Author Topic: wpscan help (Read 2179 times)

yhi · « **on:** April 27, 2015, 08:04:56 pm »

i was trying wpscan on a website it showed website is vulnerable to CSRF in wp-login.php Password Reset

but i dont know how to exploit the vulnerability i need help please help me

i already searched on google didnt found any thing

[!] Title: WordPress <= 4.0 - CSRF in wp-login.php Password Reset
Reference: https://wpvulndb.com/vulnerabilities/7691
Reference: https://core.trac.wordpress.org/changeset/30418
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9033
Fixed in: 4.0.1

Duko · « **Reply #1 on:** April 27, 2015, 09:03:54 pm »

Have you tried searching IN HERE ASWELL?

You used a scanner, you found a vuln, you dont know how to exploit it, in short = Skid

Anyway, some link for you to at least try to learn:

https://evilzone.org/tutorials/csrf-tutorial-by-connection/msg24457/#msg24457 <---- You should also search on Evilzone too

http://www.cs.utexas.edu/~shmat/courses/cs378_spring09/zeller.pdf

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

iTpHo3NiX · « **Reply #2 on:** April 27, 2015, 09:35:23 pm »

Also make sure you read the output and that it doesn't say "unknown version displaying all vulnerabilities" or something along those lines. I had ran it on some sites I set up for people and realized this. Idk I've only used wpscan once. Great tool for webadmins and attackers who don't mind being noisey

EvilZone

News:

Author Topic: wpscan help (Read 2179 times)

yhi

wpscan help

Duko

Re: wpscan help

iTpHo3NiX

Re: wpscan help