Author Topic: wpscan help  (Read 2183 times)

0 Members and 1 Guest are viewing this topic.

Offline yhi

  • Serf
  • *
  • Posts: 42
  • Cookies: -70
    • View Profile
wpscan help
« on: April 27, 2015, 08:04:56 pm »
i was trying wpscan on a website it showed website is vulnerable to CSRF in wp-login.php Password Reset

but i dont know how to exploit the vulnerability i need help please help me :)

i already searched on google didnt found any thing :(


[!] Title: WordPress <= 4.0 - CSRF in wp-login.php Password Reset
    Reference: https://wpvulndb.com/vulnerabilities/7691
    Reference: https://core.trac.wordpress.org/changeset/30418
    Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9033
Fixed in: 4.0.1

Offline Duko

  • /dev/null
  • *
  • Posts: 18
  • Cookies: 2
  • PORTUGAL <3
    • View Profile
Re: wpscan help
« Reply #1 on: April 27, 2015, 09:03:54 pm »
Have you tried searching IN HERE ASWELL?

You used a scanner, you found a vuln, you dont know how to exploit it, in short = Skid


Anyway, some link for you to at least try to learn:

https://evilzone.org/tutorials/csrf-tutorial-by-connection/msg24457/#msg24457 <---- You should also search on Evilzone too

http://www.cs.utexas.edu/~shmat/courses/cs378_spring09/zeller.pdf

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: wpscan help
« Reply #2 on: April 27, 2015, 09:35:23 pm »
Also make sure you read the output and that it doesn't say "unknown version displaying all vulnerabilities"  or something along those lines. I had ran it on some sites I set up for people and realized this. Idk I've only used wpscan once. Great tool for webadmins and attackers who don't mind being noisey
« Last Edit: April 27, 2015, 09:35:52 pm by DeepCopy »
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry