ANTICHAT

ANTICHAT (https://forum.antichat.xyz/index.php)
-   Песочница (https://forum.antichat.xyz/forumdisplay.php?f=189)
-   -   WordPress тестирование (https://forum.antichat.xyz/showthread.php?t=381161)

frogis 22.04.2013 13:18
Есть нужный сайт,я прогнал его через wpscanи вот что он мне выдал :

\ \ /\ / /| |__) | (___ ___ __ _ _ __

\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \

\ /\ / | | ____) | (__| (_| | | | |

\/ \/ |_| |_____/ \___|\__,_|_| |_| v2.1

WordPress Security Scanner by the WPScan Team

Sponsored by the RandomStorm Open Source Initiative

__________________________________________________ ___

| URL: https://site.com/

| Started on Sun Apr 12 23:33:17 2013

[+] robots.txt available under 'https://site.com/robots.txt'

[+] XML-RPC Interface available under https://site.com/xmlrpc.php

[+] WordPress version 3.3.2 identified from rss generator

[!] We have identified 5 vulnerabilities from the version number :

|

| * Title: WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)

| * Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues

|

| * Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities

| * Reference: http://www.exploit-db.com/exploits/18791/

|

| * Title: WordPress 3.3.2 Cross Site Scripting

| * Reference: http://packetstormsecurity.org/files/113254

|

| * Title: XMLRPC Pingback API Internal/External Port Scanning

| * Reference: https://github.com/FireFart/WordpressPingbackPortScanner

|

| * Title: WordPress XMLRPC pingback additional issues

| * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html

[+] The WordPress theme in use is SealsGray v1.5

| Name: SealsGray v1.5

| Location: https://site.com/wp-content/themes/SealsGray/

| Readme: https://site.com/wp-content/themes/SealsGray/readme.txt

[+] Enumerating plugins from passive detection ...

3 plugins found :

| Name: advanced-recent-posts-widget v1.1a

| Location: https://site.com/wp-content/plugins/advanced-recent-posts-widget/

| Readme: https://site.com/wp-content/plugins/advanced-recent-posts-widget/readme.txt

| Name: meteor-slides v1.5

| Location: https://site.com/wp-content/plugins/meteor-slides/

| Readme: https://site.com/wp-content/plugins/meteor-slides/readme.txt

| Name: widgets-on-pages v0.0.11

| Location: https://site.com/wp-content/plugins/widgets-on-pages/

| Readme: https://site.com/wp-content/plugins/widgets-on-pages/readme.txt

[+] Enumerating usernames ...

[+] We found the following 24 user/s :

+----+-----------------+-----------------+

| Id | Login | Name |

+----+-----------------+-----------------+

| 1 | admin | admin |

| 2 | admin2 | admin2 |

| 3 | poster54 | poster54 |

| 4 | user | user |

| 5 | admin3 | admin3 |

............................

| 25 | user2 | user2 |

+----+-----------------+-----------------+

[+] Finished at Sun Apr 12 23:33:58 2013

[+] Elapsed time: 00:00:41

Нужна помощь по данных уязвимостям, тк поискав по сети я нашел что : Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities

не особо и работоспособен

Заранее спасибо!


Время: 20:59