frogis
22.04.2013, 13:18
Есть нужный сайт,я прогнал его через wpscanи вот что он мне выдал :
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v2.1
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
__________________________________________________ ___
| URL: https://site.com/
| Started on Sun Apr 12 23:33:17 2013
[+] robots.txt available under 'https://site.com/robots.txt'
[+] XML-RPC Interface available under https://site.com/xmlrpc.php
[+] WordPress version 3.3.2 identified from rss generator
[!] We have identified 5 vulnerabilities from the version number :
|
| * Title: WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
| * Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
|
| * Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities
| * Reference: http://www.exploit-db.com/exploits/18791/
|
| * Title: WordPress 3.3.2 Cross Site Scripting
| * Reference: http://packetstormsecurity.org/files/113254
|
| * Title: XMLRPC Pingback API Internal/External Port Scanning
| * Reference: https://github.com/FireFart/WordpressPingbackPortScanner
|
| * Title: WordPress XMLRPC pingback additional issues
| * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
[+] The WordPress theme in use is SealsGray v1.5
| Name: SealsGray v1.5
| Location: https://site.com/wp-content/themes/SealsGray/
| Readme: https://site.com/wp-content/themes/SealsGray/readme.txt
[+] Enumerating plugins from passive detection ...
3 plugins found :
| Name: advanced-recent-posts-widget v1.1a
| Location: https://site.com/wp-content/plugins/advanced-recent-posts-widget/
| Readme: https://site.com/wp-content/plugins/advanced-recent-posts-widget/readme.txt
| Name: meteor-slides v1.5
| Location: https://site.com/wp-content/plugins/meteor-slides/
| Readme: https://site.com/wp-content/plugins/meteor-slides/readme.txt
| Name: widgets-on-pages v0.0.11
| Location: https://site.com/wp-content/plugins/widgets-on-pages/
| Readme: https://site.com/wp-content/plugins/widgets-on-pages/readme.txt
[+] Enumerating usernames ...
[+] We found the following 24 user/s :
+----+-----------------+-----------------+
| Id | Login | Name |
+----+-----------------+-----------------+
| 1 | admin | admin |
| 2 | admin2 | admin2 |
| 3 | poster54 | poster54 |
| 4 | user | user |
| 5 | admin3 | admin3 |
............................
| 25 | user2 | user2 |
+----+-----------------+-----------------+
[+] Finished at Sun Apr 12 23:33:58 2013
[+] Elapsed time: 00:00:41
Нужна помощь по данных уязвимостям, тк поискав по сети я нашел что : Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities
не особо и работоспособен
Заранее спасибо!
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v2.1
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
__________________________________________________ ___
| URL: https://site.com/
| Started on Sun Apr 12 23:33:17 2013
[+] robots.txt available under 'https://site.com/robots.txt'
[+] XML-RPC Interface available under https://site.com/xmlrpc.php
[+] WordPress version 3.3.2 identified from rss generator
[!] We have identified 5 vulnerabilities from the version number :
|
| * Title: WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
| * Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
|
| * Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities
| * Reference: http://www.exploit-db.com/exploits/18791/
|
| * Title: WordPress 3.3.2 Cross Site Scripting
| * Reference: http://packetstormsecurity.org/files/113254
|
| * Title: XMLRPC Pingback API Internal/External Port Scanning
| * Reference: https://github.com/FireFart/WordpressPingbackPortScanner
|
| * Title: WordPress XMLRPC pingback additional issues
| * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
[+] The WordPress theme in use is SealsGray v1.5
| Name: SealsGray v1.5
| Location: https://site.com/wp-content/themes/SealsGray/
| Readme: https://site.com/wp-content/themes/SealsGray/readme.txt
[+] Enumerating plugins from passive detection ...
3 plugins found :
| Name: advanced-recent-posts-widget v1.1a
| Location: https://site.com/wp-content/plugins/advanced-recent-posts-widget/
| Readme: https://site.com/wp-content/plugins/advanced-recent-posts-widget/readme.txt
| Name: meteor-slides v1.5
| Location: https://site.com/wp-content/plugins/meteor-slides/
| Readme: https://site.com/wp-content/plugins/meteor-slides/readme.txt
| Name: widgets-on-pages v0.0.11
| Location: https://site.com/wp-content/plugins/widgets-on-pages/
| Readme: https://site.com/wp-content/plugins/widgets-on-pages/readme.txt
[+] Enumerating usernames ...
[+] We found the following 24 user/s :
+----+-----------------+-----------------+
| Id | Login | Name |
+----+-----------------+-----------------+
| 1 | admin | admin |
| 2 | admin2 | admin2 |
| 3 | poster54 | poster54 |
| 4 | user | user |
| 5 | admin3 | admin3 |
............................
| 25 | user2 | user2 |
+----+-----------------+-----------------+
[+] Finished at Sun Apr 12 23:33:58 2013
[+] Elapsed time: 00:00:41
Нужна помощь по данных уязвимостям, тк поискав по сети я нашел что : Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities
не особо и работоспособен
Заранее спасибо!