Support » Everything else WordPress » ZAP Scanning Reports.

  • rcdflorez

    (@rcdflorez)


    Hello folks!

    I’m running penetration testing with ZAP Scanning tool for 3 different WP sites; in all of those, I’m getting a high-level risk alert (Path Traversal) directly related to the WP core files; below is the log example:

    Even if the webserver properly restricts Path Traversal attempts in the URL path, a web application itself may still be vulnerable due to improper handling of user-supplied input. This is a common problem of web applications that use template mechanisms or load static text from files. In variations of the attack, the original URL parameter value is substituted with the file name of one of the web application’s dynamic scripts. Consequently, the results can reveal source code because the file is interpreted as text instead of an executable script. These techniques often employ additional special characters such as the dot (“.”) to reveal the listing of the current working directory, or “%00” NULL characters in order to bypass rudimentary file extension checks.

    URL1: https://somesite.com/wp-json/oembed/1.0/embed?format=xml&url=%2Fembed
    Method: GET
    Attack:/embed

    URL2:

    https://somesite.com/wp-comments-post.php
    Method: POST
    Attack: /wp-comments-post.php

    Any thoughts on this?

    Thanks in advance!

Viewing 1 replies (of 1 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I’m running penetration testing with ZAP Scanning tool for 3 different WP sites

    OK.

    a web application itself may still be vulnerable due to improper handling of user-supplied input.

    And

    These techniques often employ additional special characters such as the dot (“.”) to reveal the listing of the current working directory, or “%00” NULL characters in order to bypass rudimentary file extension checks.

    That example text and doesn’t necessarily mean anything.

    Did your tool find any exploit?

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.