добрый!

пытаюсь разобраться с wpscan и дальнейшей эксплуатацией уязвимостей)

его запустить много ума не надо, по сайтам выдает кучу уязвимостей, но найти как их использовать - не получается.

пример:

[QUOTE="None"]
__________________________________________________ _____________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9
Sponsored by Sucuri -
https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
__________________________________________________ _____________
It seems like you have not updated the database for some time.

[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]y

Updating the Database ...

Update completed.

The plugins directory 'fastimport.ru/plugins' does not exist.

You can specify one per command line option (don't forget to include the wp-content directory if needed)

[?] Continue? [Y]es [N]o, default: [N]

y

[+] URL: http://fastimport.ru/

[+] Started: Thu Apr 14 08:40:11 2016

[+] robots.txt available under: 'http://fastimport.ru/robots.txt'

[+] Interesting entry from robots.txt: http://fastimport.ru/cgi-bin

[+] Interesting entry from robots.txt: http://fastimport.ru/wp-admin

[+] Interesting entry from robots.txt: http://fastimport.ru/wp-includes

[+] Interesting entry from robots.txt: http://fastimport.ru/cache

[+] Interesting entry from robots.txt: http://fastimport.ru/plugins

[+] Interesting entry from robots.txt: http://fastimport.ru/themes

[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/cache

[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/plugins

[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/themes

[+] Interesting entry from robots.txt: */comments

[+] Interesting entry from robots.txt: */feed

[+] Interesting entry from robots.txt: */trackback

[+] Interesting entry from robots.txt: http://fastimport.ru/go/

[+] Interesting entry from robots.txt: http://fastimport.ru/tag/

[+] Interesting entry from robots.txt: */page/

[+] Interesting entry from robots.txt: /*?

[+] Interesting entry from robots.txt: http://fastimport.ru/xmlrpc.php

[+] Interesting entry from robots.txt: http://fastimport.ru/wp-content/uploads

[+] Interesting header: CF-RAY: 2935da4b006a17fe-MIA

[+] Interesting header: SERVER: cloudflare-nginx

[+] Interesting header: WP-SUPER-CACHE: Served supercache file from PHP

[+] Interesting header: X-POWERED-BY: PHP/5.6.4

[+] XML-RPC Interface available under: http://fastimport.ru/xmlrpc.php

[+] WordPress version 4.3.1 identified from rss generator

[!] 4 vulnerabilities identified from the version number

[!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)

Reference: https://wpvulndb.com/vulnerabilities/8358

Reference: https://wordpress.org/news/2016/01/w...nance-release/

Reference: https://github.com/WordPress/WordPre...7abed723932b87

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-1564

Fixed in: 4.3.2

[!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)

Reference: https://wpvulndb.com/vulnerabilities/8358

Reference: https://wordpress.org/news/2016/01/w...nance-release/

Reference: https://github.com/WordPress/WordPre...7abed723932b87

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-1564

Fixed in: 4.3.2

[!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)

Reference: https://wpvulndb.com/vulnerabilities/8376

Reference: https://wordpress.org/news/2016/02/w...nance-release/

Reference: https://core.trac.wordpress.org/changeset/36435

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-2222

Fixed in: 4.3.3

[!] Title: WordPress 3.7-4.4.1 - Open Redirect

Reference: https://wpvulndb.com/vulnerabilities/8377

Reference: https://wordpress.org/news/2016/02/w...nance-release/

Reference: https://core.trac.wordpress.org/changeset/36444

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-2221

Fixed in: 4.3.3

[+] Enumerating plugins from passive detection ...

| 1 plugin found:

[+] Name: wp-super-cache

| Latest version: 1.4.8

| Location: http://fastimport.ru/fastimport.ru/p...p-super-cache/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: WP-Super-Cache 1.3 - Remote Code Execution

Reference: https://wpvulndb.com/vulnerabilities/6623

Reference: http://www.acunetix.com/blog/web-sec...ode-execution/

Reference: http://wordpress.org/support/topic/pwn3d

Reference: http://blog.sucuri.net/2013/04/upda...e-code-execution-vulnerability-disclosed.html

Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS

Reference: https://wpvulndb.com/vulnerabilities/6624

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-2008

Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS

Reference: https://wpvulndb.com/vulnerabilities/6625

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-2008

Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS

Reference: https://wpvulndb.com/vulnerabilities/6626

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-2008

Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS

Reference: https://wpvulndb.com/vulnerabilities/6627

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-2008

Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS

Reference: https://wpvulndb.com/vulnerabilities/6628

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-2008

Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS

Reference: https://wpvulndb.com/vulnerabilities/6629

Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-2008

Fixed in: 1.3.1

[!] Title: WP Super Cache указано только что она найдена и где.

куда копать?[/I][/I][/I]