ANTICHAT — форум по информационной безопасности, OSINT и технологиям

Здравствуйте, уважаемые хакеры, программисты и просто любители, на сервере стоит wordpress 3.6.1

Сканнирование программой wpscan показало, что имеются две уязвимости:

1)

| Name: adminimize v1.8.4

| Location: http://www.site.ru/wp-content/plugins/adminimize/

| Directory listing enabled: Yes

| Readme: http://www.site.ru/wp-content/plugins/adminimize/readme.txt

|

| * Title: adminimize 1.7.21 - Cross-Site Scripting Vulnerabilities

| * Reference: http://seclists.org/bugtraq/2011/Nov/135

Wordpress adminimize.1.7.21 Plugin Cross-Site Scripting Vulnerabilities

Download......: http://wordpress.org/extend/plugins/adminimize/

Bug Found.....: IrIsT™

Exploit.......: http://www.site.com/[path]/wp-content/plugins/adminimize/adminimize_page.php?page=[xss]

2)

| Name: wordpress-seo v1.4.19

| Location: http://www.site.ru/wp-content/plugins/wordpress-seo/

| Directory listing enabled: Yes

| Readme: http://www.site.ru/wp-content/plugins/wordpress-seo/readme.txt

| Changelog: http://www.site.ru/wp-content/plugins/wordpress-seo/changelog.txt

|

| * Title: WordPress SEO 1.14.15 - index.php s Parameter Reflected XSS

| * Reference: http://packetstormsecurity.com/files/123028/

| * Reference: http://osvdb.org/97885

|

| * Title: WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass

| * Reference: http://secunia.com/advisories/52949

| * Reference: http://osvdb.org/92147

Discussion:

Yoast SEO Plugin v1.14.15 has a xss vulnerability due to lack of search

sanitation.

Exploit:

This can be exploited with a browser and is usually executed inside the

search parameter of the website.

Proof of concept:

http://5linx.com/?s=">alert(document.cookie);

Description: WordPress SEO by Yoast Plugin for WordPress contains a flaw that is due to the program failing to properly restrict access to users. This may allow a remote attacker to bypass restrictions placed on the 'reset settings' feature.

Classification:

Location: Remote / Network Access

Attack Type: Input Manipulation

Impact: Loss of Integrity

Solution: Solution Unknown

Exploit: Exploit Private

Disclosure: Vendor Verified, Third-party Verified

OSVDB: Web Related

Подскажите, опасны ли они?

Ещё немного информации от nmap, по открытым портам (17):

21 - tcp - open - ftp - Pure-FTPd

22 - tcp - open - ssh - OpenSSH 5.3 (protocol 2.0)

25 - tcp - open - smtp - Exim smtpd 4.80.1

53 - tcp - open - domain

80 - tcp - open - http - nginx 1.4.2

110 - tcp - open - pop3 - Dovecot pop3d

111 - tcp - open - rpcbind - 2-4 (RPC#100000)

135 - tcp - filtered - msrpc

139 - tcp - filtered - netbios-ssn

143 - tcp - open - imap - Dovecot imapd

179 - tcp - filtered - bgp

443 - tcp - open - http - nginx 1.4.2

445 - tcp - filtered - microsoft-ds

465 - tcp - open - smtp - Exim smtpd 4.80.1

587 - tcp - open - smtp - Exim smtpd 4.80.1

993 - tcp - open - imap - Dovecot imapd

995 - tcp - open - pop3 - Dovecot pop3d

1720 - tcp - filtered - H.323/Q.931

3306 - tcp - open - mysql - MySQL 5.1.71-rel14.9

5666 - tcp - open - tcpwrapped

8080 - tcp - open - http - Apache httpd 2.2.25

8081 - tcp - open - http - Apache httpd 2.2.25