Stephen,
On Wed, May 2, 2012 at 10:58 AM, Stephen Breen <breen.mach...@gmail.com> wrote:
> Many wordpress vulnerabilities are theme specific, this plugin finds the
> running theme on a blog, attempts to find installed but not running themes
> by enumerating popular theme names from a list and for any themes found,
> runs tests to see if they are vulnerable to some common vulnerabilities
Sounds interesting,
> Right now I have all of the Woo themes in the theme list and it checks for a
> new vulnerability that is common to all of them (WooThemes shortcode
> vulnerability). It is very easy to extend to new themes and vulnerabilities
> and I plan on adding more.
All right, here's my code review:
* Line 2 incorrectly says "crossDomainXMLChecker.py"
* Remove "_testCheck"
* Might be a good idea to move "self._themeList = {" to a different
file if we plan to make it grow.
* I would only set "self._exec" to false after identifying a valid
wordpress base. It might be the case that in the first run of the
plugin the base is not found but then because of enabling webSpider +
wordpress_themeauditor in the second call to the wordpress plugin
(with a different URL) the blog is found.
* What if the site is https? response.getURL().url_string[7:] , there
should be a method in urlParser.py that returns what you need without
depending on [...]
* Check if this is done somewhere else in the other discovery plugins
we have and either improve the existing one or replace it with yours
if it is far better :)
* Maybe this regex is too open and could generate false positives?
regex_str = 'Log\s*In\s*<\s*/title\s*>'
* This doesn't look good,
response.getURL().getDomainPath().url_string[:-1].rpartition('/')[2] ,
all the hardcoded [:-1] and [2] tend to crash with special cases
* In "def _checkStyleCss(self,response):" and in order to make it
stronger and don't depend only on the response not being a 404, what
about looking for a very common string like "size" or "font" or
something like that?
* getLongDesc() returns info from crossdomain.xml
Except from those small details, it looks very good! What do you
think, should it be merged into our pre-existing wordpress plugins or
should it live as an independent one? If so, can we relate your plugin
with the others using "getPluginDeps()" ?
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
