How I got a lousyT-Shirt from the Dutch Government.

Dutch Goverment VDP

Finding a vulnerability

Recon

"Proudly powered by WordPress”
site:*.mil "Proudly powered by WordPress”
nuclei -l wordpress.subs.txt -t /root/nuclei-templates/technologies/wordpress-detect.yaml
Console ouput of Nulcei running Wordpress detection template.

Exploitation via WPScan

wpscan --url <domain> --api-token <your API-Token>
Console output of WPScan.

Timeline

  • Report multiple vulnerabilities at 19.11.2021
  • Initial response and triaged at 19.11.2021
  • Fixed and T-shirt awarded at 04.01.2022

Social Media

--

--

--

Computer Science Student, Ethical Hacker, Interested in Infosec

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CVE-2020–24115: Use of hardcoded credentials in source code leads to admin panel access

Sure, Sex is Great But Have You Heard About the Principle of Least Functionality?

Airdrop ends 2022-05-04

Digital Forensics Investigator: A Road Few Have Traveled

Using Digital Steganography to Protect National Security Information

Telegram messages are heavily encrypted and can self-destruct.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mava

Mava

Computer Science Student, Ethical Hacker, Interested in Infosec

More from Medium

Reflected XSS Vulnerability leads to Credential Stealing worth $100

You should put scope over exploits! Or should you?

SMS/Email Bombing

Page Admin Disclosure when Posting a Reel