Ryan, On Tue, Jun 9, 2009 at 9:39 PM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: > 2009/6/10 Andres Riancho <andres.rian...@gmail.com>: >> Stefano, All, >> >> On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paola<wi...@wisec.it> wrote: >>> Guys, >>> Sorry for getting into the middle of this thread without knocking... >>> Inline since I hate bottom posting :) >>> >>> Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto: >>>> Ryan, >>>> >>>> First of all, I would like to congratulate you for a job well >>>> done. The wordpress_fingerprint plugin is now part of w3af. >>>> >>>> I just commited it [0] to the trunk with a couple of changes >>>> (please review those changes, they are important). >>>> >>>> On the other hand, we still need to work a little more on this >>>> plugin. One of the features that I think should be implemented is the >>>> comparison between the fingerprinted version, and the version that's >>>> retrieved with the regular expression, could you do that? >>> >>> I know is a bit out of scope with the actual implementation of the >>> wordpress_fingerprint plugin, but I just finished reading this >>> interesting post: >>> >>> Web App Version detection using fingerprinting >>> http://sucuri.net/?page=docs&title=webapp-version-detection >> >> Also related, and from the same guys: >> http://sucuri.net/index.php?page=docs&title=state-wordpress-security >> > > Here he says that the readme.html bears the wordpress version, however > this is not always true. > > http://sucuri.net/?page=docs&title=wordpress-hardening > > Here is what I found: > > 2.7.1 shows 2.7 > 2.7 shows 2.7 > 2.6.5 shows 2.6.1 > 2.6.3 shows 2.6.1 > 2.6.2 shows 2.6.1 > 2.6.1 shows 2.6.1 > 2.6 shows 2.6 > 2.5.1 shows 2.5 > 2.5 shows 2.5 > 2.3.3 shows 2.3 > 2.3.2 shows 2.3 > 2.3.1 shows 2.3 > 2.3 shows 2.3 > 2.2.3 shows 2.2 > > As you can see it is not a reliable source for fingerprinting the > wordpress version.
But it's one more source of "version information", I think it should be added and properly documented in the same way that you explain in this email. In the best case scenario, the user would have three information objects in the kb: - One with the fingerprinted version that says "2.7.1" - One with the readme.html version that says "2.7" - One with the index.php header information that says "2.7.1" If in one case we see something like readme.html=="2.6" and fingerprinted version=="2.7.1", maybe we can report to the user that this is a 2.6 version that was upgraded to 2.7.1? Just ideas that should be researched a little more and maybe implemented into code. Cheers, >>> in particular: >>> 2- Wordpress Version Detection >>> 3- Wordpress version fingerprinting - Comparing files >>> >>> which I think is on topic at least to some extent. >>> It should not be too difficult to add a txt file and check for the >>> existence of those files to get a double check confirmation of the WP >>> version. >>> >>> >>>> Also related, I just twitted about this [1] >>>> >>>> [0] >>>> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/wordpress_fingerprint.py?view=markup >>>> [1] http://twitter.com/w3af >>>> >>>> Cheers, >>> >>> Cheers, >>> >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
