Wpbullet – A Static Code Analysis For WordPress (And PHP)

A static code analysis for WordPress Plugins/Themes (and PHP)InstallationSimply clone the repository, install requirements and run the script$ git clone https://github.com/webarx-security/wpbullet wpbullet$ cd wpbullet$ pip install -r requirements.txt$ python wpbullet.pyUsageAvailable options:–path (required) System path or download URL Examples:–path=”/path/to/plugin"–path="https://wordpress.org/plugins/example-plugin"–path="https://downloads.wordpress.org/plugin/example-plugin.1.5.zip"–enabled (optional) Check only for given modules, ex. –enabled="SQLInjection,CrossSiteScripting"–disabled (optional) Don’t check for given modules, ex. –disabled="SQLInjection,CrossSiteScripting"–cleanup (optional) Automatically remove content of .temp folder after scanning remotely downloaded plugin$ python wpbullet.py –path="/var/www/wp-content/plugins/plugin-name"Creating modulesCreating a module is flexible and allows for override of the BaseClass methods for each module as well as creating their own methodsEach module in Modules directory is implementing properties and methods from core.modules.BaseClass, thus each module’s required parameter is BaseClassOnce created, module needs to be imported in modules/__init__.py. Module and class name must be consistent in order to module to be loaded.If you are opening pull request to add new module, please provide unit tests for your module as well.Module templateModules/ExampleVulnerability.pyfrom core.modules import BaseClassclass ExampleVulnerability(object): # Vulnerability name name = "Cross-site Scripting" # Vulnerability severity severity = "Low-Medium" # Functions causing vulnerability functions = [ "print" "echo" ] # Functions/regex that prevent exploitation blacklist = [ "htmlspecialchars", "esc_attr" ]Overriding regex match patternRegex pattern is being generated in core.modules.BaseClass.build_pattern and therefore can be overwritten in each module class.Modules/ExampleVulnerability.pyimport copy…# Build dynamic regex pattern to locate vulnerabilities in given contentdef build_pattern(self, content, file): user_input = copy.deepcopy(self.user_input) variables = self.get_input_variables(self, content) if variables: user_input.extend(variables) if self.blacklist: blacklist_pattern = r"(?!(\s?)+(.*(" + ‘|’.join(self.blacklist) + ")))" else: blacklist_pattern = "" self.functions = [self.functions_prefix + x for x in self.functions] pattern = r"((" + ‘|’.join(self.functions) + ")\s{0,}\(?\s{0,1}" + blacklist_pattern + ".*(" + ‘|’.join(user_input) + ").*)" return patternTestingRunning unit tests: $ python3 -m unittestDownload Wpbullet

Link: http://www.kitploit.com/2019/05/wpbullet-static-code-analysis-for.html

Microsoft vulnerability: Source code published for three zero-day vulnerabilities in Windows

Background A security researcher (with the pseudonym SandboxEscaper) has discovered three zero-day vulnerabilities in Microsoft Windows. Their POC and source code have been released on GitHub. Two of these are local privilege escalation (LPE) vulnerabilities. They have been tested to work on Windows 10 only. The third vulnerability is a sandbox bypass vulnerability in Internet Explorer 11 (IE11). As of this writing, no patch has been released by Microsoft for these vulnerabilities.   What is the issue? The security researcher has published three POCs: angrypolarbearbug2, bearlpe, and sandboxescape.  The first vulnerability – angrypolarbearbug2 – can be exploited by performing specially crafted DACL (discretionary access control list) operations when the Windows Error Reporting service tries to write a DACL for the given Windows Error Reporting (.wer) file. Once successfully exploited, the vulnerability gives SYSTEM privileges to the attacker. The second vulnerability – bearlpe – targets the way the Windows task scheduler service uses the SetJobFileSecurityByName() function to write DACL for the job file. For this exploit to work, one needs to have “schtasks.exe" and "schedsvc.dll" files from Windows XP. Once successfully exploited, the vulnerability gives SYSTEM privileges to the attacker. The third vulnerability – sandboxescape – bypasses the IE11 sandbox and allows an attacker to execute code in IE low protection mode. To exploit this vulnerability, an attacker needs to inject a special DLL in the IE process. According to reports, this exploit cannot be triggered remotely.   What systems are impacted? The POC has been tested on Windows 10 32-bit and 64-bit and IE11.   Zscaler coverage Advanced Threat Signatures: Win32.Exploit.Bearlpe  Win32. Exploit.CVE.2019.0863 Win32.Exploit.Polarbearescape W32/Agent.NBHI Zscaler Cloud Sandbox provides proactive coverage against exploit payloads and advanced threats like ransomware, and the Zscaler ThreatLabZ team is actively monitoring for in-the-wild exploit attempts to ensure coverage.

Link: https://www.zscaler.com/blogs/research/microsoft-vulnerability-source-code-published-three-zero-day-vulnerabilities-windows

Microsoft vulnerability: Source code published for three zero-day vulnerabilities in Windows

Background A security researcher (with the pseudonym SandboxEscaper) has discovered three zero-day vulnerabilities in Microsoft Windows. Their POC and source code have been released on GitHub. Two of these are local privilege escalation (LPE) vulnerabilities. They have been tested to work on Windows 10 only. The third vulnerability is a sandbox bypass vulnerability in Internet Explorer 11 (IE11). As of this writing, no patch has been released by Microsoft for these vulnerabilities.   What is the issue? The security researcher has published three POCs: angrypolarbearbug2, bearlpe, and sandboxescape.  The first vulnerability – angrypolarbearbug2 – can be exploited by performing specially crafted DACL (discretionary access control list) operations when the Windows Error Reporting service tries to write a DACL for the given Windows Error Reporting (.wer) file. Once successfully exploited, the vulnerability gives SYSTEM privileges to the attacker. The second vulnerability – bearlpe – targets the way the Windows task scheduler service uses the SetJobFileSecurityByName() function to write DACL for the job file. For this exploit to work, one needs to have “schtasks.exe" and "schedsvc.dll" files from Windows XP. Once successfully exploited, the vulnerability gives SYSTEM privileges to the attacker. The third vulnerability – sandboxescape – bypasses the IE11 sandbox and allows an attacker to execute code in IE low protection mode. To exploit this vulnerability, an attacker needs to inject a special DLL in the IE process. According to reports, this exploit cannot be triggered remotely.   What systems are impacted? The POC has been tested on Windows 10 32-bit and 64-bit and IE11.   Zscaler coverage Advanced Threat Signatures: Win32.Exploit.Bearlpe  Win32. Exploit.CVE.2019.0863 Win32.Exploit.Polarbearescape W32/Agent.NBHI Zscaler Cloud Sandbox provides proactive coverage against exploit payloads and advanced threats like ransomware, and the Zscaler ThreatLabZ team is actively monitoring for in-the-wild exploit attempts to ensure coverage.

Link: https://www.zscaler.com/blogs/research/microsoft-vulnerability-source-code-published-three-zero-day-vulnerabilities-windows

VulnX – CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector

Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more …Instead of injecting shell and checking it works like all the other tools do, vulnx analyses the response with and recieve if shell success uploaded or no. vulnx is searching for urls with dorks.FeaturesDetect cms (wordpress, joomla, prestashop, drupal, opencart, magento, lokomedia)Target informations gatheringsTarget Subdomains gatheringMulti-threading on demandChecks for vulnerabilitesAuto shell injectorExploit dork searcherExploitsJoomlaCom Jce Com Jwallpapers Com Jdownloads Com Weblinks Com Fabrik Com Jdownloads IndexCom Foxcontact Com Blog Com Users Com Ads Manager Com SexycontactformCom Media Mod_simplefileuploadCom Facileforms WordPressSimple Ads Manager InBoundio Marketing WPshop eCommerce Synoptic Showbiz Pro Job Manager Formcraft PowerZoom Download Manager CherryFramework Catpro Blaze SlideShow Wysija-Newsletters DrupalAdd Admin Drupal BruteForcer Drupal Geddon2 PrestaShopattributewizardpro columnadverts soopamobile pk_flexmenu pk_vertflexmenu nvn_export_orders megamenu tdpsthemeoptionpanel psmodthemeoptionpanelmasseditproduct blocktestimonialsoopabannersVtermslideshow simpleslideshow productpageadverts homepageadvertisehomepageadvertise2jro_homepageadvertiseadvancedslider cartabandonmentpro cartabandonmentproOldvideostab wg24themeadministrationfieldvmegamenu wdoptionpanel OpencartOpencart BruteForceAvailable command line optionsREAD VULNX WIKIusage: vulnx [options] -u –url url target to scan -D –dorks search webs with dorks -o –output specify output directory -t –timeout http requests timeout -c –cms-info search cms info[themes,plugins,user,version..] -e –exploit searching vulnerability & run exploits -w –web-info web informations gathering -d –domain-info subdomains informations gathering -l, –dork-list list names of dorks exploits –threads number of threadsDockerVulnX can be launched in docker.$ git clone https://github.com/anouarbensaad/VulnX.git$ cd VulnX$ docker build -t vulnx ./docker/$ docker run -it –name vulnx vulnx:latest -u http://exemple.commake a local volume to view the results into a logfile$ docker run -it –name vulnx -v “$PWD/logs:/VulnX/logs" vulnx:latest -u http://exemple.comInstall VulnX$ git clone https://github.com/anouarbensaad/VulnX.git$ cd VulnX$ chmod + x install.sh$ ./install.shNow run vulnxexample command with options : settimeout=3 , cms-gathering = all , -d subdomains-gathering , run –exploitsvulnx -u http://example.com –timeout 3 -c all -d -w –exploitexample command for searching dorks : -D or –dorks , -l –list-dorksvulnx –list-dorks return table of exploits name. vulnx -D blaze return urls found with blaze dorkVulnX Wiki • How To Use • Compatibility Download VulnX

Link: http://feedproxy.google.com/~r/PentestTools/~3/ARM75rpuTUo/vulnx-cms-and-vulnerabilites-detector.html