04-05-2025, 07:31 AM
Hi,
This is a request for help to understand what else I can do without paying for your time, sorry
I would like to ask you to direct me, to suggest what next steps should be taken to achieve the goal = need a user info database from website
This info i already found:
# site_info:
CMS : WordPress ver.5.2.21
Blogs : WordPress
Database : MySQL
Programming Languages: PHP
JavaScript Graphics : Chart.js
JavaScript frameworks: Vue.js
Web servers: Nginx
Reverse Proxies: Nginx
Analytics: Google Analytics
Live chat : JivoChat
JavaScript Libraries: Selectize : Moment.js : jQuery
Different: Open Graph
# wp creds
wp_admin_username:yes
wp_admin_pwd:no
wp_admin_pwd_brute:tried_top9k_pwds:no_result
# zap:spider:active scan:Result:
High:
SQL Injection (139)
SQL Injection - Oracle - Time Based (8)
SQL Injection - SQLite (165)
Medium:
Absence of Anti-CSRF Tokens (5)
Content Security Policy (CSP) Header Not Set (284)
Missing Anti-clickjacking Header (226)
Vulnerable JS Library (4)
Low:
Cookie No HttpOnly Flag (5)
Cookie without SameSite Attribute (5)
Cross-Domain JavaScript Source File Inclusion (550)
Secure Pages Include Mixed Content
Server Leaks Version Information via "Server" HTTP Response Header Field (624)
Strict-Transport-Security Header Not Set (483)
X-Content-Type-Options Header Missing (325)
# ffuf -w raft-small-files-lowercase.txt
Have a this files:
license.txt
wp-login.php
favicon.ico
readme.html
robots.txt
wp-config.php
sitemap.xml
sitemap.html
wp-cron.php
wp-links-opml.php
sendmail.php
sitemap.xml.gz
wp-load.php
main.js
sitemap1.xml
sitemap2.html
But i don’t see anything interesting inside these files
# finalize target
need a user info database
All sql vuln url have a this 3 param: "count=3&sum=ZAP&term=ZAP"
i tried use sqlmap but my skill is not high and i didn’t get the desired result
Can someone tell me some other steps?
Thank you very much for your time!
This is a request for help to understand what else I can do without paying for your time, sorry
I would like to ask you to direct me, to suggest what next steps should be taken to achieve the goal = need a user info database from website
This info i already found:
# site_info:
CMS : WordPress ver.5.2.21
Blogs : WordPress
Database : MySQL
Programming Languages: PHP
JavaScript Graphics : Chart.js
JavaScript frameworks: Vue.js
Web servers: Nginx
Reverse Proxies: Nginx
Analytics: Google Analytics
Live chat : JivoChat
JavaScript Libraries: Selectize : Moment.js : jQuery
Different: Open Graph
# wp creds
wp_admin_username:yes
wp_admin_pwd:no
wp_admin_pwd_brute:tried_top9k_pwds:no_result
# zap:spider:active scan:Result:
High:
SQL Injection (139)
SQL Injection - Oracle - Time Based (8)
SQL Injection - SQLite (165)
Medium:
Absence of Anti-CSRF Tokens (5)
Content Security Policy (CSP) Header Not Set (284)
Missing Anti-clickjacking Header (226)
Vulnerable JS Library (4)
Low:
Cookie No HttpOnly Flag (5)
Cookie without SameSite Attribute (5)
Cross-Domain JavaScript Source File Inclusion (550)
Secure Pages Include Mixed Content
Server Leaks Version Information via "Server" HTTP Response Header Field (624)
Strict-Transport-Security Header Not Set (483)
X-Content-Type-Options Header Missing (325)
# ffuf -w raft-small-files-lowercase.txt
Have a this files:
license.txt
wp-login.php
favicon.ico
readme.html
robots.txt
wp-config.php
sitemap.xml
sitemap.html
wp-cron.php
wp-links-opml.php
sendmail.php
sitemap.xml.gz
wp-load.php
main.js
sitemap1.xml
sitemap2.html
But i don’t see anything interesting inside these files
# finalize target
need a user info database
All sql vuln url have a this 3 param: "count=3&sum=ZAP&term=ZAP"
i tried use sqlmap but my skill is not high and i didn’t get the desired result
Can someone tell me some other steps?
Thank you very much for your time!