Cigarette
14.04.2016, 13:17
добрый!
пытаюсь разобраться с wpscan и дальнейшей эксплуатацией уязвимостей)
его запустить много ума не надо, по сайтам выдает кучу уязвимостей, но найти как их использовать - не получается.
пример:
[QUOTE="None"]
__________________________________________________ _____________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9
Sponsored by Sucuri -
https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
__________________________________________________ _____________
It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]y
Updating the Database ...
Update completed.
The plugins directory 'fastimport.ru/plugins' does not exist.
You can specify one per command line option (don't forget to include the wp-content directory if needed)
[?] Continue? [Y]es [N]o, default: [N]
y
[+] URL: http://fastimport.ru/
[+] Started: Thu Apr 14 08:40:11 2016
[+] robots.txt available under: 'http://fastimport.ru/robots.txt'
[+] Interesting entry from robots.txt: http://fastimport.ru/cgi-bin
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-admin
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-includes
[+] Interesting entry from robots.txt: http://fastimport.ru/cache
[+] Interesting entry from robots.txt: http://fastimport.ru/plugins
[+] Interesting entry from robots.txt: http://fastimport.ru/themes
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/cache
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/plugins
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/themes
[+] Interesting entry from robots.txt: */comments
[+] Interesting entry from robots.txt: */feed
[+] Interesting entry from robots.txt: */trackback
[+] Interesting entry from robots.txt: http://fastimport.ru/go/
[+] Interesting entry from robots.txt: http://fastimport.ru/tag/
[+] Interesting entry from robots.txt: */page/
[+] Interesting entry from robots.txt: /*?
[+] Interesting entry from robots.txt: http://fastimport.ru/xmlrpc.php
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/uploads
[+] Interesting header: CF-RAY: 2935da4b006a17fe-MIA
[+] Interesting header: SERVER: cloudflare-nginx
[+] Interesting header: WP-SUPER-CACHE: Served supercache file from PHP
[+] Interesting header: X-POWERED-BY: PHP/5.6.4
[+] XML-RPC Interface available under: http://fastimport.ru/xmlrpc.php
[+] WordPress version 4.3.1 identified from rss generator
[!] 4 vulnerabilities identified from the version number
[!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/8358
Reference: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
Fixed in: 4.3.2
[!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/8358
Reference: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
Fixed in: 4.3.2
[!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
Reference: https://wpvulndb.com/vulnerabilities/8376
Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/36435
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
Fixed in: 4.3.3
[!] Title: WordPress 3.7-4.4.1 - Open Redirect
Reference: https://wpvulndb.com/vulnerabilities/8377
Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/36444
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
Fixed in: 4.3.3
[+] Enumerating plugins from passive detection ...
| 1 plugin found:
[+] Name: wp-super-cache
| Latest version: 1.4.8
| Location: http://fastimport.ru/fastimport.ru/plugins/wp-super-cache/
[!] We could not determine a version so all vulnerabilities are printed out
[!] Title: WP-Super-Cache 1.3 - Remote Code Execution
Reference: https://wpvulndb.com/vulnerabilities/6623
Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
Reference: http://wordpress.org/support/topic/pwn3d
Reference: http://blog.sucuri.net/2013/04/upda...e-code-execution-vulnerability-disclosed.html (http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html)
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6624
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6625
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6626
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6627
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6628
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6629
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache указано только что она найдена и где.
куда копать?[/I][/I][/I]
пытаюсь разобраться с wpscan и дальнейшей эксплуатацией уязвимостей)
его запустить много ума не надо, по сайтам выдает кучу уязвимостей, но найти как их использовать - не получается.
пример:
[QUOTE="None"]
__________________________________________________ _____________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9
Sponsored by Sucuri -
https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
__________________________________________________ _____________
It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]y
Updating the Database ...
Update completed.
The plugins directory 'fastimport.ru/plugins' does not exist.
You can specify one per command line option (don't forget to include the wp-content directory if needed)
[?] Continue? [Y]es [N]o, default: [N]
y
[+] URL: http://fastimport.ru/
[+] Started: Thu Apr 14 08:40:11 2016
[+] robots.txt available under: 'http://fastimport.ru/robots.txt'
[+] Interesting entry from robots.txt: http://fastimport.ru/cgi-bin
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-admin
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-includes
[+] Interesting entry from robots.txt: http://fastimport.ru/cache
[+] Interesting entry from robots.txt: http://fastimport.ru/plugins
[+] Interesting entry from robots.txt: http://fastimport.ru/themes
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/cache
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/plugins
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/themes
[+] Interesting entry from robots.txt: */comments
[+] Interesting entry from robots.txt: */feed
[+] Interesting entry from robots.txt: */trackback
[+] Interesting entry from robots.txt: http://fastimport.ru/go/
[+] Interesting entry from robots.txt: http://fastimport.ru/tag/
[+] Interesting entry from robots.txt: */page/
[+] Interesting entry from robots.txt: /*?
[+] Interesting entry from robots.txt: http://fastimport.ru/xmlrpc.php
[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/uploads
[+] Interesting header: CF-RAY: 2935da4b006a17fe-MIA
[+] Interesting header: SERVER: cloudflare-nginx
[+] Interesting header: WP-SUPER-CACHE: Served supercache file from PHP
[+] Interesting header: X-POWERED-BY: PHP/5.6.4
[+] XML-RPC Interface available under: http://fastimport.ru/xmlrpc.php
[+] WordPress version 4.3.1 identified from rss generator
[!] 4 vulnerabilities identified from the version number
[!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/8358
Reference: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
Fixed in: 4.3.2
[!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/8358
Reference: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
Fixed in: 4.3.2
[!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
Reference: https://wpvulndb.com/vulnerabilities/8376
Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/36435
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
Fixed in: 4.3.3
[!] Title: WordPress 3.7-4.4.1 - Open Redirect
Reference: https://wpvulndb.com/vulnerabilities/8377
Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/36444
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
Fixed in: 4.3.3
[+] Enumerating plugins from passive detection ...
| 1 plugin found:
[+] Name: wp-super-cache
| Latest version: 1.4.8
| Location: http://fastimport.ru/fastimport.ru/plugins/wp-super-cache/
[!] We could not determine a version so all vulnerabilities are printed out
[!] Title: WP-Super-Cache 1.3 - Remote Code Execution
Reference: https://wpvulndb.com/vulnerabilities/6623
Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
Reference: http://wordpress.org/support/topic/pwn3d
Reference: http://blog.sucuri.net/2013/04/upda...e-code-execution-vulnerability-disclosed.html (http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html)
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6624
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6625
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6626
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6627
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6628
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
Reference: https://wpvulndb.com/vulnerabilities/6629
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
Fixed in: 1.3.1
[!] Title: WP Super Cache указано только что она найдена и где.
куда копать?[/I][/I][/I]