WPScan漏洞扫描,脆弱攻击,密码爆破+Wordpress靶机搭建

其他 2018-08-18 07:24:26 阅读次数: 0

一、什么是Wpscan?什么是Wordpres?

1.Wpscan

WPScan是一个扫描WordPress漏洞的黑盒子扫描器,可以扫描出wordpress的版本,主题,插件,后台用户以及爆破后台用户密码等。

 2.Wordpress

       WordPress是一种使用PHP语言和MySQL数据库开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设属于自己的网站。也可以把 WordPress当作一个内容管理系统(CMS)来使用。WordPress有许多第三方开发的免费模板,安装方式简单易用。

二、Wordpress系统的搭建

1.下载Wordpress  

        TURNKEYLINUX是linux一站式软件站,在浏览器地址栏输入 https://www.turnkeylinux.org/   访问官网下载Wordpress

点击Wordpress进入下载页

这里显示不同版本的系统类型,VM可直接导入VM虚拟机进行安装,此处我们考虑下载文件大小选择 v 14.2 ISO版本

使用Wordpress ios 光盘镜像新建一个WordPress虚拟机,并启动虚拟机显示如下图

选择 Install to hard disk (选择安装到虚拟机硬盘) 按回车键显示如下图

分区方式选择

1使用整个磁盘并设置为LVM

2使用整个磁盘

3手动分区

此处我们选择第一项出现如下图所示

提示是否改变磁盘并设置为LVM,此处选择yes出现如下图所示

显示LVM配置信息,选择OK出现如下图所示

该界面显示磁盘分区信息,提示是否向磁盘写入数据,选择yes出现如下图界面

安装GRUB引导,选择yes出现如下界面

该界面提示Wordpress 已经安装完成,是否需要重新启动,此处选择yes出现如下所示界面

为root用户设置一个新密码,密码长度8位,由大写字母,小写字母,数字,符号至少三种组成

 输入密码后回车

再次输入密码后回车出现如下图所示界面

为MySQL服务的root用户输入新密码

输入密码后回车确认显示如下图所示界面

 再次输入密码回车后出现如下所示界面

为WordPress系统的用户admin设置一个密码

输入密码后回车确认显示如下图所示界面

再次输入密码出现如下图所示界面

提示为admin设置邮件地址,这里默认就好,点击apply应用

 

显示Hub初始化服务信息,选择Skip跳过出现如下图所示界面

输入信息反馈邮箱,此跳过处默认即可,选择Skip出现如下界面

提示是否安装更新,选择Install出现如下界面

内核工具更新,此处选择REboot后出现如下界面

该界面显示了Wordpress应用服务的详细信息,如Web地址,Webshell地址,Webmin地址,PHPMyAdmin的地址和端口号以及SSH/SFTP地址和端口号。

出现此界面表明WordPress Turnkey Linux 搭建完成,可以使用。

 三、使用Wpscsn对WordPress进行漏洞扫描

利用 “wpscan -h”命令,可查看Wpscan的版本,常用选项,功能介绍,例程等;

  1 root@kali:~# wpscan -h
  2 _______________________________________________________________
  3         __          _______   _____                  
  4         \ \        / /  __ \ / ____|                 
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __  
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9 
 10         WordPress Security Scanner by the WPScan Team 
 11                        Version 2.9.1                   //Wpscan版本信息
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15 
 16 Help :
 17 
 18 Some values are settable in a config file, see the example.conf.json
 19 
 20 --update                            Update the database to the latest version.
    #更新命令  命令“root@kali:~# wpscan --update”
 21 --url       | -u <target url>       The WordPress URL/domain to scan.
    #指定URL/域进行扫描  命令“root@kali:~# wpscan --url 地址”或“root@kali:~# wpscan -u 地址”
 22 --force     | -f                    Forces WPScan to not check if the remote site is running WordPress.
    #强制Wpscan不检查远程正在运行WordPress的主机  

 23 --enumerate | - 
 24   option :
 25     u        usernames from id 1 to 10 
#默认用户1-用户10
 26     u[10-20] usernames from id 10 to 20 (you must write [] chars)
#默认用户10-20([]中字符必须写)
 27     p        plugins
#插件程序
 28     vp       only vulnerable plugins
#仅漏洞插件程序

29     ap       all plugins (can take a long time)
#所有插件程序(耗时比较长)

 30     tt       timthumbs

#小号 
31     t        themes#主题 
32  vt only vulnerable themes

#仅漏洞主题 
33 at all themes (can take a long time)

#所有主题 
34 Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugi

#多值参数
 35 If no option is supplied, the default is "vt,tt,u,vp" 无参默认  37 --exclude-content-based "<regexp or string>"  38 Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.  39 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).  40 --config-file | -c <config file> Use the specified config file, see the example.conf.json.
配置文佳  41 --user-agent | -a <User-Agent> Use the specified User-Agent.
指定用户代理  42 --cookie <String> String to read cookies from.
cookie字符串读取  43 --random-agent | -r Use a random User-Agent.
代理  44 --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
跟踪重定向目标网址  45 --batch Never ask for user input, use the default behaviour.
不请求用户输入使用默认  46 --no-color Do not use colors in the output.
不在输出中使用颜色  47 --wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.  48  Subdirectories are allowed. WPScan尝试通过扫描索引页面来查找内容目录(即wp-content),但是您可以指定它。允许使用子目录。
 49 --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory.  50 If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed ame比--wp-content-dir但是对于plugins目录。 如果没有提供,WPScan将使用wp-content-dir / plugins。 允许子目录
 51 --proxy <[protocol://]host:port> Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.  52 If no protocol is given (format host:port), HTTP will be used.
 53 --proxy-auth <username:password> Supply the proxy login credentials. 提供代理登陆凭证
 54 --basic-auth <username:password> Set the HTTP Basic authentication. 
设置HTTP基本认证
 55 --wordlist | -w <wordlist> Supply a wordlist for the password brute forcer.
为暴力密码破解指定密码字典
 56 --username | -U <username> Only brute force the supplied username.
指定暴力破解用户  57 --usernames <path-to-file> Only brute force the usernames from the file. 仅从密码字典中暴力破解用户名
 58 --threads | -t <number of threads> The number of threads to use when multi-threading requests.
多线程指定线程数 
 59 --cache-ttl <cache-ttl> Typhoeus cache TTL.  60 --request-timeout <request-timeout> Request Timeout. 请求时间间隔
 61 --connect-timeout <connect-timeout> Connect Timeout. 连接时间间隔
 62 --max-threads <max-threads> Maximum Threads. 最大线程数 
 63 --throttle <milliseconds> Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.
在执行另一个Web请求之前等待的毫秒数。 如果使用,则--threads应设置为1。  64 --help | -h This help screen.  65 --verbose | -v Verbose output.  66 --version Output the current version and exit.  67  68  69 Examples :  70 帮助  71 -Further help ...  72 ruby ./wpscan.rb --help
 73 做“非侵入性”检查  74 -Do 'non-intrusive' checks ...  75 ruby ./wpscan.rb --url www.example.com
 76 使用50个线程对枚举的用户做单词列表密码蛮力…  77 -Do wordlist password brute force on enumerated users using 50 threads ...  78 ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
 79 做单词表密码蛮力上的“管理员”用户名只…  80 -Do wordlist password brute force on the 'admin' username only ...  81 ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
 82 枚举安装的插件…  83 -Enumerate installed plugins ...  84 ruby ./wpscan.rb --url www.example.com --enumerate p
 85 枚举安装的主题  86 -Enumerate installed themes ...  87 ruby ./wpscan.rb --url www.example.com --enumerate t
 88 枚举用户  89 -Enumerate users ...  90 ruby ./wpscan.rb --url www.example.com --enumerate u
 91 枚举安装的TimTrBBS  92 -Enumerate installed timthumbs ...  93 ruby ./wpscan.rb --url www.example.com --enumerate tt
 94 使用HTTP代理  95 -Use a HTTP proxy ...  96 ruby ./wpscan.rb --url www.example.com --proxy 127.0.0.1:8118
 97 使用SoCKS5代理  98 -Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)  99 ruby ./wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000
100 使用自定义内容目录 101 -Use custom content directory ... 102 ruby ./wpscan.rb -u www.example.com --wp-content-dir custom-content
103 使用自定义插件目录 104 -Use custom plugins directory ... 105 ruby ./wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins 106 更新数据库 107 -Update the DB ... 108 ruby ./wpscan.rb --update 109 调试输出 110 -Debug output ... 111 ruby ./wpscan.rb --url www.example.com --debug-output 2>debug.log 112 113 See README for further information.
wpscan -u 192.168.64.138 /wpscan --url 192.168.64.138 

  1 root@kali:~# wpscan -u 192.168.64.138 
  2 _______________________________________________________________
  3         __          _______   _____                  
  4         \ \        / /  __ \ / ____|                 
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __  
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9 
 10         WordPress Security Scanner by the WPScan Team 
 11                        Version 2.9.1
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15 
 16 [+] URL: http://192.168.64.138/
 17 [+] Started: Fri Aug 17 23:20:05 2018
 18 
 19 [!] The WordPress 'http://192.168.64.138/readme.html' file exists exposing a version number
 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/"
 21 [+] Interesting header: SERVER: Apache
 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php
 23 
 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20)
 25 [!] 25 vulnerabilities identified from the version number
 26 
 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
 28     Reference: https://wpvulndb.com/vulnerabilities/8807
 29     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 30     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
 31     Reference: https://core.trac.wordpress.org/ticket/25239
 32     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
 33 
 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
 35     Reference: https://wpvulndb.com/vulnerabilities/8815
 36     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 37     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 38     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
 39 [i] Fixed in: 4.7.5
 40 
 41 [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
 42     Reference: https://wpvulndb.com/vulnerabilities/8816
 43     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 44     Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
 45     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
 46 [i] Fixed in: 4.7.5
 47 
 48 [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks 
 49     Reference: https://wpvulndb.com/vulnerabilities/8817
 50     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 51     Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
 52     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
 53 [i] Fixed in: 4.7.5
 54 
 55 [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
 56     Reference: https://wpvulndb.com/vulnerabilities/8818
 57     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 58     Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
 59     Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
 60     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
 61 [i] Fixed in: 4.7.5
 62 
 63 [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
 64     Reference: https://wpvulndb.com/vulnerabilities/8819
 65     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 66     Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
 67     Reference: https://hackerone.com/reports/203515
 68     Reference: https://hackerone.com/reports/203515
 69     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
 70 [i] Fixed in: 4.7.5
 71 
 72 [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
 73     Reference: https://wpvulndb.com/vulnerabilities/8820
 74     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 75     Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
 76     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
 77 [i] Fixed in: 4.7.5
 78 
 79 [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
 80     Reference: https://wpvulndb.com/vulnerabilities/8905
 81     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 82     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
 83     Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
 84 [i] Fixed in: 4.7.6
 85 
 86 [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
 87     Reference: https://wpvulndb.com/vulnerabilities/8906
 88     Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
 89     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 90     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
 91     Reference: https://wpvulndb.com/vulnerabilities/8905
 92 [i] Fixed in: 4.7.5
 93 
 94 [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
 95     Reference: https://wpvulndb.com/vulnerabilities/8910
 96     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 97     Reference: https://core.trac.wordpress.org/changeset/41398
 98     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
 99 [i] Fixed in: 4.7.6
100 
101 [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
102     Reference: https://wpvulndb.com/vulnerabilities/8911
103     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
104     Reference: https://core.trac.wordpress.org/changeset/41457
105     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
106 [i] Fixed in: 4.7.6
107 
108 [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer 
109     Reference: https://wpvulndb.com/vulnerabilities/8912
110     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
111     Reference: https://core.trac.wordpress.org/changeset/41397
112     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
113 [i] Fixed in: 4.7.6
114 
115 [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
116     Reference: https://wpvulndb.com/vulnerabilities/8913
117     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
118     Reference: https://core.trac.wordpress.org/changeset/41448
119     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
120 [i] Fixed in: 4.7.6
121 
122 [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
123     Reference: https://wpvulndb.com/vulnerabilities/8914
124     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
125     Reference: https://core.trac.wordpress.org/changeset/41395
126     Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
127     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
128 [i] Fixed in: 4.7.6
129 
130 [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
131     Reference: https://wpvulndb.com/vulnerabilities/8941
132     Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
133     Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
134     Reference: https://twitter.com/ircmaxell/status/923662170092638208
135     Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
136     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
137 [i] Fixed in: 4.7.7
138 
139 [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
140     Reference: https://wpvulndb.com/vulnerabilities/8966
141     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
142     Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
143     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
144 [i] Fixed in: 4.7.8
145 
146 [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
147     Reference: https://wpvulndb.com/vulnerabilities/8967
148     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
149     Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
150     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
151 [i] Fixed in: 4.7.8
152 
153 [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
154     Reference: https://wpvulndb.com/vulnerabilities/8968
155     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
156     Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
157     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
158 [i] Fixed in: 4.7.8
159 
160 [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
161     Reference: https://wpvulndb.com/vulnerabilities/8969
162     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
163     Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
164     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
165 [i] Fixed in: 4.7.8
166 
167 [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
168     Reference: https://wpvulndb.com/vulnerabilities/9006
169     Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
170     Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
171     Reference: https://core.trac.wordpress.org/ticket/42720
172     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
173 [i] Fixed in: 4.7.9
174 
175 [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
176     Reference: https://wpvulndb.com/vulnerabilities/9021
177     Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
178     Reference: https://github.com/quitten/doser.py
179     Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
180     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
181 
182 [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
183     Reference: https://wpvulndb.com/vulnerabilities/9053
184     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
185     Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
186     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
187 [i] Fixed in: 4.7.10
188 
189 [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
190     Reference: https://wpvulndb.com/vulnerabilities/9054
191     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
192     Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
193     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
194 [i] Fixed in: 4.7.10
195 
196 [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
197     Reference: https://wpvulndb.com/vulnerabilities/9055
198     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
199     Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
200     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
201 [i] Fixed in: 4.7.10
202 
203 [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
204     Reference: https://wpvulndb.com/vulnerabilities/9100
205     Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
206     Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
207     Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
208     Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
209     Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
210     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
211 [i] Fixed in: 4.7.11
212 
213 [+] WordPress theme in use: twentyseventeen - v1.2
214 
215 [+] Name: twentyseventeen - v1.2
216  |  Location: http://192.168.64.138/wp-content/themes/twentyseventeen/
217  |  Readme: http://192.168.64.138/wp-content/themes/twentyseventeen/README.txt
218 [!] The version is out of date, the latest version is 1.7
219  |  Style URL: http://192.168.64.138/wp-content/themes/twentyseventeen/style.css
220  |  Theme Name: Twenty Seventeen
221  |  Theme URI: https://wordpress.org/themes/twentyseventeen/
222  |  Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a...
223  |  Author: the WordPress team
224  |  Author URI: https://wordpress.org/
225 
226 [+] Enumerating plugins from passive detection ...
227  | 1 plugin found:
228 
229 [+] Name: wp-super-cache
230  |  Latest version: 1.6.3 
231  |  Location: http://192.168.64.138/wp-content/plugins/wp-super-cache/
232 
233 [!] We could not determine a version so all vulnerabilities are printed out
234 
235 [!] Title: WP-Super-Cache 1.3 - Remote Code Execution
236     Reference: https://wpvulndb.com/vulnerabilities/6623
237     Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
238     Reference: http://wordpress.org/support/topic/pwn3d
239     Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
240 [i] Fixed in: 1.3.1
241 
242 [!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
243     Reference: https://wpvulndb.com/vulnerabilities/6624
244     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
245 [i] Fixed in: 1.3.1
246 
247 [!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
248     Reference: https://wpvulndb.com/vulnerabilities/6625
249     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
250 [i] Fixed in: 1.3.1
251 
252 [!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
253     Reference: https://wpvulndb.com/vulnerabilities/6626
254     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
255 [i] Fixed in: 1.3.1
256 
257 [!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
258     Reference: https://wpvulndb.com/vulnerabilities/6627
259     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
260 [i] Fixed in: 1.3.1
261 
262 [!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
263     Reference: https://wpvulndb.com/vulnerabilities/6628
264     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
265 [i] Fixed in: 1.3.1
266 
267 [!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
268     Reference: https://wpvulndb.com/vulnerabilities/6629
269     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
270 [i] Fixed in: 1.3.1
271 
272 [!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)
273     Reference: https://wpvulndb.com/vulnerabilities/7889
274     Reference: http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
275 [i] Fixed in: 1.4.3
276 
277 [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
278     Reference: https://wpvulndb.com/vulnerabilities/8197
279     Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/
280 [i] Fixed in: 1.4.5
281 
282 [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection
283     Reference: https://wpvulndb.com/vulnerabilities/8198
284     Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/
285 [i] Fixed in: 1.4.5
286 
287 [+] Finished: Fri Aug 17 23:20:10 2018
288 [+] Requests Done: 50
289 [+] Memory used: 50.062 MB
290 [+] Elapsed time: 00:00:04
wpscan -u 192.168.64.138 -e u vp
命令详解 -e使用枚举方式  u 扫描ID1-ID10   vp扫描漏洞插件
  1 root@kali:~# wpscan -u 192.168.64.138 -e u vp
  2 _______________________________________________________________
  3         __          _______   _____                  
  4         \ \        / /  __ \ / ____|                 
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __  
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9 
 10         WordPress Security Scanner by the WPScan Team 
 11                        Version 2.9.1
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15 
 16 [+] URL: http://192.168.64.138/
 17 [+] Started: Fri Aug 17 23:30:12 2018
 18 
 19 [!] The WordPress 'http://192.168.64.138/readme.html' file exists exposing a version number
 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/"
 21 [+] Interesting header: SERVER: Apache
 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php
 23 
 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20)
 25 [!] 25 vulnerabilities identified from the version number
 26 
 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
 28     Reference: https://wpvulndb.com/vulnerabilities/8807
 29     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 30     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
 31     Reference: https://core.trac.wordpress.org/ticket/25239
 32     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
 33 
 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
 35     Reference: https://wpvulndb.com/vulnerabilities/8815
 36     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 37     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 38     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
 39 [i] Fixed in: 4.7.5
 40 
 41 [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
 42     Reference: https://wpvulndb.com/vulnerabilities/8816
 43     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 44     Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
 45     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
 46 [i] Fixed in: 4.7.5
 47 
 48 [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks 
 49     Reference: https://wpvulndb.com/vulnerabilities/8817
 50     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 51     Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
 52     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
 53 [i] Fixed in: 4.7.5
 54 
 55 [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
 56     Reference: https://wpvulndb.com/vulnerabilities/8818
 57     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 58     Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
 59     Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
 60     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
 61 [i] Fixed in: 4.7.5
 62 
 63 [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
 64     Reference: https://wpvulndb.com/vulnerabilities/8819
 65     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 66     Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
 67     Reference: https://hackerone.com/reports/203515
 68     Reference: https://hackerone.com/reports/203515
 69     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
 70 [i] Fixed in: 4.7.5
 71 
 72 [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
 73     Reference: https://wpvulndb.com/vulnerabilities/8820
 74     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 75     Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
 76     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
 77 [i] Fixed in: 4.7.5
 78 
 79 [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
 80     Reference: https://wpvulndb.com/vulnerabilities/8905
 81     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 82     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
 83     Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
 84 [i] Fixed in: 4.7.6
 85 
 86 [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
 87     Reference: https://wpvulndb.com/vulnerabilities/8906
 88     Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
 89     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 90     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
 91     Reference: https://wpvulndb.com/vulnerabilities/8905
 92 [i] Fixed in: 4.7.5
 93 
 94 [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
 95     Reference: https://wpvulndb.com/vulnerabilities/8910
 96     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 97     Reference: https://core.trac.wordpress.org/changeset/41398
 98     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
 99 [i] Fixed in: 4.7.6
100 
101 [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
102     Reference: https://wpvulndb.com/vulnerabilities/8911
103     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
104     Reference: https://core.trac.wordpress.org/changeset/41457
105     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
106 [i] Fixed in: 4.7.6
107 
108 [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer 
109     Reference: https://wpvulndb.com/vulnerabilities/8912
110     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
111     Reference: https://core.trac.wordpress.org/changeset/41397
112     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
113 [i] Fixed in: 4.7.6
114 
115 [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
116     Reference: https://wpvulndb.com/vulnerabilities/8913
117     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
118     Reference: https://core.trac.wordpress.org/changeset/41448
119     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
120 [i] Fixed in: 4.7.6
121 
122 [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
123     Reference: https://wpvulndb.com/vulnerabilities/8914
124     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
125     Reference: https://core.trac.wordpress.org/changeset/41395
126     Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
127     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
128 [i] Fixed in: 4.7.6
129 
130 [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
131     Reference: https://wpvulndb.com/vulnerabilities/8941
132     Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
133     Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
134     Reference: https://twitter.com/ircmaxell/status/923662170092638208
135     Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
136     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
137 [i] Fixed in: 4.7.7
138 
139 [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
140     Reference: https://wpvulndb.com/vulnerabilities/8966
141     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
142     Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
143     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
144 [i] Fixed in: 4.7.8
145 
146 [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
147     Reference: https://wpvulndb.com/vulnerabilities/8967
148     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
149     Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
150     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
151 [i] Fixed in: 4.7.8
152 
153 [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
154     Reference: https://wpvulndb.com/vulnerabilities/8968
155     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
156     Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
157     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
158 [i] Fixed in: 4.7.8
159 
160 [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
161     Reference: https://wpvulndb.com/vulnerabilities/8969
162     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
163     Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
164     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
165 [i] Fixed in: 4.7.8
166 
167 [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
168     Reference: https://wpvulndb.com/vulnerabilities/9006
169     Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
170     Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
171     Reference: https://core.trac.wordpress.org/ticket/42720
172     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
173 [i] Fixed in: 4.7.9
174 
175 [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
176     Reference: https://wpvulndb.com/vulnerabilities/9021
177     Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
178     Reference: https://github.com/quitten/doser.py
179     Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
180     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
181 
182 [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
183     Reference: https://wpvulndb.com/vulnerabilities/9053
184     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
185     Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
186     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
187 [i] Fixed in: 4.7.10
188 
189 [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
190     Reference: https://wpvulndb.com/vulnerabilities/9054
191     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
192     Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
193     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
194 [i] Fixed in: 4.7.10
195 
196 [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
197     Reference: https://wpvulndb.com/vulnerabilities/9055
198     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
199     Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
200     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
201 [i] Fixed in: 4.7.10
202 
203 [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
204     Reference: https://wpvulndb.com/vulnerabilities/9100
205     Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
206     Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
207     Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
208     Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
209     Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
210     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
211 [i] Fixed in: 4.7.11
212 
213 [+] WordPress theme in use: twentyseventeen - v1.2
214 
215 [+] Name: twentyseventeen - v1.2
216  |  Location: http://192.168.64.138/wp-content/themes/twentyseventeen/
217  |  Readme: http://192.168.64.138/wp-content/themes/twentyseventeen/README.txt
218 [!] The version is out of date, the latest version is 1.7
219  |  Style URL: http://192.168.64.138/wp-content/themes/twentyseventeen/style.css
220  |  Theme Name: Twenty Seventeen
221  |  Theme URI: https://wordpress.org/themes/twentyseventeen/
222  |  Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a...
223  |  Author: the WordPress team
224  |  Author URI: https://wordpress.org/
225 
226 [+] Enumerating plugins from passive detection ...
227  | 1 plugin found:
228 
229 [+] Name: wp-super-cache
230  |  Latest version: 1.6.3 
231  |  Location: http://192.168.64.138/wp-content/plugins/wp-super-cache/
232 
233 [!] We could not determine a version so all vulnerabilities are printed out
234 
235 [!] Title: WP-Super-Cache 1.3 - Remote Code Execution
236     Reference: https://wpvulndb.com/vulnerabilities/6623
237     Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
238     Reference: http://wordpress.org/support/topic/pwn3d
239     Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
240 [i] Fixed in: 1.3.1
241 
242 [!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
243     Reference: https://wpvulndb.com/vulnerabilities/6624
244     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
245 [i] Fixed in: 1.3.1
246 
247 [!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
248     Reference: https://wpvulndb.com/vulnerabilities/6625
249     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
250 [i] Fixed in: 1.3.1
251 
252 [!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
253     Reference: https://wpvulndb.com/vulnerabilities/6626
254     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
255 [i] Fixed in: 1.3.1
256 
257 [!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
258     Reference: https://wpvulndb.com/vulnerabilities/6627
259     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
260 [i] Fixed in: 1.3.1
261 
262 [!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
263     Reference: https://wpvulndb.com/vulnerabilities/6628
264     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
265 [i] Fixed in: 1.3.1
266 
267 [!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
268     Reference: https://wpvulndb.com/vulnerabilities/6629
269     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
270 [i] Fixed in: 1.3.1
271 
272 [!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)
273     Reference: https://wpvulndb.com/vulnerabilities/7889
274     Reference: http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
275 [i] Fixed in: 1.4.3
276 
277 [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
278     Reference: https://wpvulndb.com/vulnerabilities/8197
279     Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/
280 [i] Fixed in: 1.4.5
281 
282 [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection
283     Reference: https://wpvulndb.com/vulnerabilities/8198
284     Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/
285 [i] Fixed in: 1.4.5
286 
287 [+] Enumerating usernames ...
288 [+] Identified the following 1 user/s:
289     +----+-------+-----------------+
290     | Id | Login | Name            |
291     +----+-------+-----------------+
292     | 1  | admin | admin – TurnKey |
293     +----+-------+-----------------+
294 [!] Default first WordPress username 'admin' is still used
295 
296 [+] Finished: Fri Aug 17 23:30:17 2018
297 [+] Requests Done: 64
298 [+] Memory used: 52.52 MB
299 [+] Elapsed time: 00:00:04

wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt

命令详解: -e枚举方式 u 用户ID1-ID10  --wordlist使用指定字典进行密码爆破 /root/wordlist.txt 字典路径及字典文件  wordlist.txt字典文件需自己准备或使用kali自带字典

  1 root@kali:~# wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt
  2 _______________________________________________________________
  3         __          _______   _____                  
  4         \ \        / /  __ \ / ____|                 
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __  
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9 
 10         WordPress Security Scanner by the WPScan Team 
 11                        Version 2.9.1
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15 
 16 [+] URL: http://192.168.64.138/
 17 [+] Started: Fri Aug 17 23:37:59 2018
 18 
 19 [!] The WordPress 'http://192.168.64.138/readme.html' file exists exposing a version number
 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/"
 21 [+] Interesting header: SERVER: Apache
 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php
 23 
 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20)
 25 [!] 25 vulnerabilities identified from the version number
 26 
 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
 28     Reference: https://wpvulndb.com/vulnerabilities/8807
 29     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 30     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
 31     Reference: https://core.trac.wordpress.org/ticket/25239
 32     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
 33 
 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
 35     Reference: https://wpvulndb.com/vulnerabilities/8815
 36     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 37     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 38     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
 39 [i] Fixed in: 4.7.5
 40 
 41 [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
 42     Reference: https://wpvulndb.com/vulnerabilities/8816
 43     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 44     Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
 45     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
 46 [i] Fixed in: 4.7.5
 47 
 48 [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks 
 49     Reference: https://wpvulndb.com/vulnerabilities/8817
 50     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 51     Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
 52     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
 53 [i] Fixed in: 4.7.5
 54 
 55 [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
 56     Reference: https://wpvulndb.com/vulnerabilities/8818
 57     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 58     Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
 59     Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
 60     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
 61 [i] Fixed in: 4.7.5
 62 
 63 [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
 64     Reference: https://wpvulndb.com/vulnerabilities/8819
 65     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 66     Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
 67     Reference: https://hackerone.com/reports/203515
 68     Reference: https://hackerone.com/reports/203515
 69     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
 70 [i] Fixed in: 4.7.5
 71 
 72 [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
 73     Reference: https://wpvulndb.com/vulnerabilities/8820
 74     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 75     Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
 76     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
 77 [i] Fixed in: 4.7.5
 78 
 79 [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
 80     Reference: https://wpvulndb.com/vulnerabilities/8905
 81     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 82     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
 83     Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
 84 [i] Fixed in: 4.7.6
 85 
 86 [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
 87     Reference: https://wpvulndb.com/vulnerabilities/8906
 88     Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
 89     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 90     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
 91     Reference: https://wpvulndb.com/vulnerabilities/8905
 92 [i] Fixed in: 4.7.5
 93 
 94 [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
 95     Reference: https://wpvulndb.com/vulnerabilities/8910
 96     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
 97     Reference: https://core.trac.wordpress.org/changeset/41398
 98     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
 99 [i] Fixed in: 4.7.6
100 
101 [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
102     Reference: https://wpvulndb.com/vulnerabilities/8911
103     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
104     Reference: https://core.trac.wordpress.org/changeset/41457
105     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
106 [i] Fixed in: 4.7.6
107 
108 [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer 
109     Reference: https://wpvulndb.com/vulnerabilities/8912
110     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
111     Reference: https://core.trac.wordpress.org/changeset/41397
112     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
113 [i] Fixed in: 4.7.6
114 
115 [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
116     Reference: https://wpvulndb.com/vulnerabilities/8913
117     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
118     Reference: https://core.trac.wordpress.org/changeset/41448
119     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
120 [i] Fixed in: 4.7.6
121 
122 [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
123     Reference: https://wpvulndb.com/vulnerabilities/8914
124     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
125     Reference: https://core.trac.wordpress.org/changeset/41395
126     Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
127     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
128 [i] Fixed in: 4.7.6
129 
130 [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
131     Reference: https://wpvulndb.com/vulnerabilities/8941
132     Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
133     Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
134     Reference: https://twitter.com/ircmaxell/status/923662170092638208
135     Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
136     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
137 [i] Fixed in: 4.7.7
138 
139 [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
140     Reference: https://wpvulndb.com/vulnerabilities/8966
141     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
142     Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
143     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
144 [i] Fixed in: 4.7.8
145 
146 [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
147     Reference: https://wpvulndb.com/vulnerabilities/8967
148     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
149     Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
150     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
151 [i] Fixed in: 4.7.8
152 
153 [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
154     Reference: https://wpvulndb.com/vulnerabilities/8968
155     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
156     Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
157     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
158 [i] Fixed in: 4.7.8
159 
160 [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
161     Reference: https://wpvulndb.com/vulnerabilities/8969
162     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
163     Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
164     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
165 [i] Fixed in: 4.7.8
166 
167 [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
168     Reference: https://wpvulndb.com/vulnerabilities/9006
169     Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
170     Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
171     Reference: https://core.trac.wordpress.org/ticket/42720
172     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
173 [i] Fixed in: 4.7.9
174 
175 [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
176     Reference: https://wpvulndb.com/vulnerabilities/9021
177     Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
178     Reference: https://github.com/quitten/doser.py
179     Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
180     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
181 
182 [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
183     Reference: https://wpvulndb.com/vulnerabilities/9053
184     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
185     Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
186     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
187 [i] Fixed in: 4.7.10
188 
189 [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
190     Reference: https://wpvulndb.com/vulnerabilities/9054
191     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
192     Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
193     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
194 [i] Fixed in: 4.7.10
195 
196 [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
197     Reference: https://wpvulndb.com/vulnerabilities/9055
198     Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
199     Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
200     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
201 [i] Fixed in: 4.7.10
202 
203 [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
204     Reference: https://wpvulndb.com/vulnerabilities/9100
205     Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
206     Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
207     Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
208     Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
209     Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
210     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
211 [i] Fixed in: 4.7.11
212 
213 [+] WordPress theme in use: twentyseventeen - v1.2
214 
215 [+] Name: twentyseventeen - v1.2
216  |  Location: http://192.168.64.138/wp-content/themes/twentyseventeen/
217  |  Readme: http://192.168.64.138/wp-content/themes/twentyseventeen/README.txt
218 [!] The version is out of date, the latest version is 1.7
219  |  Style URL: http://192.168.64.138/wp-content/themes/twentyseventeen/style.css
220  |  Theme Name: Twenty Seventeen
221  |  Theme URI: https://wordpress.org/themes/twentyseventeen/
222  |  Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a...
223  |  Author: the WordPress team
224  |  Author URI: https://wordpress.org/
225 
226 [+] Enumerating plugins from passive detection ...
227  | 1 plugin found:
228 
229 [+] Name: wp-super-cache
230  |  Latest version: 1.6.3 
231  |  Location: http://192.168.64.138/wp-content/plugins/wp-super-cache/
232 
233 [!] We could not determine a version so all vulnerabilities are printed out
234 
235 [!] Title: WP-Super-Cache 1.3 - Remote Code Execution
236     Reference: https://wpvulndb.com/vulnerabilities/6623
237     Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
238     Reference: http://wordpress.org/support/topic/pwn3d
239     Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
240 [i] Fixed in: 1.3.1
241 
242 [!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
243     Reference: https://wpvulndb.com/vulnerabilities/6624
244     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
245 [i] Fixed in: 1.3.1
246 
247 [!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
248     Reference: https://wpvulndb.com/vulnerabilities/6625
249     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
250 [i] Fixed in: 1.3.1
251 
252 [!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
253     Reference: https://wpvulndb.com/vulnerabilities/6626
254     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
255 [i] Fixed in: 1.3.1
256 
257 [!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
258     Reference: https://wpvulndb.com/vulnerabilities/6627
259     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
260 [i] Fixed in: 1.3.1
261 
262 [!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
263     Reference: https://wpvulndb.com/vulnerabilities/6628
264     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
265 [i] Fixed in: 1.3.1
266 
267 [!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
268     Reference: https://wpvulndb.com/vulnerabilities/6629
269     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
270 [i] Fixed in: 1.3.1
271 
272 [!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)
273     Reference: https://wpvulndb.com/vulnerabilities/7889
274     Reference: http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
275 [i] Fixed in: 1.4.3
276 
277 [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
278     Reference: https://wpvulndb.com/vulnerabilities/8197
279     Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/
280 [i] Fixed in: 1.4.5
281 
282 [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection
283     Reference: https://wpvulndb.com/vulnerabilities/8198
284     Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/
285 [i] Fixed in: 1.4.5
286 
287 [+] Enumerating usernames ...
288 [+] Identified the following 1 user/s:
289     +----+-------+-----------------+
290     | Id | Login | Name            |
291     +----+-------+-----------------+
292     | 1  | admin | admin – TurnKey |
293     +----+-------+-----------------+
294 [!] Default first WordPress username 'admin' is still used
295 [+] Starting the password brute forcer
296   [+] [SUCCESS] Login : admin Password : Root********                       
297 
298   Brute Forcing 'admin' Time: 00:00:00 <=====    > (2 / 3) 66.66%  ETA: 00:00:00
299   +----+-------+-----------------+------------------+
300   | Id | Login | Name            | Password         |
301   +----+-------+-----------------+------------------+
302   | 1  | admin | admin – TurnKey | Root*********    |
303   +----+-------+-----------------+------------------+
304 
305 [+] Finished: Fri Aug 17 23:38:06 2018
306 [+] Requests Done: 72
307 [+] Memory used: 53.016 MB
308 [+] Elapsed time: 00:00:06

常用命令

wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt -t 50

-t 指定50个线程数

猜你喜欢

转载自www.cnblogs.com/WangYiqiang/p/9490869.html
今日推荐
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
周排行
计算机组成与设计(七)—— 除法器
Integer Approximation(分治+枚举)
大话数据库索引
windows10系统JDK的配置及下载地址
mysql实现秒值转换中原六仔平台搭建
Codeforces Round #556 (Div. 1)
百练1064 网线主管
Codeforces 995F Cowmpany Cowmpensation
子集生成之增量构造法,位向量法,二进制法
ERROR: cmd.exe failed with args /c "/APK\gradle\rungradle.bat...
每日归档
更多
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022