Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Wordpress Fingerprinting"

From NetSec
Jump to: navigation, search
Line 1: Line 1:
{{InHouse}}{{info|Wordpress comes bundled with the tinymce.js plug-in.  Because this code changes '''every''' wordpress release, we are able to use its [[Cryptography|md5sum]] to determine a wordpress version against a target site.  A [[perl]] script is below.}}
+
{{info|Wordpress comes bundled with the tinymce.js plug-in.  Because this code changes '''every''' wordpress release, we are able to use its [[Cryptography|md5sum]] to determine a wordpress version against a target site.  A [[perl]] script is below.}}
 
+
{{code|text=
 
<syntaxhighlight lang="perl">
 
<syntaxhighlight lang="perl">
 
#!/usr/bin/perl
 
#!/usr/bin/perl
Line 52: Line 52:
 
   print "Version:\t$ver_hash{$final}\n\n";
 
   print "Version:\t$ver_hash{$final}\n\n";
 
}
 
}
</syntaxhighlight>
+
</syntaxhighlight>}}
 
+
  
 +
{{InHouse}}
 
{{series
 
{{series
 
| Name = Wordpress Fingerprinting
 
| Name = Wordpress Fingerprinting
 
| PartOf = Web applications
 
| PartOf = Web applications
 
}}
 
}}

Revision as of 04:05, 12 March 2012

c3el4.png Wordpress comes bundled with the tinymce.js plug-in. Because this code changes every wordpress release, we are able to use its md5sum to determine a wordpress version against a target site. A perl script is below.

<syntaxhighlight lang="perl">

  1. !/usr/bin/perl

use strict; use LWP::UserAgent; use HTTP::Request; use HTTP::Response; use Digest::MD5 qw(md5_hex);

my $domain = shift

We have more tools coming soon! Look forward to Chimera Live CD.
c3el4.png
These are the offensive security tools developed by our wiki staff.


Wordpress Fingerprinting
is part of a series on

Web applications

Visit the Web applications Portal for complete coverage.