API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 4th, 2016
2,891
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Tera Term 6.38 KB | None | 0 0
raw download clone embed print report
  1. _______________________________________________________________
  2.         __          _______   _____                  
  3.         \ \        / /  __ \ / ____|                
  4.          \ \  /\  / /| |__) | (___   ___  __ _ _ __  
  5.           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
  6.           \  /\  /  | |     ____) | (__| (_| | | | |
  7.            \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  8.  
  9.        WordPress Security Scanner by the WPScan Team
  10.                       Version 2.9
  11.          Sponsored by Sucuri - https://sucuri.net
  12.   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  13. _______________________________________________________________
  14.  
  15. [+] URL: http://www.mossfon.com/
  16. [+] Started: Mon Apr  4 18:50:19 2016
  17.  
  18. [+] robots.txt available under: 'http://www.mossfon.com/robots.txt'
  19. [+] Interesting entry from robots.txt: http://www.mossfon.com/
  20. [+] Interesting entry from robots.txt: http://www.mossfon.com/wp-admin/
  21. [+] Interesting entry from robots.txt: http://www.mossfon.com/downloads/
  22. [!] The WordPress 'http://www.mossfon.com/readme.html' file exists exposing a version number
  23. [+] Interesting header: SERVER: Apache/2.2.15 (Oracle)
  24. [+] Interesting header: X-CDN: Incapsula
  25. [+] Interesting header: X-IINFO: 10-27211852-27211853 NNNN CT(292 -1 0) RT(1459810237306 4) q(0 0 3 -1) r(5 5) U6
  26. [+] Interesting header: X-POWERED-BY: W3 Total Cache/0.9.4.1
  27. [+] XML-RPC Interface available under: http://www.mossfon.com/xmlrpc.php
  28.  
  29. [+] WordPress version 4.2.6 identified from meta generator
  30. [!] 2 vulnerabilities identified from the version number
  31.  
  32. [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  33.    Reference: https://wpvulndb.com/vulnerabilities/8376
  34.    Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  35.    Reference: https://core.trac.wordpress.org/changeset/36435
  36.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  37. [i] Fixed in: 4.2.7
  38.  
  39. [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  40.    Reference: https://wpvulndb.com/vulnerabilities/8377
  41.    Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  42.    Reference: https://core.trac.wordpress.org/changeset/36444
  43.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  44. [i] Fixed in: 4.2.7
  45.  
  46. [+] WordPress theme in use: twentyten
  47.  
  48. [+] Name: twentyten
  49. |  Latest version: 2.1
  50. |  Location: http://www.mossfon.com/wp-content/themes/twentyten/
  51. |  Readme: http://www.mossfon.com/wp-content/themes/twentyten/readme.txt
  52. |  Style URL: http://www.mossfon.com/wp-content/themes/twentyten/style.css
  53. |  Referenced style.css: http://www.mossfon.com/wp-content/themes/twentyten/css/style.css
  54. |  Description:
  55.  
  56. [+] Enumerating plugins from passive detection ...
  57. | 7 plugins found:
  58.  
  59. [+] Name: contact-form-7 - v4.2.2
  60. |  Location: http://www.mossfon.com/wp-content/plugins/contact-form-7/
  61. |  Readme: http://www.mossfon.com/wp-content/plugins/contact-form-7/readme.txt
  62. [!] The version is out of date, the latest version is 4.4.1
  63. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/contact-form-7/
  64.  
  65. [+] Name: front-end-upload - v0.6.1
  66. |  Latest version: 0.6.1 (up to date)
  67. |  Location: http://www.mossfon.com/wp-content/plugins/front-end-upload/
  68. |  Readme: http://www.mossfon.com/wp-content/plugins/front-end-upload/readme.txt
  69.  
  70. [+] Name: qtranslate - v2.5.32
  71. |  Location: http://www.mossfon.com/wp-content/plugins/qtranslate/
  72. |  Readme: http://www.mossfon.com/wp-content/plugins/qtranslate/readme.txt
  73. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/qtranslate/
  74.  
  75. [!] Title: qTranslate 2.5.34 - Setting Manipulation CSRF
  76.    Reference: https://wpvulndb.com/vulnerabilities/6846
  77.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3251
  78.    Reference: https://secunia.com/advisories/53126/
  79.    Reference: http://osvdb.org/show/osvdb/93873
  80.  
  81. [!] Title: qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)
  82.    Reference: https://wpvulndb.com/vulnerabilities/8120
  83.    Reference: http://seclists.org/bugtraq/2015/Jul/139
  84.    Reference: https://www.htbridge.com/advisory/HTB23265
  85.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5535
  86.  
  87. [+] Name: resume-submissions-job-postings - v2.5.3
  88. |  Latest version: 2.5.3 (up to date)
  89. |  Location: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/
  90. |  Readme: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/readme.txt
  91. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/
  92.  
  93. [!] Title: Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload
  94.    Reference: https://wpvulndb.com/vulnerabilities/6160
  95.    Reference: http://packetstormsecurity.com/files/114716/
  96.    Reference: https://secunia.com/advisories/49896/
  97.    Reference: http://osvdb.org/show/osvdb/83807
  98.    Reference: https://www.exploit-db.com/exploits/19791/
  99.  
  100. [+] Name: wp-pagenavi - v2.87
  101. |  Location: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/
  102. |  Readme: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/readme.txt
  103. [!] The version is out of date, the latest version is 2.89.1
  104. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/
  105.  
  106. [+] Name: wp-paginate - v1.3.1
  107. |  Latest version: 1.3.1 (up to date)
  108. |  Location: http://www.mossfon.com/wp-content/plugins/wp-paginate/
  109. |  Readme: http://www.mossfon.com/wp-content/plugins/wp-paginate/readme.txt
  110. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/wp-paginate/
  111.  
  112. [+] Name: w3-total-cache - v0.9.4.1
  113. |  Latest version: 0.9.4.1 (up to date)
  114. |  Location: http://www.mossfon.com/wp-content/plugins/w3-total-cache/
  115. |  Readme: http://www.mossfon.com/wp-content/plugins/w3-total-cache/readme.txt
  116. |  Changelog: http://www.mossfon.com/wp-content/plugins/w3-total-cache/changelog.txt
  117.  
  118. [+] Finished: Mon Apr  4 18:51:23 2016
  119. [+] Requests Done: 64
  120. [+] Memory used: 79.215 MB
  121. [+] Elapsed time: 00:01:04
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!