邮箱:service@hongdaqianqiu.com
So I am studying for the OSCP (Offensive Security Certified Professional) certification and I’ve been playing around with some of the more obscure items in the Back Track Linux Distribution. One such item is CMS Explorer that enumerates through content management systems plug-ins and themes to look for vulnerabilities in the Drupal, WordPress, Joomla!, Mambo CMS.
The syntax is fairly straightforward and the results are fairly accurate. The cool thing is that it can tie in to the OSVDB database but you need to do two things to make it work properly.
Here are the results for my blog. As you can see this site is fairly light and all the vulnerabilities according to OSVDB are “unknown impact and attack vectors ” or listed as “flagged as being a Myth/Fake”.
Only downside for this enumeration is that it is fairly slow and can take up to an hour or more to run.
root@bt:/pentest/enumeration/web/cms-explorer# ./cms-explorer.pl -url http://eric.ness.net -type wordpress -osvdb*******************************************************Beginning run against http://eric.ness.net/...Testing themes from wp_themes.txt...Theme Installed: wp-content/themes/monochrome/Testing plugins...Plugin Installed: wp-content/plugins/akismet/Plugin Installed: wp-content/plugins/all-in-one-seo-pack/Plugin Installed: wp-content/plugins/codesnippet-20/Plugin Installed: wp-content/plugins/contact-form-7/Plugin Installed: wp-content/plugins/sexybookmarks/Plugin Installed: wp-content/plugins/syntaxhighlighter/Plugin Installed: wp-content/plugins/tweet-blender/Plugin Installed: wp-content/plugins/wp-cache/Plugin Installed: wp-content/plugins/wp-pagenavi/*******************************************************Summary:Theme Installed: wp-content/themes/monochrome/ URL http://eric.ness.net/wp-content/themes/monochrome/ SVN http://themes.svn.wordpress.org/wp-content/themes/monochrome/Plugin Installed: wp-content/plugins/akismet/ URL http://eric.ness.net/wp-content/plugins/akismet/ SVN http://svn.wp-plugins.org/wp-content/plugins/akismet/trunk/ http://osvdb.org/37290 Akismet for WordPress akismet.php Unspecified Issue http://osvdb.org/62683 WordPress wp-content/plugins/akismet/akismet.php add_action() Function Path DisclosurePlugin Installed: wp-content/plugins/all-in-one-seo-pack/ URL http://eric.ness.net/wp-content/plugins/all-in-one-seo-pack/ SVN http://svn.wp-plugins.org/wp-content/plugins/all-in-one-seo-pack/trunk/Plugin Installed: wp-content/plugins/codesnippet-20/ URL http://eric.ness.net/wp-content/plugins/codesnippet-20/ SVN http://svn.wp-plugins.org/wp-content/plugins/codesnippet-20/trunk/Plugin Installed: wp-content/plugins/contact-form-7/ URL http://eric.ness.net/wp-content/plugins/contact-form-7/ SVN http://svn.wp-plugins.org/wp-content/plugins/contact-form-7/trunk/Plugin Installed: wp-content/plugins/sexybookmarks/ URL http://eric.ness.net/wp-content/plugins/sexybookmarks/ SVN http://svn.wp-plugins.org/wp-content/plugins/sexybookmarks/trunk/Plugin Installed: wp-content/plugins/syntaxhighlighter/ URL http://eric.ness.net/wp-content/plugins/syntaxhighlighter/ SVN http://svn.wp-plugins.org/wp-content/plugins/syntaxhighlighter/trunk/Plugin Installed: wp-content/plugins/tweet-blender/ URL http://eric.ness.net/wp-content/plugins/tweet-blender/ SVN http://svn.wp-plugins.org/wp-content/plugins/tweet-blender/trunk/Plugin Installed: wp-content/plugins/wp-cache/ URL http://eric.ness.net/wp-content/plugins/wp-cache/ SVN http://svn.wp-plugins.org/wp-content/plugins/wp-cache/trunk/ http://osvdb.org/56762 WP Super Cache for WordPress wp-cache-phase1.php plugin Parameter Remote File InclusionPlugin Installed: wp-content/plugins/wp-pagenavi/ URL http://eric.ness.net/wp-content/plugins/wp-pagenavi/ SVN http://svn.wp-plugins.org/wp-content/plugins/wp-pagenavi/trunk/
Copyright © hongdaChiaki. All Rights Reserved. 鸿大千秋 版权所有
联系方式:
地址: 深圳市南山区招商街道沿山社区沿山路43号创业壹号大楼A栋107室
邮箱:service@hongdaqianqiu.com
备案号:粤ICP备15078875号
