Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [+] URL: http://brbadvisors.com/
- [+] Started: Wed Jul 27 08:38:47 2016
- [+] robots.txt available under: 'http://brbadvisors.com/robots.txt'
- [+] Interesting entry from robots.txt: http://brbadvisors.com/wp-admin/admin-ajax.php
- [!] The WordPress 'http://brbadvisors.com/readme.html' file exists exposing a version number
- [+] Interesting header: LINK: <http://brbadvisors.com/wp-json/>; rel="https://api.w.org/", <http://wp.me/P7J0yH-ju>; rel=shortlink
- [+] Interesting header: SERVER: nginx/1.10.1
- [+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
- [+] XML-RPC Interface available under: http://brbadvisors.com/xmlrpc.php
- [!] Upload directory has directory listing enabled: http://brbadvisors.com/wp-content/uploads/
- [!] Includes directory has directory listing enabled: http://brbadvisors.com/wp-includes/
- [+] WordPress version 4.5.3 identified from advanced fingerprinting (Released on 2016-06-21)
- [+] WordPress theme in use: onepress - v1.2.4
- [+] Name: onepress - v1.2.4
- | Latest version: 1.2.4 (up to date)
- | Location: http://brbadvisors.com/wp-content/themes/onepress/
- | Readme: http://brbadvisors.com/wp-content/themes/onepress/readme.txt
- [!] An error_log file has been found: http://brbadvisors.com/wp-content/themes/onepress/error_log
- | Style URL: http://brbadvisors.com/wp-content/themes/onepress/style.css
- | Theme Name: OnePress
- | Theme URI: https://www.famethemes.com/themes/onepress/
- | Description: OnePress is an outstanding creative and flexible WordPress one page theme well suited for busines...
- | Author: FameThemes
- | Author URI: http://www.famethemes.com
- [+] Enumerating plugins from passive detection ...
- | 2 plugins found:
- [+] Name: contact-form-7
- | Latest version: 4.4.2
- | Location: http://brbadvisors.com/wp-content/plugins/contact-form-7/
- [!] Directory listing is enabled: http://brbadvisors.com/wp-content/plugins/contact-form-7/
- [!] We could not determine a version so all vulnerabilities are printed out
- [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
- Reference: https://wpvulndb.com/vulnerabilities/7020
- Reference: http://www.securityfocus.com/bid/66381/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
- [i] Fixed in: 3.7.2
- [!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
- Reference: https://wpvulndb.com/vulnerabilities/7022
- Reference: http://packetstormsecurity.com/files/124154/
- [i] Fixed in: 3.5.3
- [+] Name: jetpack
- | Latest version: 4.1.1
- | Location: http://brbadvisors.com/wp-content/plugins/jetpack/
- | Changelog: http://brbadvisors.com/wp-content/plugins/jetpack/changelog.txt
- [!] Directory listing is enabled: http://brbadvisors.com/wp-content/plugins/jetpack/
- [!] We could not determine a version so all vulnerabilities are printed out
- [!] Title: Jetpack <= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass
- Reference: https://wpvulndb.com/vulnerabilities/7203
- Reference: http://jetpack.me/2014/04/10/jetpack-security-update/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0173
- Reference: https://secunia.com/advisories/57729/
- [i] Fixed in: 2.9.3
- [!] Title: Jetpack 3.0-3.4.2 - Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/7915
- Reference: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
- Reference: https://jetpack.me/2015/04/20/jetpack-3-4-3-coordinated-security-update/
- [i] Fixed in: 3.4.3
- [!] Title: Jetpack <= 3.5.2 - Unauthenticated DOM Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/7964
- Reference: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss-millions-of-wordpress-websites-affected-millions-of-wordpress-websites-affected.html
- [i] Fixed in: 3.5.3
- [!] Title: Jetpack <= 3.7.0 - Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8201
- Reference: https://jetpack.me/2015/09/30/jetpack-3-7-1-and-3-7-2-security-and-maintenance-releases/
- Reference: https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-jetpack.html
- [i] Fixed in: 3.7.1
- [!] Title: Jetpack <= 3.7.0 - Information Disclosure
- Reference: https://wpvulndb.com/vulnerabilities/8202
- Reference: https://jetpack.me/2015/09/30/jetpack-3-7-1-and-3-7-2-security-and-maintenance-releases/
- [i] Fixed in: 3.7.1
- [!] Title: Jetpack <= 3.9.1 - LaTeX HTML Element XSS
- Reference: https://wpvulndb.com/vulnerabilities/8472
- Reference: https://jetpack.com/2016/02/25/jetpack-3-9-2-maintenance-and-security-release/
- Reference: https://github.com/Automattic/jetpack/commit/dbc33b9105c4dbb0de81544e682a8b6d5ab7e446
- [i] Fixed in: 3.9.2
- [!] Title: Jetpack 2.0-4.0.2 - Shortcode Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8500
- Reference: https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/
- Reference: http://wptavern.com/jetpack-4-0-3-patches-a-critical-xss-vulnerability
- Reference: https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html
- [i] Fixed in: 4.0.3
- [!] Title: Jetpack <= 4.0.3 - Multiple Vulnerabilities
- Reference: https://wpvulndb.com/vulnerabilities/8517
- Reference: https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes/
- [i] Fixed in: 4.0.4
- [+] Enumerating usernames ...
- [+] Identified the following 1 user/s:
- +----+-------------------+--------------------------+
- | Id | Login | Name |
- +----+-------------------+--------------------------+
- | 1 | infoheartland-tax | info@heartland.tax – BRB |
- +----+-------------------+--------------------------+
- [+] Finished: Wed Jul 27 08:39:41 2016
- [+] Requests Done: 87
- [+] Memory used: 94.527 MB
- [+] Elapsed time: 00:00:54
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement