wordpress怎么安装 3.3.2中怎么完...

www.51yue.net    2012-05-24    标签:wordpress教程
您好!欢迎光临赵容部落O(∩_∩)O~
包含标签 wordpress3.2发布 的文章
所属栏目:
北京时间7月5日早晨,陆续从各论坛看到wordpress3.2发布的消息。
【最新更新】在我发表1小时后,官方发布了最新的CN升级包,赵容已正式升级,目前无不兼容现象,具体差异,赵容将随后专门撰写博文。
赵容登录博客后台,目前只有US版本,当然您使用US版本升级一般不会有什么大问题,但是,我依然建议...wordpress 3.3.2发布(安全版本更新)
发表于 日 12:40 | Hits: 1682
今天(号)一登录WORDPRESS后台,就提示有新版本,到官网一看,WordPress 3.3.2发布了,这是一个安全版本的更新,这次更新涉及到之前的所有版本。立马ssh到vps备份网页文件及本博数据库,然后就在线进行了更新了,也就是说本博客wordpress程序已经是最新的了,呵呵。。。
WordPress 3.3.2的安全更新主要涉及到WordPress多媒体上传功能:Plupload,SWFUpload和SWFObject。
漏洞由 Neal Poole、 Partlan和Szymon Gruszecki三人披露。 WordPress的3.3.2还解决了WordPress核心安全团队确定的其他问题。
另外,WordPress 3.3.2也解决了其他几个问题:
1,网站管理员可以停用网络范围内的插件时,在特定情况下运行,是一个WordPress网络特权升级。
2,点击网址时的跨站点脚本漏洞。
3,当在旧版本的浏览器中进行评论和过滤网址后重定向跨站点脚本漏洞。
下载地址:
您可能也喜欢:
 >> 转载请注明来源:>>
 >> 本文链接地址:
 >> 订阅本站:
本作品采用进行许可。
评价列表(0)3.2.1 获取WordPress应用程序
3.2.2 ***WordPress Turnkey Linux
3.2.3 攻击WordPress应用程序
wpscan [选项] [测试]
--update:更新到最新版本。
--url|-u &target url&:指定扫描WordPress的URL(统一资源定位符)或域名。
--force |-f:如果远程站点正运行WordPress,强制WPScan不检查。
--enumerate |-e [option(s)]:计算。该参数可用的选项有u、u[10-20]、p、vp、ap、tt、t、vt和at。其中u表示用户名从id1到10;u[10-20]表示用户名从id10到20([]中的字符必须写);p表示插件程序;vp表示仅漏洞插件程序;ap表示所有插件程序(可能需要一段时间);tt表示timthumbs;t表示主题;vt表示仅漏洞主题;at表示所有主题(可能需要一段时间)。
root@localhost:~# wpscan -h
_______________________________________________________________
__ \ / ____|
/ /| |__) | (___
\ / __|/ _` | '_ \
____) | (__| (_| | | | |
|_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.2
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
_______________________________________________________________
Some values are settable in conf/browser.conf.json :
user-agent, proxy, proxy-auth, threads, cache timeout and request timeout
m conf/browser.conf.json).
--basic-auth &username:password&
Set the HTTP Basic authentication
--wordlist | -w &wordlist&
Supply a wordlist for the password bruter and do the brute.
| -t &number of threads&
The number of threads to use when multi-threading
requests. (will override the value from conf/browser. conf.json)
--username | -U &username&
Only brute force the supplied username.
| -h This help screen.
| -v Verbose output.
Examples :
-Further help ...
ruby ./wpscan.rb --help
-Do 'non-intrusive' checks ...
ruby ./wpscan.rb --url
-Do wordlist password brute force on enumerated users using 50 threads ...
ruby ./wpscan.rb --url
--wordlist darkc0de.lst --threads 50
-Do wordlist password brute force on the 'admin' username only ...
ruby ./wpscan.rb --url
--wordlist darkc0de.lst --username admin
root@localhost:~# wpscan -u 192.168.41.130
_______________________________________________________________
__ \ / ____|
/ /| |__) | (___
\/ /| ___/
\___ \ / __|/ _` | '_ \
____) | (__| (_| | | | |
|_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.2
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
_______________________________________________________________
| URL: http://192.168.41.130/
| Started: Thu Apr 17 13:49:37 2014
[!] The WordPress 'http://192.168.41.130/readme.html' file exists
[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
[+] Interesting header: X-POWERED-BY: PHP/5.4.4-14+deb7u8
[+] XML-RPC Interface available under: http://192.168.41.130/xmlrpc.php
[+] WordPress version 3.6.1 identified from meta generator
[+] WordPress theme in use: twentythirteen v1.0
| Name: twentythirteen v1.0
| Location: http://192.168.41.130/wp-content/themes/twentythirteen/
[+] Enumerating plugins from passive detection ...
No plugins found
[+] Finished: Thu Apr 17 13:49:41 2014
[+] Memory used: 2.414 MB
[+] Elapsed time: 00:00:03
root@localhost:~# wpscan -u 192.168.41.130 -e u vp
_______________________________________________________________
__ \ / ____|
/ /| |__) | (___
___/ \___ \ / __|/ _` | '_ \
____) | (__| (_| | | | |
|_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.2
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
_______________________________________________________________
| URL: http://192.168.41.130/
| Started: Thu Apr 17 13:50:49 2014
[!] The WordPress 'http://192.168.41.130/readme.html' file exists
[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
[+] Interesting header: X-POWERED-BY: PHP/5.4.4-14+deb7u8
[+] XML-RPC Interface available under: http://192.168.41.130/xmlrpc.php
[+] WordPress version 3.6.1 identified from meta generator
[+] WordPress theme in use: twentythirteen v1.0
| Name: twentythirteen v1.0
| Location: http://192.168.41.130/wp-content/themes/twentythirteen/
[+] Enumerating plugins from passive detection ...
No plugins found
[+] Enumerating usernames ...
[+] We found the following 1 user/s:
+----+-------+-------+
| Id | Login | Name
+----+-------+-------+
| admin | admin |
+----+-------+-------+
[+] Finished: Thu Apr 17 13:50:54 2014
[+] Memory used: 2.379 MB
[+] Elapsed time: 00:00:04
root@localhost:~# wpscan -u 192.168.41.130 -e u --wordlist /root/ wordlist.txt
_______________________________________________________________
__ \ / ____|
/ /| |__) | (___
___/ \___ \ / __|/ _` | '_ \
____) | (__| (_| | | | |
|_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.2
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
_______________________________________________________________
| URL: http://192.168.41.130/
| Started: Thu Apr 17 13:54:51 2014
[!] The WordPress 'http://192.168.41.130/readme.html' file exists
[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
[+] Interesting header: X-POWERED-BY: PHP/5.4.4-14+deb7u8
[+] XML-RPC Interface available under: http://192.168.41.130/xmlrpc.php
[+] WordPress version 3.6.1 identified from meta generator
[+] WordPress theme in use: twentythirteen v1.0
| Name: twentythirteen v1.0
| Location: http://192.168.41.130/wp-content/themes/twentythirteen/
[+] Enumerating plugins from passive detection ...
No plugins found
[+] Enumerating usernames ...
[+] We found the following 1 user/s:
+----+-------+-------+
| Id | Login | Name
+----+-------+-------+
| admin | admin |
+----+-------+-------+
[+] Starting the password brute forcer
Brute Forcing 'admin' Time: 00:00:00 &
& (59 / 20575)
ETA: 00:00:00
[SUCCESS] Login : admin Password : 123456
+----+-------+-------+----------+
| Id | Login | Name
| Password |
+----+-------+-------+----------+
| admin | admin | 123456
+----+-------+-------+----------+
[+] Finished: Thu Apr 17 13:54:56 2014
[+] Memory used: 2.508 MB
[+] Elapsed time: 00:00:05
阅读(...) 评论() &

参考资料

 

随机推荐