cheers, >>>> >>>> Cheers, >>>> >>>> >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop