WebPentest

Web Vulnerabilities – File Inclusion

by
This entry is part 6 of 13 in the series Red Team Engagements

Views: 26Path Traversal Also known as Directory traversal, a web security vulnerability allows an attacker to read operating system resources, such as local files on the server running an application. The attacker exploits this vulnerability by manipulating and abusing the web application’s URL to locate and access files or directories stored outside the application’s root directory. … Read more

Enumerating WordPress with WPScan

by

Views: 33WPScan capabilities Update the local database of WPScan The local database can be updated with the following command: Enumeration Modes When enumerating the WordPress version, installed plugins or installed themes, you can use three different “modes”, which are: The following enumeration options exist: If no option is supplied to the -e flag, then the default will … Read more