Friday, January 16, 2015

Vulnerability Scanning: Wordpress Security

WordPress is one of the best and most popular content management system (CMS) among bloggers and there are a lot of bloggers using WordPress as a CMS. Wordpress is on the hit list of the hackers and spammers, spammers use their malware to compromise a wordpress website that is why reverse engineering of malware is necessary.

However there are other CMS available, like Joomla!, but WordPress has its own importance and market. Since most bloggers are using WordPress the security is also important and a single dangerous vulnerability may lead to thousands of compromised WordPress blogs. From the penetration tester point-of-view an administrator must be aware at the system level, as well as the application level, of existing vulnerabilities in order to protect these website(s).

A quick tip to secure a WordPress (or any other) blog from the system/server software vulnerability is by auditing. This includes keeping up-to-date all the server’s software, browsers, anti-virus, using strong passwords and changing them very often, scanning the server for malware and backdoors, using firewalls, etc.,. WordPress software itself has different vulnerabilities; in fact security researchers discover new vulnerabilities on a daily basis.

So in this article we will cover some tools and plug-ins to audit WordPress software for security holes and vulnerabilities. We will also discuss the possible ways and tools that an attacker might use to hack into WordPress, and some of the best way(s) to secure a WordPress blog.

WordPress Security Audit & Vulnerability Scanning

A security audit is one of the most important steps to finding possible vulnerabilities in WordPress and in this section I will discuss some tools and plug-ins you can use to find them.

Plecost WordPress Fingerprinting Tool:

Plecost is a wonderful tool to audit a WordPress blog and it is available by default on the most famous penetration test tools i.e., Backtrack, Backbox and Blackbuntu. Plecost contains a database of available plug-ins and compares them against the common vulnerability and exposure (CVE) list to verify its vulnerability on WordPress.
Plecost can work in two modes – either by auditing the security of a single targeted URL or Google search results. Our goal is to audit a single URL.


Here is the result of a quick and a simple audit on WordPress using Plecost.

root@bt:/pentest/web/scanners/plecost# ./plecost-0.2.2-9-beta.py -i wp_plugin_list.txt -c http://127.0.0.1/wordpress

-------------------------------------------------

[*] Input plugin list set to: wp_plugin_list.txt

[*] Colored output set on.

-------------------------------------------------

==> Results for: http://127.0.0.1/wordpress <==

[i] WordPress version found: 3.3

[i] WordPress last public version: 3.3.1

[*] Search for installed plugins

[i] Plugin found: akismet

|_Latest version: 2.4.0

|_ Installed version: 2.3.0

|_CVE list:

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)

|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)

|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)

[i] Plugin found: wp-security-scan

|_Latest version: 2.7.1.2

|_ Installed version: trunk

|_CVE list:

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

You can see that this WordPress software is outdated. The new version of WordPress is available and the new version of the plug-ins are also available, but they have not been updated.

No comments:

Post a Comment