wpscan icon indicating copy to clipboard operation
wpscan copied to clipboard
verified publisher icon wpscanteam

Detect ClassicPress

Open dmhendricks opened this issue 7 years ago • 0 comments

Subject of the issue

Perhaps this is premature since it is still in beta, but may eventually become relevant as it seems to have garnered a significant following and is gaining momentum: ClassicPress (as of 1.0.0-beta1) is currently detected as "WordPress 4.9.8". This is not surprising as they haven't changed all of their generator tags (I expect it to partially, if not completely, happen by release). I mostly bring it up for consideration.

The page head (though not RSS feed) meta generator tag for 1.0.0-beta1 currently reads:

<meta name="generator" content="ClassicPress 4.9.8" />

I haven't dug into it deeply, but I see a couple of version tags in View Source of a stock setup of CP (logged out, ofc; incognito; non-default theme):

<link rel='stylesheet' id='dashicons-css'  href='https://example.tld/wp-includes/css/dashicons.min.css?ver=1.0.0-beta1' type='text/css' media='all' />
<script type='text/javascript' src='https://example.tld/wp-includes/js/wp-embed.min.js?ver=1.0.0-beta1'></script>

There are probably other ways to pull a version, but I have not yet researched it deeply. Another thing that I can think of for when generator tags are stripped (it would only tell you if WP or CP, not version):

curl -I https://www.classicpress.net/wp-admin/images/wordpress-logo.png
> content-length: 11815

Your environment

  • Version of WPScan: 3.4.0
  • Version of Ruby: 2.5
  • Operating System (OS): Mac OS High Sierra

Steps to reproduce

wpscan --url https://www.classicpress.net/

Expected behavior

At minimum, I would expect it to return ClassicPress rather than WordPress. Returning the actual version (ex: 1.0.0-beta1) would be ideal, but discovery methods may vary when 1.0.0-beta2 and beyond are released.

Actual behavior

Returns:

[+] WordPress version 4.9.8 identified (Latest, released on 2018-08-02).
 | Detected By: Rss Generator (Passive Detection)
 |  - https://www.classicpress.net/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
 |  - https://www.classicpress.net/comments/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>

What have you already tried

Things you have tried (where relevant):

  • Update WPScan to the latest version :white_check_mark:
  • Update Ruby to the latest version :x:
  • Ensure you can reach the target site using cURL :white_check_mark:
  • Proxied WPScan through a HTTP proxy to view the raw traffic :white_check_mark:
  • Ensure you are using a supported Operating System (Linux and macOS) :white_check_mark:

dmhendricks avatar Dec 12 '18 20:12 dmhendricks