[ Обзор уязвимостей WordPress ]

Discussion in 'Веб-уязвимости' started by ettee, 5 Oct 2007.

  1. PoizOn

    PoizOn New Member

    Joined:
    6 Jun 2006
    Messages:
    5
    Likes Received:
    1
    Reputations:
    0
    Вот интересная бага:
    http://seclists.org/fulldisclosure/2015/Feb/75
    Но я до чего-то вразумительтного ее не докрутил
    admin.php?page=wc-reports&";><h1>
    admin.php?page=wc-reports&";><a>WOW</a>
     
  2. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    274
    Likes Received:
    65
    Reputations:
    4
    Contact form 7

    Full Path Disclosure

    wp-content/plugins/contact-form-7/includes/upgrade.php
    /wp-content/plugins/contact-form-7/modules/acceptance.php
    /wp-content/plugins/contact-form-7/modules/akismet.php
    /wp-content/plugins/contact-form-7/modules/checkbox.php
    /wp-content/plugins/contact-form-7/modules/count.php
    /wp-content/plugins/contact-form-7/modules/date.php
    /wp-content/plugins/contact-form-7/modules/file.php
    /wp-content/plugins/contact-form-7/modules/flamingo.php
    /wp-content/plugins/contact-form-7/modules/jetpack.php
    /wp-content/plugins/contact-form-7/modules/listo.php
    /wp-content/plugins/contact-form-7/modules/number.php
    /wp-content/plugins/contact-form-7/modules/quiz.php
    /wp-content/plugins/contact-form-7/modules/really-simple-captcha.php
    /wp-content/plugins/contact-form-7/modules/recaptcha.php
    /wp-content/plugins/contact-form-7/modules/response.php
    /wp-content/plugins/contact-form-7/modules/select.php
    /wp-content/plugins/contact-form-7/modules/submit.php
    /wp-content/plugins/contact-form-7/modules/text.php
    /wp-content/plugins/contact-form-7/modules/textarea.php
     
    #323 Sleep, 4 Feb 2016
    Last edited: 4 Feb 2016
  3. grimnir

    grimnir Members of Antichat

    Joined:
    23 Apr 2012
    Messages:
    1,114
    Likes Received:
    830
    Reputations:
    231
    _________________________
  4. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    116
    Likes Received:
    8
    Reputations:
    6
    какие методы есть заливки шелла в wp?
     
  5. powerOfthemind

    powerOfthemind New Member

    Joined:
    31 Jul 2015
    Messages:
    41
    Likes Received:
    4
    Reputations:
    1
    Смотря какие у тебя права в админк, если можешь редактировать шаблон то в страницу 404 пихаешь код шела и радуешься или через загрузку плагина, пакуешь в архив шел и льеш на сайт.
     
  6. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    WordPress Plugin Quick Page/Post Redirect Open Redirect Current plugin version: 5.1.3.
    WordPress Plugin WooCommerce-excelling eCommerce Cross-Site Scripting Current plugin version: 2.3.13.

    Есть чтонить под эти плагины?
     
  7. R3hab

    R3hab Member

    Joined:
    17 May 2015
    Messages:
    116
    Likes Received:
    8
    Reputations:
    6
    есть что нибудь на WordPress 4.4.4 ?
     
  8. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Я нашёл токо это,но XSS ^.^
    сайт.ру/wp-admin/customize.php?theme=<svg onload=alert(1)>
     
  9. headWoW

    headWoW New Member

    Joined:
    26 Jun 2015
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    Как можно взломать WP сайт посоветуйте способы
     
  10. SaNDER

    SaNDER Banned

    Joined:
    9 Jul 2015
    Messages:
    213
    Likes Received:
    15
    Reputations:
    3
    Версию WP.
     
  11. powerOfthemind

    powerOfthemind New Member

    Joined:
    31 Jul 2015
    Messages:
    41
    Likes Received:
    4
    Reputations:
    1
    Cmsmap просканируй ,посмотри какие плагины стоят, потом ищи под них сплоит или ищи сам дыры в плагинах
     
  12. .Light.

    .Light. Member

    Joined:
    12 Jul 2010
    Messages:
    195
    Likes Received:
    5
    Reputations:
    0
    как узнать полный путь версия 4.6
     
  13. nikrus

    nikrus New Member

    Joined:
    23 Sep 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    Доброго времени суток. Есть необходимость получить доступ к админке wordpress 4.5.2. Возможно ли такое?
     
  14. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Попробуй эксплоит найти но я посмотрел не нашёл, и проскань впсканом
     
    #335 Sensoft, 23 Sep 2016
    Last edited: 24 Sep 2016
  15. nikrus

    nikrus New Member

    Joined:
    23 Sep 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    Впскан не кажет уязвимостей... Вопрос актуален, естественно все труды будут оплачены.
     
  16. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    кинь ссылку в лс
     
  17. nikrus

    nikrus New Member

    Joined:
    23 Sep 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    Вопрос по админке актуален
     
  18. jakonda1001

    jakonda1001 New Member

    Joined:
    17 Mar 2016
    Messages:
    178
    Likes Received:
    3
    Reputations:
    0
    скинь в личку
     
  19. nikrus

    nikrus New Member

    Joined:
    23 Sep 2016
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    Народ, неужели это нереально?