Есть нужный сайт,я прогнал его через wpscanи вот что он мне выдал : \ \ /\ / /| |__) | (___ ___ __ _ _ __ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| v2.1 WordPress Security Scanner by the WPScan Team Sponsored by the RandomStorm Open Source Initiative _____________________________________________________ | URL: https://site.com/ | Started on Sun Apr 12 23:33:17 2013 [+] robots.txt available under 'https://site.com/robots.txt' [+] XML-RPC Interface available under https://site.com/xmlrpc.php [+] WordPress version 3.3.2 identified from rss generator [!] We have identified 5 vulnerabilities from the version number : | | * Title: WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3) | * Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues | | * Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities | * Reference: http://www.exploit-db.com/exploits/18791/ | | * Title: WordPress 3.3.2 Cross Site Scripting | * Reference: http://packetstormsecurity.org/files/113254 | | * Title: XMLRPC Pingback API Internal/External Port Scanning | * Reference: https://github.com/FireFart/WordpressPingbackPortScanner | | * Title: WordPress XMLRPC pingback additional issues | * Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html [+] The WordPress theme in use is SealsGray v1.5 | Name: SealsGray v1.5 | Location: https://site.com/wp-content/themes/SealsGray/ | Readme: https://site.com/wp-content/themes/SealsGray/readme.txt [+] Enumerating plugins from passive detection ... 3 plugins found : | Name: advanced-recent-posts-widget v1.1a | Location: https://site.com/wp-content/plugins/advanced-recent-posts-widget/ | Readme: https://site.com/wp-content/plugins/advanced-recent-posts-widget/readme.txt | Name: meteor-slides v1.5 | Location: https://site.com/wp-content/plugins/meteor-slides/ | Readme: https://site.com/wp-content/plugins/meteor-slides/readme.txt | Name: widgets-on-pages v0.0.11 | Location: https://site.com/wp-content/plugins/widgets-on-pages/ | Readme: https://site.com/wp-content/plugins/widgets-on-pages/readme.txt [+] Enumerating usernames ... [+] We found the following 24 user/s : +----+-----------------+-----------------+ | Id | Login | Name | +----+-----------------+-----------------+ | 1 | admin | admin | | 2 | admin2 | admin2 | | 3 | poster54 | poster54 | | 4 | user | user | | 5 | admin3 | admin3 | ............................ | 25 | user2 | user2 | +----+-----------------+-----------------+ [+] Finished at Sun Apr 12 23:33:58 2013 [+] Elapsed time: 00:00:41 Нужна помощь по данных уязвимостям, тк поискав по сети я нашел что : Title: Wordpress 3.3.1 Multiple CSRF Vulnerabilities не особо и работоспособен Заранее спасибо!