Linux Format Vulnerable Wordpress

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Linux Format Vulnerable Wordpress

Postby RyanF109 » Sat Apr 13, 2013 4:07 pm

I was very interested in the hacking tutorial in this month's Linux Format, as I run a wordpress site.

I'm having difficulty following the LF wordpress tutorial. I've booted the virtual machine and another virtual 12.04 ubuntu machine

I eventually managed to get wpscan working (no thanks to there being no wpscan on the disk as promised) and now I'm getting a different output than the one it tells me I should get.

____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v2.1rNA

WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

| URL: http://192.168.1.6/
| Started on Sat Apr 13 17:01:19 2013

[!] The WordPress 'http://192.168.1.6/readme.html' file exists
[+] XML-RPC Interface available under http://192.168.1.6/xmlrpc.php
[+] WordPress version 3.0 identified from meta generator

[!] We have identified 3 vulnerabilities from the version number :
|
| * Title: XSS vulnerability in swfupload in WordPress
| * Reference: http://seclists.org/fulldisclosure/2012/Nov/51
|
| * Title: XMLRPC Pingback API Internal/External Port Scanning
| * Reference: https://github.com/FireFart/WordpressPi ... ortScanner
|
| * Title: WordPress XMLRPC pingback additional issues
| * Reference: http://lab.onsec.ru/2013/01/wordpress-x ... ional.html

[+] The WordPress theme in use is twentyten v1.0

| Name: twentyten v1.0
| Location: http://192.168.1.6/wp-content/themes/twentyten/

[+] Enumerating plugins from passive detection ...
No plugins found :(

[+] Enumerating usernames ...

We did not enumerate any usernames :(
Try supplying your own username with the --username option


Help? :-(
RyanF109
 
Posts: 16
Joined: Mon Jan 02, 2012 7:53 pm

Return to Help!

Who is online

Users browsing this forum: Sliphorn and 0 guests