Recently, I did some interesting research in a customer project
at work. Some of the stuff I did was targeted at finding vulnerable
web applications in an arbitrary environment (e.g. the internet).
Now that I had some time, I compiled some of the research I did
into a public document.
What “Vulnerable Web Application Enumeration” is basically about is
how to enumerate and fingerprint web applications – preferable
vulnerable ones of course. As I am not allowed to talk about the
original scope, I documented an earlier PoC using WordPress as an
example application with some interesting results. But well, I’ll
keep this short and leave you with the abstract and the download
link. Feel free to contact me, if you would like to share your
thoughts on the subject.
This paper discusses the automatic enumeration and fingerprinting of web applications. In this case, the popular WordPress blogging software was used as an example to gain insight about the patch levels in “casual” environments.
In the first part of the paper, the technical solution to identify installations of the target application using openly available technology is being discussed. Further, the basic method of fingerprinting different versions of WordPress (1.2 up to 2.7.1) are being illustrated.
In the second part of this document, some analysis of a enumeration scenario can be found. The scenario includes the enumeration, fingerprinting and analysis of thousand blogs powered by WordPress in Switzerland and Liechtenstein of which 60 per cent were found to be deprecated and partly prone to certain well-known security vulnerabilities.
Download:
PDF,
450kb
[Yes, it’s a pdf. No, it won’t own your browser.]