Abstact:
This paper discusses the automatic enumeration and fingerprinting of web applications. In this case, the popular WordPress blogging software was usedas an example to gain insight about the patch levels in "casual" environments.
Deprecated versions of WordPress are known to include several critical vulnerabilities, which make them an easy target to compromise systems in order to perform browser-based exploitation on their visitors or use the underlying infrastructure for several malicious purposes, for example sending spam or hosting malware.
In the first part of the paper, the technical solution to identify installations of the target application using openly available technology is being discussed. Further, the basic method of fingerprinting different versions of WordPress
(1.2 up to 2.7.1) are being illustrated.
In the second part of this document, some analysis of a enumeration scenario can be found. The scenario includes the enumeration, fingerprinting and analysis of thousand blogs powered by WordPress in Switzerland and Liechtenstein of which 60 per cent were found to be deprecated and partly prone to certain well-known security vulnerabilities.
Sprache: Englisch
Download: PDF, 450kb
This paper discusses the automatic enumeration and fingerprinting of web applications. In this case, the popular WordPress blogging software was usedas an example to gain insight about the patch levels in "casual" environments.
Deprecated versions of WordPress are known to include several critical vulnerabilities, which make them an easy target to compromise systems in order to perform browser-based exploitation on their visitors or use the underlying infrastructure for several malicious purposes, for example sending spam or hosting malware.
In the first part of the paper, the technical solution to identify installations of the target application using openly available technology is being discussed. Further, the basic method of fingerprinting different versions of WordPress
(1.2 up to 2.7.1) are being illustrated.
In the second part of this document, some analysis of a enumeration scenario can be found. The scenario includes the enumeration, fingerprinting and analysis of thousand blogs powered by WordPress in Switzerland and Liechtenstein of which 60 per cent were found to be deprecated and partly prone to certain well-known security vulnerabilities.
Sprache: Englisch
Download: PDF, 450kb
