module
WordPress W3-Total-Cache Plugin 0.9.2.4 (or before) Username and Hash Extract
| Disclosed | Created |
|---|---|
| N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
The W3-Total-Cache Wordpress Plugin and its results in files for fast access. Version 0.9.2.4 has been fixed afterwards
so it can be vulnerable. These cache files are in the webroot of the Wordpress
installation and can be downloaded if the name is guessed. This module tries to
locate them with brute force in order to find usernames and password hashes in these
files. W3 Total Cache must be configured with Database Cache enabled and Database
Cache Method set to Disk to be vulnerable
so it can be vulnerable. These cache files are in the webroot of the Wordpress
installation and can be downloaded if the name is guessed. This module tries to
locate them with brute force in order to find usernames and password hashes in these
files. W3 Total Cache must be configured with Database Cache enabled and Database
Cache Method set to Disk to be vulnerable
Authors
Christian Mehlmauer FireFart@gmail.com
Jason A. Donenfeld Jason@zx2c4.com
Jason A. Donenfeld Jason@zx2c4.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.