Всем привет! В руки попал интересный сайт на WordPress. Хотелось бы попробовать зайти в админ-панель, я работаю с сайтами на WordPress впервые.
Из доступных инструментов сразу же пришел в голову wpscan. Проанализировав сайт, получил такие результаты.
Я не искал информацию в Google и не углублялся особо, но хотелось бы уточнить, возможно ли что-то сделать с этим? Ниже приложил результаты WPScan. Большое спасибо за ответы!
Код:
Скопировать в буфер обмена
Interesting Finding(s):
[+] Headers
| Interesting Entries:
| - server: nginx
| - x-powered-by: PleskLin
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] robots.txt found: robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: xmlrpc.php
| Found By: Headers (Passive Detection)
| Confidence: 30%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[+] This site seems to be a multisite
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| Reference: http://codex.wordpress.org/Glossary#Multisite
[+] This site has 'Must Use Plugins':
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins
[+] Registration is enabled:
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] WordPress version 6.0.7 identified (Outdated, released on 2024-01-30).
| Found By: Rss Generator (Passive Detection)
| - <generator>https://wordpress.org/?v=6.0.7</generator>
| Confirmed By: Emoji Settings (Passive Detection)
| - Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=6.0.7'
[+] WordPress theme in use: supergeneral
|
| Style Name: SuperMain
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
Plugin(s) Identified:
[+] simple-download-monitor
| Location: wp-content/plugins/simple-download-monitor/
| Latest Version: 3.9.23
| Last Updated: 2024-02-06T02:25:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] sitepress-multilingual-cms
| Location: wp-content/plugins/sitepress-multilingual-cms/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
| Urls In 404 Page (Passive Detection)
| Meta Generator (Passive Detection)
|
| Version: 4.4.7 (70% confidence)
| Found By: Dependencies File (Aggressive Detection)
| -wp-content/plugins/sitepress-multilingual-cms/wpml-dependencies.json, Match: '4.4.7'
[+] theme-my-login____
| Location: wp-content/plugins/theme-my-login____/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] user-access-manager
| Location:
| Last Updated: 2023-09-21T10:17:00.000Z
| [!] The version is out of date, the latest version is 2.2.23
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.2.15 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| -
| Confirmed By:
| Translation File (Aggressive Detection)
| - Match: 'Project-Id-Version: user-access-manager 2.2.15'
| Composer File (Aggressive Detection)
| - Match: '2.2.15'
Location:
| Last Updated: 2024-02-06T08:57:00.000Z
| [!] The version is out of date, the latest version is 22.0
|
| Found By: Comment (Passive Detection)
|
| Version: 18.2 (60% confidence)
| Found By: Comment (Passive Detection)
| - Match: 'optimized with the Yoast SEO plugin v18.2
Из доступных инструментов сразу же пришел в голову wpscan. Проанализировав сайт, получил такие результаты.
Я не искал информацию в Google и не углублялся особо, но хотелось бы уточнить, возможно ли что-то сделать с этим? Ниже приложил результаты WPScan. Большое спасибо за ответы!
Код:
Скопировать в буфер обмена
Interesting Finding(s):
[+] Headers
| Interesting Entries:
| - server: nginx
| - x-powered-by: PleskLin
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] robots.txt found: robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: xmlrpc.php
| Found By: Headers (Passive Detection)
| Confidence: 30%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[+] This site seems to be a multisite
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| Reference: http://codex.wordpress.org/Glossary#Multisite
[+] This site has 'Must Use Plugins':
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins
[+] Registration is enabled:
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] WordPress version 6.0.7 identified (Outdated, released on 2024-01-30).
| Found By: Rss Generator (Passive Detection)
| - <generator>https://wordpress.org/?v=6.0.7</generator>
| Confirmed By: Emoji Settings (Passive Detection)
| - Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=6.0.7'
[+] WordPress theme in use: supergeneral
|
| Style Name: SuperMain
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
Plugin(s) Identified:
[+] simple-download-monitor
| Location: wp-content/plugins/simple-download-monitor/
| Latest Version: 3.9.23
| Last Updated: 2024-02-06T02:25:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] sitepress-multilingual-cms
| Location: wp-content/plugins/sitepress-multilingual-cms/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
| Urls In 404 Page (Passive Detection)
| Meta Generator (Passive Detection)
|
| Version: 4.4.7 (70% confidence)
| Found By: Dependencies File (Aggressive Detection)
| -wp-content/plugins/sitepress-multilingual-cms/wpml-dependencies.json, Match: '4.4.7'
[+] theme-my-login____
| Location: wp-content/plugins/theme-my-login____/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] user-access-manager
| Location:
| Last Updated: 2023-09-21T10:17:00.000Z
| [!] The version is out of date, the latest version is 2.2.23
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.2.15 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| -
| Confirmed By:
| Translation File (Aggressive Detection)
| - Match: 'Project-Id-Version: user-access-manager 2.2.15'
| Composer File (Aggressive Detection)
| - Match: '2.2.15'
Location:
| Last Updated: 2024-02-06T08:57:00.000Z
| [!] The version is out of date, the latest version is 22.0
|
| Found By: Comment (Passive Detection)
|
| Version: 18.2 (60% confidence)
| Found By: Comment (Passive Detection)
| - Match: 'optimized with the Yoast SEO plugin v18.2