WPScan扫描Wordpress漏洞

一、什么是Wpscan?什么是Wordpres?

1.Wpscan

WPScan是一个扫描WordPress漏洞的黑盒子扫描器,可以扫描出wordpress的版本,主题,插件,后台用户以及爆破后台用户密码等。

2.Wordpress

WordPress是一种使用PHP语言和MySQL数据库开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设属于自己的网站。也可以把 WordPress当作一个内容管理系统(CMS)来使用。WordPress有许多第三方开发的免费模板,安装方式简单易用。

二、Wordpress系统的搭建

1.下载Wordpress

TURNKEYLINUX是linux一站式软件站,在浏览器地址栏输入 https://www.turnkeylinux.org/   访问官网下载Wordpress

2.Wordpress的安装配置

详细安装配置教程

https://www.cnblogs.com/WangYiqiang/p/9560325.html

注意:在虚拟机中安装Wordpress前需配置好虚拟机网络等设置

Wordpress配置好后如图所示

该界面显示了Wordpress应用服务的详细信息,如Web地址,Webshell地址,Webmin地址,PHPMyAdmin的地址和端口号以及SSH/SFTP地址和端口号。

出现此界面表明WordPress Turnkey Linux 搭建完成,可以使用。

三、使用Wpscsn对WordPress进行漏洞扫描

1.利用 “wpscan -h”命令,可查看Wpscan的版本,常用选项,功能介绍,例程等;

  1 [email protected]:~# wpscan -h
  2 _______________________________________________________________
  3         __          _______   _____
  4         \ \        / /  __ \ / ____|
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | ‘_ \
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9
 10         WordPress Security Scanner by the WPScan Team
 11                        Version 2.9.1                   //Wpscan版本信息
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15
 16 Help :
 17
 18 Some values are settable in a config file, see the example.conf.json
 19
 20 --update                            Update the database to the latest version.    #更新命令  命令“[email protected]:~# wpscan --update”
 21 --url       | -u <target url>       The WordPress URL/domain to scan.    #指定URL/域进行扫描  命令“[email protected]:~# wpscan --url 地址”或“[email protected]:~# wpscan -u 地址”
 22 --force     | -f                    Forces WPScan to not check if the remote site is running WordPress.    #强制Wpscan不检查远程正在运行WordPress的主机  
 23 --enumerate | -  24   option :
 25     u        usernames from id 1 to 10 #默认用户1-用户10
 26     u[10-20] usernames from id 10 to 20 (you must write [] chars)#默认用户10-20([]中字符必须写)
 27     p        plugins
#插件程序
 28     vp       only vulnerable plugins
#仅漏洞插件程序

29     ap       all plugins (can take a long time)
#所有插件程序(耗时比较长)

30     tt       timthumbs

#小号 31     t        themes#主题 32     vt       only vulnerable themes

#仅漏洞主题 33     at       all themes (can take a long time)

#所有主题 34   Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugi

#多值参数
 35   If no option is supplied, the default is "vt,tt,u,vp"
无参默认
 37 --exclude-content-based "<regexp or string>"
 38                                     Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.
 39                                     You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).
 40 --config-file  | -c <config file>   Use the specified config file, see the example.conf.json.配置文佳
 41 --user-agent   | -a <User-Agent>    Use the specified User-Agent.指定用户代理
 42 --cookie <String>                   String to read cookies from.cookie字符串读取
 43 --random-agent | -r                 Use a random User-Agent.代理
 44 --follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not跟踪重定向目标网址
 45 --batch                             Never ask for user input, use the default behaviour.不请求用户输入使用默认
 46 --no-color                          Do not use colors in the output.不在输出中使用颜色
 47 --wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.
 48                                     Subdirectories are allowed.
WPScan尝试通过扫描索引页面来查找内容目录(即wp-content),但是您可以指定它。允许使用子目录。 49 --wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.
 50                                     If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
ame比--wp-content-dir但是对于plugins目录。 如果没有提供,WPScan将使用wp-content-dir / plugins。 允许子目录 51 --proxy <[protocol://]host:port>    Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.
 52                                     If no protocol is given (format host:port), HTTP will be used. 53 --proxy-auth <username:password>    Supply the proxy login credentials.
提供代理登陆凭证 54 --basic-auth <username:password>    Set the HTTP Basic authentication.

设置HTTP基本认证
 55 --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.为暴力密码破解指定密码字典
 56 --username | -U <username>          Only brute force the supplied username.指定暴力破解用户
 57 --usernames     <path-to-file>      Only brute force the usernames from the file.
仅从密码字典中暴力破解用户名 58 --threads  | -t <number of threads> The number of threads to use when multi-threading requests.多线程指定线程数  59 --cache-ttl       <cache-ttl>       Typhoeus cache TTL.
 60 --request-timeout <request-timeout> Request Timeout.
请求时间间隔 61 --connect-timeout <connect-timeout> Connect Timeout.
连接时间间隔 62 --max-threads     <max-threads>     Maximum Threads.
最大线程数  63 --throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.在执行另一个Web请求之前等待的毫秒数。 如果使用,则--threads应设置为1。
 64 --help     | -h                     This help screen.
 65 --verbose  | -v                     Verbose output.
 66 --version                           Output the current version and exit.
 67
 68
 69 Examples :
 70 帮助
 71 -Further help ...
 72 ruby ./wpscan.rb --help 73 做“非侵入性”检查
 74 -Do ‘non-intrusive‘ checks ...
 75 ruby ./wpscan.rb --url www.example.com 76 使用50个线程对枚举的用户做单词列表密码蛮力…
 77 -Do wordlist password brute force on enumerated users using 50 threads ...
 78 ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50 79 做单词表密码蛮力上的“管理员”用户名只…
 80 -Do wordlist password brute force on the ‘admin‘ username only ...
 81 ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin 82 枚举安装的插件…
 83 -Enumerate installed plugins ...
 84 ruby ./wpscan.rb --url www.example.com --enumerate p 85 枚举安装的主题
 86 -Enumerate installed themes ...
 87 ruby ./wpscan.rb --url www.example.com --enumerate t 88 枚举用户
 89 -Enumerate users ...
 90 ruby ./wpscan.rb --url www.example.com --enumerate u 91 枚举安装的TimTrBBS
 92 -Enumerate installed timthumbs ...
 93 ruby ./wpscan.rb --url www.example.com --enumerate tt 94 使用HTTP代理
 95 -Use a HTTP proxy ...
 96 ruby ./wpscan.rb --url www.example.com --proxy 127.0.0.1:8118 97 使用SoCKS5代理
 98 -Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)
 99 ruby ./wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000100 使用自定义内容目录
101 -Use custom content directory ...
102 ruby ./wpscan.rb -u www.example.com --wp-content-dir custom-content103 使用自定义插件目录
104 -Use custom plugins directory ...
105 ruby ./wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins
106 更新数据库
107 -Update the DB ...
108 ruby ./wpscan.rb --update
109 调试输出
110 -Debug output ...
111 ruby ./wpscan.rb --url www.example.com --debug-output 2>debug.log
112
113 See README for further information.

 2.对配置好的靶机进行扫描

wpscan -u 192.168.64.138 /wpscan --url 192.168.64.138命令详解:对目标地址进行扫描
  1 [email protected]:~# wpscan -u 192.168.64.138
  2 _______________________________________________________________
  3         __          _______   _____
  4         \ \        / /  __ \ / ____|
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | ‘_ \
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9
 10         WordPress Security Scanner by the WPScan Team
 11                        Version 2.9.1
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15
 16 [+] URL: http://192.168.64.138/
 17 [+] Started: Fri Aug 17 23:20:05 2018
 18
 19 [!] The WordPress ‘http://192.168.64.138/readme.html‘ file exists exposing a version number
 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/"
 21 [+] Interesting header: SERVER: Apache
 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php
 23
 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20)
 25 [!] 25 vulnerabilities identified from the version number
 26
 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
 28     Reference: https://wpvulndb.com/vulnerabilities/8807
 29     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 30     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
 31     Reference: https://core.trac.wordpress.org/ticket/25239
 32     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
 33
 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
 35     Reference: https://wpvulndb.com/vulnerabilities/8815
 36     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 37     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 38     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
 39 [i] Fixed in: 4.7.5
 40
 41 [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
 42     Reference: https://wpvulndb.com/vulnerabilities/8816
 43     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 44     Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
 45     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
 46 [i] Fixed in: 4.7.5
 47 对具有漏洞的脚本进行扫描····
286
287 [+] Finished: Fri Aug 17 23:20:10 2018
288 [+] Requests Done: 50
289 [+] Memory used: 50.062 MB   使用内存
290 [+] Elapsed time: 00:00:04   耗时
3.通过漏洞插件扫描用户wpscan -u 192.168.64.138 -e u vp命令详解 -e使用枚举方式  u 扫描ID1-ID10   vp扫描漏洞插件
  1 [email protected]:~# wpscan -u 192.168.64.138 -e u vp
  2 _______________________________________________________________
  3         __          _______   _____
  4         \ \        / /  __ \ / ____|
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | ‘_ \
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9
 10         WordPress Security Scanner by the WPScan Team
 11                        Version 2.9.1
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15
 16 [+] URL: http://192.168.64.138/
 17 [+] Started: Fri Aug 17 23:30:12 2018
 18
 19 [!] The WordPress ‘http://192.168.64.138/readme.html‘ file exists exposing a version number
 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/"
 21 [+] Interesting header: SERVER: Apache
 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php
 23
 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20)
 25 [!] 25 vulnerabilities identified from the version number
 26
 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
 28     Reference: https://wpvulndb.com/vulnerabilities/8807
 29     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 30     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
 31     Reference: https://core.trac.wordpress.org/ticket/25239
 32     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
 33
 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
 35     Reference: https://wpvulndb.com/vulnerabilities/8815
 36     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 37     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 38     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
 39 [i] Fixed in: 4.7.5
 40
 41 [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
 42     Reference: https://wpvulndb.com/vulnerabilities/8816
 43     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 44     Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
 45     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
 46 [i] Fixed in: 4.7.5
 47 

286
287 [+] Enumerating usernames ...
288 [+] Identified the following 1 user/s:
289     +----+-------+-----------------+
290     | Id | Login | Name            |
291     +----+-------+-----------------+
292     | 1  | admin | admin – TurnKey |
293     +----+-------+-----------------+
294 [!] Default first WordPress username ‘admin‘ is still used
295
296 [+] Finished: Fri Aug 17 23:30:17 2018
297 [+] Requests Done: 64
298 [+] Memory used: 52.52 MB
299 [+] Elapsed time: 00:00:04

3.使用密码字典对用户进行爆破

wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt

命令详解: -e枚举方式 u 用户ID1-ID10  --wordlist使用指定字典进行密码爆破 /root/wordlist.txt 字典路径及字典文件  wordlist.txt字典文件需自己准备或使用kali自带字典

  1 [email protected]:~# wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt
  2 _______________________________________________________________
  3         __          _______   _____
  4         \ \        / /  __ \ / ____|
  5          \ \  /\  / /| |__) | (___   ___  __ _ _ __
  6           \ \/  \/ / |  ___/ \___ \ / __|/ _` | ‘_ \
  7            \  /\  /  | |     ____) | (__| (_| | | | |
  8             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9
 10         WordPress Security Scanner by the WPScan Team
 11                        Version 2.9.1
 12           Sponsored by Sucuri - https://sucuri.net
 13    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 14 _______________________________________________________________
 15
 16 [+] URL: http://192.168.64.138/
 17 [+] Started: Fri Aug 17 23:37:59 2018
 18
 19 [!] The WordPress ‘http://192.168.64.138/readme.html‘ file exists exposing a version number
 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/"
 21 [+] Interesting header: SERVER: Apache
 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php
 23
 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20)
 25 [!] 25 vulnerabilities identified from the version number
 26
 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
 28     Reference: https://wpvulndb.com/vulnerabilities/8807
 29     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 30     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
 31     Reference: https://core.trac.wordpress.org/ticket/25239
 32     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
 33
 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
 35     Reference: https://wpvulndb.com/vulnerabilities/8815
 36     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 37     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 38     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
 39 [i] Fixed in: 4.7.5
282 [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection
283     Reference: https://wpvulndb.com/vulnerabilities/8198
284     Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/
285 [i] Fixed in: 1.4.5
286
287 [+] Enumerating usernames ...
288 [+] Identified the following 1 user/s:
289     +----+-------+-----------------+
290     | Id | Login | Name            |
291     +----+-------+-----------------+
292     | 1  | admin | admin – TurnKey |
293     +----+-------+-----------------+
294 [!] Default first WordPress username ‘admin‘ is still used
295 [+] Starting the password brute forcer
296   [+] [SUCCESS] Login : admin Password : Root********
297
298   Brute Forcing ‘admin‘ Time: 00:00:00 <=====    > (2 / 3) 66.66%  ETA: 00:00:00
299   +----+-------+-----------------+------------------+
300   | Id | Login | Name            | Password         |
301   +----+-------+-----------------+------------------+
302   | 1  | admin | admin – TurnKey | Root*********    |
303   +----+-------+-----------------+------------------+
304
305 [+] Finished: Fri Aug 17 23:38:06 2018
306 [+] Requests Done: 72
307 [+] Memory used: 53.016 MB
308 [+] Elapsed time: 00:00:06

4.其他常用命令

wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt -t 50

-e枚举方式 u 用户ID1-ID10  --wordlist使用指定字典进行密码爆破 /root/wordlist.txt 字典路径及字典文件  wordlist.txt字典文件需自己准备或使用kali自带字典  -t 指定50个线程数

此文为本人学习实践后所写,转载请注明出处

如果喜欢本文请点击【推荐】

原文地址:https://www.cnblogs.com/WangYiqiang/p/9691380.html

时间: 2024-11-14 00:28:57

WPScan扫描Wordpress漏洞的相关文章

WPscan扫描WordPress漏洞的工具使用教程

WPscan扫描WordPress漏洞的工具使用教程 简介 WPscan是一个扫描Wordpress漏洞的工具,普通在Kali/Parrot/Cyborg等常见浸透测试Linux系统中自带,这里念书一下常见的command 常见command 使用之前,先到官方Github下载data.zip放到软件根目录/usr/share/wpscan/下 并解压 wpscan –update //更新漏洞库 (已被墙) wpscan --url http:/testurl/ //扫描一些基本信息 wpsc

使用WPScan扫描wordpress获取用户密码

声明:此文档仅供安全学习和教学用途,禁止非法使用. wordpress的黑盒扫描器:wpscan 实验效果:枚举用户列表.暴力破解用户密码. 实验环境: 靶机:Turnkey Linux(wordpress版) 攻击机:kali linux 2.0 实验步骤: 搭建靶机换机: 1.下载镜像,官网https://www.turnkeylinux.org/  搜索wordpress下载只包含wordpress的turnkey linux 镜像. 2.在虚拟机中安装,步骤和普通系统安装一样,在安装的过

NodeJs的包漏洞扫描与漏洞测试攻击

一个典型的Node应用可能会有几百个,甚至上千个包依赖(大部分的依赖是间接的,即下载一个包,这个包会依赖其他的好多包),所以最终的结果是,应用程序就会像是这个样子的: 和所依赖的包相比,自己写的代码量就显得少的可怜,引入了大量的包成为了应用程序的代码,也就引入了一些不可预知的隐患,比如我们是否知道这些包是否是安全的,如果我们引入的包是安全的,那这些包自己引入的第三方的包也是安全的吗?如果不是,那么这些隐患也会就成了应用程序的小后门,让黑客可以随意进出. 所以我们需要一个工具能够扫描这些包的漏洞,

Linux下使用skipfish扫描网站漏洞步骤

skipfish是谷歌开发的网站安全扫描工具. tar zxvf skipfish-1.78b.tgz mv skipfish-1.78b skipfish cd skipfish make //编译完成,在目录中生成skipfish可执行程序 cp dictionaries/complete.wl skipfish.wl //拷贝其中一个字典,用来扫描 进行扫描: ./skipfish -o output_folder http://www.example.com //其中output_fol

最新WordPress漏洞,黑客可轻松控制您的网站

近日,我们收到了关于WordPress核心中一个未修补漏洞的提示,该漏洞可能允许低特权用户劫持整个网站并在服务器上执行任意代码,这个最新WordPress漏洞,黑客可轻松控制您的网站.由研究人员发现,7个月前向WordPress安全团队报告了"已认证的任意文件删除"漏洞,但仍未修复,并影响到所有版本的WordPress,包括当前的4.9.6.该漏洞存在于用户永久删除上传图像的缩略图时在后台运行的WordPress核心功能之一. 研究人员发现,缩略图删除功能可以接受未经过处理的用户输入,

WEB扫描技术--awvs扫描器扫描web漏洞

[实验目的] 1.了解AWVS--Web漏洞扫描工具 2.学习AWVS的用法 [实验原理] AWVS(Acunetix Web Vulnerability Scanner)简介 WVS(Web Vulnerability Scanner)是一个自动化的Web应用程序安全测试工具,它可以扫描任何可通过Web浏览器访问的和遵循HTTP/HTTPS规则的Web站点和Web应用程序.适用于任何中小型和大型企业的内联网.外延网和面向客户.雇员.厂商和其它人员的Web网站.WVS可以通过检查SQL注入攻击漏

360安全检测出的WordPress漏洞的修复方法

1.跨站脚本攻击(XSS) 这个漏洞注意是因为用户评论可以提交代码,有安全风险.虽然你的WordPress以及是最新版,但是你的WordPress主题却不一定跟着更新!因此,需要稍微修改一下评论相关的php模板文件,如comment-ajax.php.comments-ajax.php. $comment_type = '';//这是原有的,下面的是新增的,不允许提交恶意代码 if ( '' != $comment_content ) { /* $filter 是需要过滤的关键词,关键词之间用分

Burpsuite+sqlmap批量扫描sql漏洞

1.burpsuite设置导出log n'd'k 输入文件名保存 2.sqlmap批量扫描 python sqlmap.py -l 文件名 --batch -smart batch:自动选yes. smart:启发式快速判断,节约时间 中文支持可能存在问题 3.扫描的结果保存在 能注入的在上图csv文件中保存 注入的信息保存在对应的文件夹下的log文件,payload信息如下 来自为知笔记(Wiz)

sqlmap 扫描注入漏洞

1 1.检测是否存在漏洞: 2 sqlmap -u "http://127.0.0.1/sqli-libs/Less-1/?id=1" --dbms mysql --level 3 3 2.获取数据库信息: 4 sqlmap -u "http://127.0.0.1/sqli-libs/Less-1/?id=1" --dbms mysql --level 3 --dbs 5 3.数据库表信息: 6 sqlmap -u "http://127.0.0.1/s