Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Content Management Systems and MD5: Investigating Alternative Methods of Version Identification for Open Source Projects
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

WordPress is a very widely used content management system that enables users to easier create websites. The popularity of WordPress has made it a prime target for attacks by hackers since a potential vulnerability would affect many targets. Vulnerabilities that can be utilised in an attack are referred to as exploits. Most exploits are only viable for a subset of all the version of the software that they target. The knowledge of which version of a content managements system a website is running is often not explicit or easy to determine. Attackers can potentially exploit a vulnerable website faster if the version is known, since this allows them to search for existing vulnerabilities and exploits, instead of trying to identify a new vulnerability.

The purpose of this thesis is to investigate existing and alternate methods for detecting the version of WordPress on websites that are powered by it. The scope is limited to an analysis of existing tools and the suggested methods for version identification are limited to identification using unique values that are calculated from the contents of files. The suggested methods for version identification and the generation of the required data is implemented using Python 3, the programming language. We investigate the feasibility of version obfuscation, how discernible a version of WordPress is, and how to compare versions of WordPress.

The thesis has proven the feasibility of version identification with a new perspective that delivers more accurate results than previous methods. Version obfuscation has also been proven to be very feasible without affecting the usability of the WordPress website. Furthermore, a method for discerning between two specific versions of WordPress is presented. All the results are in theory applicable to other software projects that are hosted and developed in the same way. This new area of research has much for security professionals and has room for future improvement.

Place, publisher, year, edition, pages
2017.
Keyword [en]
Content Management Systems, Version Identification, Obfuscation
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:bth-14821OAI: oai:DiVA.org:bth-14821DiVA: diva2:1118689
External cooperation
Outpost24 AB
Subject / course
Degree Project in Master of Science in Engineering 30.0
Educational program
DVACD Master of Science in Computer Security
Presentation
2017-05-31, C341, Valhallavägen 1, Karlskrona, 08:00 (English)
Supervisors
Examiners
Available from: 2017-07-03 Created: 2017-07-01 Last updated: 2017-07-03Bibliographically approved

Open Access in DiVA

fulltext(1131 kB)5 downloads
File information
File name FULLTEXT02.pdfFile size 1131 kBChecksum SHA-512
bcc53186c8c463b541d3c0ff0c8af3cd4a0f971d03897c6fcc01f3e0e9c02d1f139eba803bf7b658ac721d81f3e5d23e2f759ba315ffa1f394bdd4fefa23e1a2
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science and Engineering
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 5 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 13 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf