Wordpress hack scan: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „ =WPSCAN= *wpscan --url https://www.taribo.de…“) |
(→WPSCAN) |
||
| Zeile 3: | Zeile 3: | ||
=WPSCAN= | =WPSCAN= | ||
| − | *wpscan --url https:// | + | *wpscan --url https://10.0.10.109 4 ⨯ |
<pre> | <pre> | ||
_______________________________________________________________ | _______________________________________________________________ | ||
Version vom 27. Januar 2023, 10:06 Uhr
WPSCAN
- wpscan --url https://10.0.10.109 4 ⨯
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.22
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[+] URL: https://www.taribo.de/ [167.235.68.168]
[+] Started: Wed Oct 19 19:35:11 2022
Interesting Finding(s):
[+] Headers
| Interesting Entry: Server: Apache/2.4.54 (Debian)
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: https://www.taribo.de/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[+] WordPress readme found: https://www.taribo.de/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] This site has 'Must Use Plugins': https://www.taribo.de/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins
[+] Upload directory has listing enabled: https://www.taribo.de/wp-content/uploads/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] The external WP-Cron seems to be enabled: https://www.taribo.de/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 5.9.3 identified (Insecure, released on 2022-04-05).
| Found By: Emoji Settings (Passive Detection)
| - https://www.taribo.de/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.9.3'
| Confirmed By: Meta Generator (Passive Detection)
| - https://www.taribo.de/, Match: 'WordPress 5.9.3'
[+] WordPress theme in use: twentyseventeen
| Location: https://www.taribo.de/wp-content/themes/twentyseventeen/
| Last Updated: 2022-05-24T00:00:00.000Z
| Readme: https://www.taribo.de/wp-content/themes/twentyseventeen/readme.txt
| [!] The version is out of date, the latest version is 3.0
| Style URL: https://www.taribo.de/wp-content/themes/twentyseventeen/style.css?ver=20201208
| Style Name: Twenty Seventeen
| Style URI: https://wordpress.org/themes/twentyseventeen/
| Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...
| Author: the WordPress team
| Author URI: https://wordpress.org/
|
| Found By: Css Style In Homepage (Passive Detection)
|
| Version: 2.9 (80% confidence)
| Found By: Style (Passive Detection)
| - https://www.taribo.de/wp-content/themes/twentyseventeen/style.css?ver=20201208, Match: 'Version: 2.9'
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
[i] Plugin(s) Identified:
[+] simple-file-list
| Location: https://www.taribo.de/wp-content/plugins/simple-file-list/
| Last Updated: 2022-09-08T17:07:00.000Z
| [!] The version is out of date, the latest version is 4.4.13
|
| Found By: Urls In Homepage (Passive Detection)
|
| Version: 4.2.2 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.taribo.de/wp-content/plugins/simple-file-list/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.taribo.de/wp-content/plugins/simple-file-list/readme.txt
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:02 <=============================================================================> (137 / 137) 100.00% Time: 00:00:02
[i] No Config Backups Found.
[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
[+] Finished: Wed Oct 19 19:35:21 2022
[+] Requests Done: 172
[+] Cached Requests: 5
[+] Data Sent: 43.43 KB
[+] Data Received: 442.947 KB
[+] Memory used: 247.684 MB
[+] Elapsed time: 00:00:10