Updates?

Hi, you can do it yourself mostly by going to
https://github.com/philipjohn/exploit-scanner-hashes

download hashes-4.1.1.php and upload it to plugin folder with the others.

If you feel game;
run hashes-generator.php in your browser and have a latest copy of wordpress called ‘latest.zip’ in same folder. This will return a large result of hashes when ran, you copy all that into a file called hashes-x-x-x.php (xxx being WP version number). Upload that file to plugin folder. Done, it’s updated.

I’ve downloaded the hashes-4.1.1.php file, uploaded it to plugin folder. Now when I run Exploit Scanner it just spins seemingly forever.

Searching your filesystem and database for possible exploit code

Files scanned: 0…loading-icon

What am I missing here?

Thanks!

Something like that, server error logs and/or debug it with developer tools in your browser. Is it it 404’ing anything or returning javascript errors?

No errors in server logs. Not very familair with developer tools but I guess it’s time to learn. No obvious errors are showing up in the browser nor 404’ing. I’ve tried it in Firefox, IE and Chrome with same result. It just sits there spinning endlessly saying that it is scanning.

Is there a browser that you recommend I debug this in and what tool specifically should I be looking at?

Thanks very much!

Oh and I forgot to mention: if I deactivate the plugin, delete the 4.1.1 hashes file, reactivate, then the scan runs fine, albeit with the errors related to not having the latest hashes file.

Only error that I can find in Firefox using firebug while running a scan is:

SyntaxError: JSON.parse: unexpected character at line 4 column 1 of the JSON data
https://mysitename.com/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils&ver=4.1.1
Line 4

Hi, got the same problem. Did you manage to solve it?

No, unfortunately I am unable to run Exploit Scanner with the downloaded 4.1.1 hashes. Actually I’d like to know if there is anyone who CAN use the 4.1.1 hashes file successfully.

I fell foul of this problem. I tried just downloading the link on the GitHub page referenced above but that is NOT what you have to do.

I have placed full instructions on my blog – Here https://west-penwith.org.uk/blog/archives/2100

Absolutely correct renowden, you are a genius! I was downloading the hashes-4.1.1.php file directly versus right clicking and opening, then copying content to new file. Well, I’ll be…

Thank you SO much!

Hi folks,

I’m now a contributor to the plugin so I’ve added all the hashes up to the latest critical security release 4.1.2.

I’ll continue to maintain (with ongoing help I suspect) https://github.com/philipjohn/exploit-scanner-hashes but will also update this plugin.

Thanks