[ Обзор уязвимостей WordPress ]

Discussion in 'Веб-уязвимости' started by ettee, 5 Oct 2007.

  1. VY_CMa

    VY_CMa Green member

    Joined:
    6 Jan 2012
    Messages:
    917
    Likes Received:
    492
    Reputations:
    724
    В связи с переходом многих хостинг компаний на PHP7 и другие версии, в которых отсутствуют некоторые функции, стали появляться интересные сообщения об ошибках, включающие чувствительную информацию. Следующий пример демонстрирует раскрытие данных для подключения к базе данных.
    Code:
    depts.washington.edu/leaders1/elizabeth-smith/feed/
    Dork:
    Code:
    intext:Stack trace #0 wpdb->__construct(
     
    _________________________
  2. VY_CMa

    VY_CMa Green member

    Joined:
    6 Jan 2012
    Messages:
    917
    Likes Received:
    492
    Reputations:
    724
    _________________________
    palec2006 likes this.
  3. jakonda1001

    jakonda1001 New Member

    Joined:
    17 Mar 2016
    Messages:
    178
    Likes Received:
    3
    Reputations:
    0
    нашел способ заливки шелла в wordpress при наличии подключения к mysql и админки (при условие что все папки под запись закрыты или стоит .htaccess) или я изобрел велосипед?
     
  4. jakonda1001

    jakonda1001 New Member

    Joined:
    17 Mar 2016
    Messages:
    178
    Likes Received:
    3
    Reputations:
    0
  5. XuliNam

    XuliNam New Member

    Joined:
    4 Mar 2018
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Привет народ подскажите литературу о поиске и использовании уязвимости WP
     
  6. Exxtazy

    Exxtazy New Member

    Joined:
    2 May 2016
    Messages:
    6
    Likes Received:
    0
    Reputations:
    0
    Подскажите, пожалуйста, какие есть рабочие уязвимости на wordpress 3.9.1 ?
     
  7. newaddidas

    newaddidas New Member

    Joined:
    18 Nov 2016
    Messages:
    13
    Likes Received:
    0
    Reputations:
    0
    Версия 4.2.2 Посоветуйте
     
  8. Rastamanka

    Rastamanka Elder - Старейшина

    Joined:
    26 Nov 2008
    Messages:
    429
    Likes Received:
    11
    Reputations:
    7
    Что за способ если не секрет?
     
  9. Goore

    Goore New Member

    Joined:
    30 Mar 2010
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
  10. karkajoi

    karkajoi Well-Known Member

    Joined:
    26 Oct 2016
    Messages:
    488
    Likes Received:
    459
    Reputations:
    8
    при наличии админки, шел льется в 404 ошибку, вернее в этот файл
     
  11. ChildMay

    ChildMay New Member

    Joined:
    13 Jul 2020
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Подскажите можно ли получть доступ к админке? Один логин нашелся. Можно в личку.
    [+] Headers
    | Interesting Entries:
    | - Server: Apache
    | - X-Redirect-By: WordPress
    | - Upgrade: h2,h2c
    | - X-Endurance-Cache-Level: 2
    | - X-nginx-cache: WordPress
    | Found By: Headers (Passive Detection)
    | Confidence: 100%

    [+] robots.txt found: http://example.com/robots.txt
    | Found By: Robots Txt (Aggressive Detection)
    | Confidence: 100%

    [+] XML-RPC seems to be enabled: http://example.com/xmlrpc.php
    | Found By: Direct Access (Aggressive Detection)
    | Confidence: 100%
    | References:
    | - http://codex.wordpress.org/XML-RPC_Pingback_API
    | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
    | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
    | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
    | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

    [+] WordPress readme found: http://example.com/readme.html
    | Found By: Direct Access (Aggressive Detection)
    | Confidence: 100%

    [+] This site has 'Must Use Plugins': http://example.com/wp-content/mu-plugins/
    | Found By: Direct Access (Aggressive Detection)
    | Confidence: 80%
    | Reference: http://codex.wordpress.org/Must_Use_Plugins

    [+] The external WP-Cron seems to be enabled: http://example.com/wp-cron.php
    | Found By: Direct Access (Aggressive Detection)
    | Confidence: 60%
    | References:
    | - https://www.iplocation.net/defend-wordpress-from-ddos
    | - https://github.com/wpscanteam/wpscan/issues/1299

    [+] WordPress version 6.0.2 identified (Latest, released on 2022-08-30).
    | Found By: Emoji Settings (Passive Detection)
    | - http://www.example.com/60274a2.html, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=6.0.2'
    | Confirmed By: Meta Generator (Passive Detection)
    | - http://www.example.com/60274a2.html, Match: 'WordPress 6.0.2'

    The main theme could not be detected.

    [+] Enumerating Vulnerable Plugins (via Passive Methods)
    [+] Checking Plugin Versions (via Passive and Aggressive Methods)

    No plugins Found.

    [+] Enumerating Users (via Passive and Aggressive Methods)
    Brute Forcing Author IDs - Time: 00:00:18 <==========================================================> (10 / 10) 100.00% Time: 00:00:18

    User(s) Identified:

    [+] admin
    | Found By: Wp Json Api (Aggressive Detection)
    | - http://example.com/wp-json/wp/v2/users/?per_page=100&page=1
    | Confirmed By: Oembed API - Author URL (Aggressive Detection)
    | - http://example.com/wp-json/oembed/1.0/embed?url=http://example.com/&format=json

    [+] WPScan DB API OK
    | Plan: free
    | Requests Done (during the scan): 3
    | Requests Remaining: 72

    [+] Finished: Fri Sep 16 09:54:27 2022
    [+] Requests Done: 64
    [+] Cached Requests: 7
    [+] Data Sent: 17.824 KB
    [+] Data Received: 885.887 KB
    [+] Memory used: 195.398 MB
    [+] Elapsed time: 00:00:48

     
  12. ckpunmkug

    ckpunmkug Member

    Joined:
    20 Mar 2017
    Messages:
    73
    Likes Received:
    72
    Reputations:
    10
    DartPhoenix, CyberTro1n and b3 like this.