Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [+] URL: http://greatscottcommunications.com/
- [+] Started: Sat Feb 6 19:11:19 2016
- [+] robots.txt available under: 'http://greatscottcommunications.com/robots.txt'
- [!] The WordPress 'http://greatscottcommunications.com/readme.html' file exists exposing a version number
- [!] Full Path Disclosure (FPD) in 'http://greatscottcommunications.com/wp-includes/rss-functions.php':
- [+] Interesting header: LINK: <http://greatscottcommunications.com/>; rel=shortlink
- [+] Interesting header: SERVER: Apache
- [+] Interesting header: X-POWERED-BY: PHP/5.4.34
- [!] Registration is enabled: http://greatscottcommunications.com/wp-login.php?action=register
- [!] Upload directory has directory listing enabled: http://greatscottcommunications.com/wp-content/uploads/
- [+] WordPress version 4.2.7 identified from meta generator
- [+] WordPress theme in use: ward-pro - v1.0.8
- [+] Name: ward-pro - v1.0.8
- | Location: http://greatscottcommunications.com/wp-content/themes/ward-pro/
- | Readme: http://greatscottcommunications.com/wp-content/themes/ward-pro/readme.txt
- | Style URL: http://greatscottcommunications.com/wp-content/themes/ward-pro/style.css
- | Theme Name: Ward Pro
- | Theme URI: https://themes.bavotasan.com/2013/ward-pro/
- | Description: Create a truly unique design with Ward Pro, a lightweight and fully responsive HTML5 theme. Use t...
- | Author: c.bavota
- | Author URI: http://bavotasan.com/
- [+] Enumerating plugins from passive detection ...
- | 5 plugins found:
- [+] Name: contact-form-7 - v4.1.2
- | Location: http://greatscottcommunications.com/wp-content/plugins/contact-form-7/
- | Readme: http://greatscottcommunications.com/wp-content/plugins/contact-form-7/readme.txt
- [!] The version is out of date, the latest version is 4.3.1
- [!] Directory listing is enabled: http://greatscottcommunications.com/wp-content/plugins/contact-form-7/
- [+] Name: download-manager
- | Latest version: 2.8.9
- | Location: http://greatscottcommunications.com/wp-content/plugins/download-manager/
- [!] We could not determine a version so all vulnerabilities are printed out
- [!] Title: Download Manager 2.5.8 - Download Package file Parameter Stored XSS
- Reference: https://wpvulndb.com/vulnerabilities/6283
- Reference: http://www.securityfocus.com/bid/64159/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7319
- Reference: https://secunia.com/advisories/55969/
- Reference: http://osvdb.org/show/osvdb/101143
- [i] Fixed in: 2.5.9
- [!] Title: Download Manager <= 2.2.2 - admin.php cid Parameter XSS
- Reference: https://wpvulndb.com/vulnerabilities/6284
- Reference: http://packetstormsecurity.com/files/112708/
- Reference: https://secunia.com/advisories/48927/
- Reference: http://osvdb.org/show/osvdb/81449
- [i] Fixed in: 2.2.3
- [!] Title: Download Manager <= 2.7.4 - Code Execution / Remote File Inclusion
- Reference: https://wpvulndb.com/vulnerabilities/7706
- Reference: http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html
- Reference: http://osvdb.org/show/osvdb/115287
- Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_downloadmanager_upload
- Reference: https://www.exploit-db.com/exploits/35533/
- [i] Fixed in: 2.7.5
- [!] Title: Download Manager 2.7.2 - Privilege Escalation
- Reference: https://wpvulndb.com/vulnerabilities/7827
- Reference: http://security.szurek.pl/wordpress-download-manager-272-privilege-escalation.html
- Reference: http://packetstormsecurity.com/files/130690/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9260
- Reference: https://www.exploit-db.com/exploits/36301/
- [i] Fixed in: 2.7.3
- [!] Title: WordPress Download Manager <= 2.7.94 - Authenticated Stored XSS
- Reference: https://wpvulndb.com/vulnerabilities/8104
- Reference: https://plugins.trac.wordpress.org/changeset/1199505/download-manager
- Reference: http://packetstormsecurity.com/files/132716/
- [i] Fixed in: 2.7.95
- [!] Title: WordPress Download Manager <= 2.8.7 - Multiple Vulnerabilities
- Reference: https://wpvulndb.com/vulnerabilities/8365
- Reference: http://www.pritect.net/blog/wordpress-download-manager-2-8-8-critical-security-vulnerabilities
- Reference: http://www.wpdownloadmanager.com/wordpress-download-manager-security-maintenance-release/
- [i] Fixed in: 2.8.8
- [+] Name: wpdm-button-templates
- | Location: http://greatscottcommunications.com/wp-content/plugins/wpdm-button-templates/
- [!] Directory listing is enabled: http://greatscottcommunications.com/wp-content/plugins/wpdm-button-templates/
- [+] Name: wpdm-premium-packages - v2.3.0
- | Location: http://greatscottcommunications.com/wp-content/plugins/wpdm-premium-packages/
- | Readme: http://greatscottcommunications.com/wp-content/plugins/wpdm-premium-packages/readme.txt
- [!] Directory listing is enabled: http://greatscottcommunications.com/wp-content/plugins/wpdm-premium-packages/
- [+] Name: all-in-one-seo-pack - v2.2.6.2
- | Location: http://greatscottcommunications.com/wp-content/plugins/all-in-one-seo-pack/
- | Readme: http://greatscottcommunications.com/wp-content/plugins/all-in-one-seo-pack/readme.txt
- [!] The version is out of date, the latest version is 2.2.7.6
- [!] Directory listing is enabled: http://greatscottcommunications.com/wp-content/plugins/all-in-one-seo-pack/
- [+] Enumerating usernames ...
- [+] Identified the following 10 user/s:
- +----+----------------+----------------+
- | Id | Login | Name |
- +----+----------------+----------------+
- | 1 | kscott | kscott |
- | 2 | johnsmith2223 | JohnSmith2223 |
- | 3 | lbzxxh520 | lbzxxh520 |
- | 4 | melodybrownlow | MelodyBrownlow |
- | 5 | latishaeelz | LatishaEELZ |
- | 6 | salinacenteno | SalinaCenteno |
- | 7 | davidachowne | DavidaChowne |
- | 8 | sven6733sdzaj | Sven6733sdzaj |
- | 9 | groverblohm | GroverBlohm |
- | 10 | omlsyreeta | OMLSyreeta |
- +----+----------------+----------------+
- [+] Finished: Sat Feb 6 19:11:51 2016
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement