WordPress basic auditing

Wordpress Read me

Wordpress License with wordpress version

Wordpress sample config:

Wordpress installation:

Wordpress upgrade file:

Wordpress setup config:

Wordpress Api usefull paths:
target/wp-json/wp/v2/users – enumerate users
target/wp-json/wp/v2/posts – enumerate posts
target/wp-json – wordpress api

Script to enumerate users thought authors of blog:
for i in {1..30}; do curl -s -L -i target | grep -E -o “\” title=\”View all posts by [a-z0-9A-Z-.]|Location:.” | sed ‘s/\// /g’ | cut -f 6 -d ‘ ‘ | grep -v “^$”; done

Wordpress Plugins readme or license:
target/wp-content/plugins/plugin name/readme.txt or /license.txt

Wordpress Theme readme or license:
target/wp-content/theme/nome-do-theme/readme.txt, /changeglog.txt or /license.txt

How I was able to create Unauthorized Comments on Facebook Live Stream

Back in October, 2018, I discovered a vulnerability on Facebook that allowed me to create unauthorized comments on live streams of people who aren’t my friends and don’t allow non-friends to comment on their posts.

For this vulnerability, the Facebook Security Team rewarded me a bounty amount of $750, which was the first ever bounty that I ever received.