Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Wordpress for Pentesting and Bug Bounties
Course Overview
Course Description
Video Overview (1:40)
Introduction
Introduction (10:22)
Hunting Target Programs for Bug Bounties (1:26)
Technology Detection
Technology detection using Wappalyzer (3:42)
Tech Detection using HTTPX (3:12)
Tech Detection using Subfinder (7:28)
Tech Detection using Fuzzing (7:58)
Wordpress Vulnerabilities
Wordpress vulnerability on registration form (2:09)
Wordpress- Registration Active and allows Installation (3:24)
Identifying Wordpress vuln using waybackurlbash (3:13)
WordPress Pentesting
Identifying Wordpress running app using bug bounty targets Github Repo (5:36)
Identify Wordpress running app using nuclei (5:01)
Information Gathering & Enumeration
Finding Bugs using WP Debug logs Enabled (4:56)
Finding Bugs using wordpress RDF user enumeration (9:37)
Finding Bugs using WP Directory listing (5:57)
Finding bugs on WP Full path disclosure (1:05)
Finding bugs using XML RPC enabled (21:31)
Attacking WordPress & Exploitation Techniques
Brute Force Attack Demonstration (9:14)
Writing an Effective Bug Bounty Report (1:23)
Using WPScan for WordPress Security Analysis (7:31)
Exploiting Vulnerable WordPress Themes with WPScan (5:14)
Remote Code Execution (RCE) Exploitation (3:05)
Automated Security Testing & Fuzzing
Custom Security Automation Script (7:15)
Fuzzing for Security Vulnerabilities (6:15)
Using FFuF for Web Fuzzing (3:52)
Advanced WordPress Search Exploitation (5:29)
Reporting & Responsible Disclosure
Finding WordPress Websites for Security Testing (2:03)
Installing and Exploiting WordPress Plugins for XSS (4:52)
Essential Resources for Bug Bounty Hunters (4:37)
Audio Version of Training
Audio Download
Using FFuF for Web Fuzzing
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock