Форум АНТИЧАТ - Показать сообщение отдельно - wordpress 3.6.1 анализ уязвимостей. Помогите подобрать подход.

Цитата:

Сообщение от +toxa+

Посмотри
соседей на сервере и
посмотри
что есть на сервере из папок.

Здравствуйте! Соседей вроде бы как нет.

Вот развёрнутый анализ wpscan:

| Started:

[+] robots.txt available under: 'http://site.ru/robots.txt'

[!] The WordPress 'http://site.ru/readme.html' file exists

[!] Full Path Disclosure (FPD) in: 'http://site.ru/wp-includes/rss-functions.php'

[+] Interesting header: SERVER: nginx/1.4.2

[+] Interesting header: WP-SUPER-CACHE: Served supercache file from PHP

[+] Interesting header: X-POWERED-BY: PHP/5.3.13

[+] XML-RPC Interface available under: http://site.ru/xmlrpc.php

[+] WordPress version 3.6.1 identified from meta generator

[+] WordPress theme in use: responsive v1.9.3.8

| Name: responsive v1.9.3.8

| Location: http://site.ru/wp-content/themes/responsive/

| Readme: http://site.ru/wp-content/themes/responsive/readme.txt

| Changelog: http://site.ru/wp-content/themes/responsive/changelog.txt

[+] Enumerating installed plugins ...

Time: 00:01:58 (2615 / 2615) 100.00% Time: 00:01:58

[+] We found 22 plugins:

| Name: adminimize v1.8.4

| Location: http://site.ru/wp-content/plugins/adminimize/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/adminimize/readme.txt

|

| * Title: adminimize 1.7.21 - Cross-Site Scripting Vulnerabilities

| * Reference: http://seclists.org/bugtraq/2011/Nov/135

| Name: contact-form-7 v3.5.4

| Location: http://site.ru/wp-content/plugins/contact-form-7/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/contact-form-7/readme.txt

| Name: createit-jquery-3level-accordion-menu

| Location: http://site.ru/wp-content/plugins/createit-jquery-3level-accordion-menu/

| Name: display-posts-shortcode v2.3

| Location: http://site.ru/wp-content/plugins/display-posts-shortcode/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/display-posts-shortcode/readme.txt

| Name: easy-fancybox v1.5.5

| Location: http://site.ru/wp-content/plugins/easy-fancybox/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/easy-fancybox/readme.txt

| Name: fotorama v4.4.6

| Location: http://site.ru/wp-content/plugins/fotorama/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/fotorama/readme.txt

| Name: mp6

| Location: http://site.ru/wp-content/plugins/mp6/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/mp6/readme.txt

| Name: responsive-add-ons v1.0.4

| Location: http://site.ru/wp-content/plugins/responsive-add-ons/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/responsive-add-ons/readme.txt

| Name: revslider

| Location: http://site.ru/wp-content/plugins/revslider/

| Directory listing enabled: Yes

| Name: rustolat v0.3

| Location: http://site.ru/wp-content/plugins/rustolat/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/rustolat/readme.txt

| Name: simple-scroll-to-top v2.4.0

| Location: http://site.ru/wp-content/plugins/simple-scroll-to-top/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/simple-scroll-to-top/readme.txt

| Name: sitemap v4.2

| Location: http://site.ru/wp-content/plugins/sitemap/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/sitemap/readme.txt

| Name: sitemap-generator-wp v1.08

| Location: http://site.ru/wp-content/plugins/sitemap-generator-wp/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/sitemap-generator-wp/readme.txt

| Name: smooth-page-scroll-to-top v0.3

| Location: http://site.ru/wp-content/plugins/smooth-page-scroll-to-top/

| Readme: http://site.ru/wp-content/plugins/smooth-page-scroll-to-top/readme.txt

| Name: smooth-scroll-up

| Location: http://site.ru/wp-content/plugins/smooth-scroll-up/

| Directory listing enabled: Yes

| Name: themefuse-maintenance-mode v1.1.3

| Location: http://site.ru/wp-content/plugins/themefuse-maintenance-mode/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/themefuse-maintenance-mode/readme.txt

| Name: touchcarousel

| Location: http://site.ru/wp-content/plugins/touchcarousel/

| Directory listing enabled: Yes

| Name: vslider v4.1.2

| Location: http://site.ru/wp-content/plugins/vslider/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/vslider/readme.txt

| Name: widget-logic v0.56

| Location: http://site.ru/wp-content/plugins/widget-logic/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/widget-logic/readme.txt

| Name: wordpress-importer v0.6

| Location: http://site.ru/wp-content/plugins/wordpress-importer/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/wordpress-importer/readme.txt

| Name: wordpress-seo v1.4.19

| Location: http://site.ru/wp-content/plugins/wordpress-seo/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/wordpress-seo/readme.txt

| Changelog: http://site.ru/wp-content/plugins/wordpress-seo/changelog.txt

|

| * Title: WordPress SEO 1.14.15 - index.php s Parameter Reflected XSS

| * Reference: http://packetstormsecurity.com/files/123028/

| * Reference: http://osvdb.org/97885

|

| * Title: WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass

| * Reference: http://secunia.com/advisories/52949

| * Reference: http://osvdb.org/92147

| Name: wp-super-cache v1.4

| Location: http://site.ru/wp-content/plugins/wp-super-cache/

| Directory listing enabled: Yes

| Readme: http://site.ru/wp-content/plugins/wp-super-cache/readme.txt

[+] Finished

---------------------------------------------------

[+] Enumerating installed themes ...

Time: 00:00:26 (491 / 491) 100.00% Time: 00:00:26

[+] We found 1 themes:

| Name: responsive v1.9.3.8

| Location: http://site.ru/wp-content/themes/responsive/

| Readme: http://site.ru/wp-content/themes/responsive/readme.txt

| Changelog: http://site.ru/wp-content/themes/responsive/changelog.txt

[+] Finished

---------------------------------------------------

[+] Enumerating usernames ...

[+] We found the following 1 user/s:

+----+-------+------------------+

| Id | Login | Name |

+----+-------+------------------+

| 1 | admin | admin, Author at |

+----+-------+------------------+

[+] Finished

---------------------------------------------------

[+] Enumerating timthumb files ...

Time: 00:01:58 (2430 / 2430) 100.00% Time: 00:01:58

[+] We found 1 timthumb file/s:

|[!] http://site.ru/wp-content/plugins/vslider/timthumb.php v2.8.10

* Reference: http://www.exploit-db.com/exploits/17602/

[+] Finished

---------------------------------------------------

Брутфорс пароля результата не дал, было проверено около 500000 вариантов.