Landing Blogsecurify
published: June 26th, 2008
partners:
During the last couple of days we combined forces with Blogsecurity.NET in an effort to improve their online Wordpress vulnerability scanner. The result of these efforts is our new initiative called Blogsecurify.
Blogsecurify was created to help individuals and organization to secure their blog infrastructures by testing them against a set of security tests. The project is still in alpha stage although I am quite happy with the actual framework which I believe is the only one of its kind. The same framework will be used for several other initiatives but I will talk about them when their time come.
comments
Nice work PDP. I checked my blog :) It says .. perfect … thus adding another check mark to security!
Cheers.
I thought it was interesting to run the scanner against “www.gnucitizen.org/blog/” and it returned…
“This blog is running a vulnerable version of WordPress, please upgrade to the latest version available here.”
takuan, thanks for the info, although I know and you know that this information is totally fabricated. :) thanks anyway!
For which vulnerabilites will Blogsecurify check those blogs out there?
Will it create new entries via SQLi, etc. and does it only check blogs running WP for the moment?
I didn’t find some info about it.
Alex, the test is none-exploitative so I should not create any bogus entries within your database.
At first glance , I think this checks against public exploits such as in OSVDB/Milw0rm.
Great.
As for me I just wanna write a perl script that greps “Generator” meta tag like Word 2.0.3 and greps latest version info. If out-dated, extract wordpress vulnerabilities in wordpress version < latest and show them to user and warn her to upgrade.