Over this weekend I went to BSides Rhode Island to give a presentation about the research I’ve been doing in regards to WordPress plugins. The video can be found here, thanks to Irongeek.
I promised at BSides to release my slides and some of my code. So without further ado, here’s the presentation file: Large-scale application security
And here is the code:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
from bs4 import * import urllib import os from urlparse import urlsplit import argparse def main(args): if not os.path.exists(args.output): os.makedirs(args.output) for pageNumber in xrange(args.pages): page = BeautifulSoup(urllib.urlopen("http://wordpress.org/extend/plugins/browse/popular/page/" \ + str(pageNumber)).read()) for x in page.findAll('div', {'class': 'plugin-block'}): if int(filter(lambda y: y.isdigit(), str(x.ul.findAll('li')[2]))) > args.downloads: downloadLink = BeautifulSoup(urllib.urlopen(x.h3.a['href']).read()) \ .find('p', {'class': 'button'}).a['href'] urllib.urlretrieve(downloadLink, args.output + os.path.basename(urlsplit(downloadLink)[2])) print "Downloaded %s" % os.path.basename(urlsplit(downloadLink)[2]) if __name__ == "__main__": parser = argparse.ArgumentParser() parser.add_argument("-d", "--downloads", help="Minimum number of plugin downloads", default=100000, type=int) parser.add_argument("-o", "--output", help="Output folder", default="", type=str) parser.add_argument("-p", "--pages", help="Number of pages to parse", default=250, type=int) args = parser.parse_args() main(args) |
Thanks to the team behind BSides RI for giving me the chance to present my technique and research used for finding these vulnerabilities. I’d encourage anybody to not only go to a BSides near you, but also have a go at finding vulnerabilities in WordPress plugins. It’s a ton of fun!