Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File http-vuln-cve2017-1001000

Script types: portrule
Categories: vuln, safe
Download: https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-1001000.nse

User Summary

Attempts to detect a privilege escalation vulnerability in Wordpress 4.7.0 and 4.7.1 that allows unauthenticated users to inject content in posts.

The script connects to the Wordpress REST API to obtain the list of published posts and grabs the user id and date from there. Then it attempts to update the date field in the post with the same date information we just obtained. If the request doesn’t return an error, we mark the server as vulnerable.

References: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

Script Arguments

http-vuln-cve2017-1001000.uri

Wordpress root directory on the website. Default: /

slaxml.debug

See the documentation for the slaxml library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap --script http-vuln-cve2017-1001000 --script-args http-vuln-cve2017-1001000="uri" <target>
nmap --script http-vuln-cve2017-1001000 <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-vuln-cve2017-1001000:
|   VULNERABLE:
|   Content Injection in Wordpress REST API
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2017-1001000
|     Risk factor: Medium  CVSSv2: 5.0 (MEDIUM)
|       The privilege escalation vulnerability in WordPress REST API allows
|       the visitors to edit any post on the site
|       Versions 4.7.0 and 4.7.1 are known to be affected
|
|     References:
|_      https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

Requires


Author:

  • Vinamra Bhatia

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]