WordPress Security/Vulnerability Scanner - WPScan

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).

Features

• Username enumeration (from author querystring and location header)
• Weak password cracking (multithreaded)
• Version enumeration (from generator meta tag)
• Vulnerability enumeration (based on version)
• Plugin enumeration (2220 most popular by default)
• Plugin vulnerability enumeration (based on version) (todo)
• Plugin enumeration list generation
• Other misc WordPress checks (theme name, dir listing, …)

Requirements

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple

The full README is available here.

You can download WPScan by checking it out from the SVN repository on Google Code:

svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only

Or you can read more here.

Read More

Vulnerabilities found by -[G1R1SH_SH4RM4]-

 DORK USED : inurl:readnews.php?id=







http://www.delmaralumni.com/readNews.php?id=20' :  SQLi Vulnerable

http://www.orbisoud.com/readnews.php?id=115' :  SQLi Vulnerable

http://www.hcpoa.com/readnews.php?id=42' :  SQLi Vulnerable

http://data.tp.ac.id/dokumen/readnews.php' :  SQLi Vulnerable

http://www.hcpoa.com/readnews.php?id=73' :  SQLi Vulnerable

http://q8byky.com/readnews.php?id=1' :  SQLi Vulnerable

http://www.hcpoa.com/readnews.php?id=73' :  SQLi Vulnerable

http://www.mag-project.ru/readnews.php?id=x' :  SQLi Vulnerable

Hack 'em DOWN ;)

Read More