wp-scanner online v1.2 released

Posted by DK
June 24, 2007

64 Blogs have been tested since wp-scanner v1.1 was launched a couple days ago with half of them having severe flaws; however, v1.1 was more of a pilot really and was not very user friendly. v1.2 includes some initial warnings as well as links to helpful articles, it also includes 15 new plugin checks as well as some bug fixes.

Below are some screenshots of a test against one of our demo WordPress installs:

LAUNCH WP-SCANNER ONLINE

Enjoy!

News, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by Matt on June 25, 2007 @ 12:19 am

It is not entirely accurate. I tested my blog and it said it was vulnerable, even though it’s running the latest trunk and is not.

Comment by David Kierznowski on June 25, 2007 @ 12:46 am

Matt, we are only just getting warmed up; we’ll work out the quirks as we go; however, You are the only one using the latest trunk thus far, hence the bug.

Thanks for your feedback.

Comment by ChristianS on June 25, 2007 @ 7:06 am

No matter which address I enter, I only get the error message:

Invalid address.

I tried two different browsers. Any ideas what I could have done wrong?

Comment by David Kierznowski on June 25, 2007 @ 7:13 am

ChristianS,

There are restrictions on what the address can look like and what characters are supported.

If you send me the address you are trying to scan via the Contact form, I’ll have a look for you.

Comment by ChristianS on June 25, 2007 @ 10:08 am

It’s fixed now. Thanks responding so fast.

Pingback by WordPress Ticker (7) — Software Guide on June 25, 2007 @ 3:30 pm

[...] das Blog auf potentielle Sicherheitslücken (siehe auch Screenshot 1 und Screenshot 2). (via BlogSecurity | [...]

Comment by David Kierznowski on June 25, 2007 @ 3:48 pm

Chris, no problem, thanks for the feedback.

Pingback by Testez la sécurité de votre WordPress en ligne on June 25, 2007 @ 4:09 pm

[...] Un petit utilitaire a fait son apparition aujourd’hui. Il s’agit de wp-scanner online [...]

Trackback by Watching the World above the SKY on June 26, 2007 @ 1:31 am

WP Scanner online…

Um die Sicherheit seiner Wordpress Installation/Blogs zu testen, bietet BlogSecurity einen Online WP-Scanner an. Um keine böse Überraschungen zur erleben, nutzt diesen Scanner Leute und testet eure WP Blogs.
(Via: bueltge.de | SW-Guide | BlogSecurit…

Comment by Hendrik Lennarz on June 26, 2007 @ 7:12 am

Seams to be very cool staff.
I´m interested in the automatic test of XSS vulnerabilities? What do you test, only the search form or also URL manipulation?

Regards
H. Lennarz

Comment by David Kierznowski on June 26, 2007 @ 7:25 am

Hendrik,

I based the concept around a paper I released on GNUCITIZEN titled generic XSS worms.

In short, we basically attack generic vulnerabilities in PHP’s environment variables (i.e. PHPSELF). We don’t do any URL manipulation.. we may in future releases, although this might be out of the scope of what we are trying to achieve.

Thanks for your feedback, its the first in over 300 blogs tested so far :)

Pingback by iKA’s Blog » WordPress Scanner on June 26, 2007 @ 4:33 pm

[...] BlogSecurity wurde ein neuer Scanner in Version 1.2b veröffentlicht. Es handelt sich dabei um ein [...]

Comment by fwolf on June 29, 2007 @ 6:24 am

doesnt help me a lot. it suggests updating to the latest WP version, but I WONT do that, because I dont like some stuff WP 2.2+ does different from 2.0.x.

a better way to help me would be to point out possible security flaws in this version so I’m able to fix it myself.

cu, w0lf.

Comment by David Kierznowski on July 3, 2007 @ 1:36 pm

fwolf, wp-2.0.10 is the latest stable release for 2.0.x trunk, wp-scanner just doesn’t identify this as yet. I think you’ll be just fine if you maintain the latest release within the 2.0.x trunk.

Pingback by Votre Wordpress est-il sûr? on July 5, 2007 @ 2:13 am

[...] Son nom? wp-scanner online  [...]

Pingback by Votre Wordpress est-il sûr? on July 10, 2007 @ 4:33 am

[...] Son nom? wp-scanner online [...]

Leave a comment

(required)

(required)