02.03.2014, 14:32
|
|
Новичок
Регистрация: 12.02.2013
Сообщений: 21
Провел на форуме:
6813
Репутация:
0
|
|
Привет всем)Вот результат пентеста.Кто чё скажет?
[QUOTE="result"]
__________________________________________________ _____________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.2
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
__________________________________________________ _____________
| URL: http://*****.ru/
| Started: Sun Mar 2 09:12:15 2014
[+] robots.txt available under: 'http://*****.ru/robots.txt'
[!] The WordPress 'http://*****.ru/readme.html' file exists
[+] Interesting header: KEEP-ALIVE: timeout=20
[+] Interesting header: SERVER: nginx
[+] XML-RPC Interface available under: http://*****.ru/xmlrpc.php
[+] WordPress version 3.3.1 identified from meta generator
[!] 5 vulnerabilities identified from the version number:
|
| * Title: Multiple vulnerabilities including XSS and Privilege Escalation
| * Reference: http://wordpress.org/news/2012/04/wordpress-3-3-2/
|
| * Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities
| * Reference: http://www.exploit-db.com/exploits/18791/
|
| * Title: XSS vulnerability in swfupload in WordPress
| * Reference: http://seclists.org/fulldisclosure/2012/Nov/51
|
| * Title: XMLRPC Pingback API Internal/External Port Scanning
| * Reference: https://github.com/FireFart/WordpressPingbackPortScan..
|
| * Title: WordPress XMLRPC pingback additional issues
| * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback..
[+] WordPress theme in use: f2 v1.0.10
| Name: f2 v1.0.10
| Location: http://*****.ru/wp-content/themes/f2/
[+] Enumerating plugins from passive detection ...
| 2 plugins found:
| Name: contact-form-plugin v3.38
| Location: http://*****.ru/wp-content/plugins/contact-form-plugin/
| Readme: http://*****.ru/wp-content/plugins/contact-form-plugi..
|
| * Title: Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS
| * Reference: http://secunia.com/advisories/52250
| * Reference: http://osvdb.org/90503
| Name: nextgen-gallery
| Location: http://*****.ru/wp-content/plugins/nextgen-gallery/
| Readme: http://*****.ru/wp-content/plugins/nextgen-gallery/re..
| Changelog: http://*****.ru/wp-content/plugins/nextgen-gallery/ch..
|
| * Title: SWF Vulnerable to XSS Bundled in Many WordPress Plugins
| * Reference: http://brindi.si/g/blog/vulnerable-swf-bundled-in-wor..
| * Reference: http://secunia.com/advisories/51271
| * Fixed in: 1.9.8
|
| * Title: NextGEN Gallery
|
|
|