Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 2.8
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
- _______________________________________________________________
- [i] The remote host tried to redirect to: http://www.thecrushagency.com/
- [?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]Y
- [+] URL: http://www.thecrushagency.com/
- [+] Started: Tue Jun 30 20:44:26 2015
- [+] robots.txt available under: 'http://www.thecrushagency.com/robots.txt'
- [!] The WordPress 'http://www.thecrushagency.com/readme.html' file exists exposing a version number
- [+] Interesting header: AGE: 201
- [+] Interesting header: LINK: <http://www.thecrushagency.com/>; rel=shortlink
- [+] Interesting header: SERVER: nginx
- [+] Interesting header: VIA: 1.1 varnish
- [+] Interesting header: X-PANTHEON-ENDPOINT: 0592e158-6cf6-446a-ab78-d18e19ab9bdb
- [+] Interesting header: X-PANTHEON-STYX-HOSTNAME: styx4f38fad2
- [+] Interesting header: X-POWERED-BY: PHP/5.5.24
- [+] Interesting header: X-STYX-BUILD-DATE: Wed Apr 29 20:43:17 UTC 2015
- [+] Interesting header: X-STYX-BUILD-NUM: 946
- [+] Interesting header: X-STYX-BUILD-SHA: 39667cea44763e7df6d81c544b0d294bf223876f
- [+] Interesting header: X-STYX-REQ-ID: styx-ccabc08cf9588bb80d1800f1a0033153
- [+] Interesting header: X-STYX-VERSION: StyxGo
- [+] Interesting header: X-VARNISH: 2938258984 2938075637
- [+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
- [+] XML-RPC Interface available under: http://www.thecrushagency.com/xmlrpc.php
- [+] WordPress version 4.2.2 identified from rss generator
- [+] WordPress theme in use: genesis-sample - v2.1.2
- [+] Name: genesis-sample - v2.1.2
- | Location: http://www.thecrushagency.com/wp-content/themes/genesis-sample/
- | Style URL: http://www.thecrushagency.com/wp-content/themes/genesis-sample/style.css
- | Theme Name: Genesis Sample Theme
- | Theme URI: http://my.studiopress.com/themes/genesis/
- | Description: This is the sample theme created for the Genesis Framework.
- | Author: StudioPress
- | Author URI: http://www.studiopress.com/
- [+] Detected parent theme: genesis - v2.1.2
- [+] Name: genesis - v2.1.2
- | Location: http://www.thecrushagency.com/wp-content/themes/genesis/
- | Style URL: http://www.thecrushagency.com/wp-content/themes/genesis/style.css
- | Theme Name: Genesis
- | Theme URI: http://my.studiopress.com/themes/genesis/
- | Description: The industry standard for Premium WordPress Themes. Please do not modify this style sheet, as it ...
- | Author: StudioPress
- | Author URI: http://www.studiopress.com/
- [+] Enumerating plugins from passive detection ...
- | 5 plugins found:
- [+] Name: gravityforms
- | Location: http://www.thecrushagency.com/wp-content/plugins/gravityforms/
- [!] We could not determine a version so all vulnerabilities are printed out
- [!] Title: Gravity Forms <= 1.8.19 - Arbitrary File Upload
- Reference: https://wpvulndb.com/vulnerabilities/7820
- Reference: http://blog.sucuri.net/2015/02/malware-cleanup-to-arbitrary-file-upload-in-gravity-forms.html
- Reference: http://www.gravityhelp.com/gravity-forms-v1-8-20-released/
- [i] Fixed in: 1.8.20
- [!] Title: Gravity Forms 1.8 <= 1.9.3.5 - Blind SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/7849
- Reference: http://www.gravityforms.com/
- [i] Fixed in: 1.9.3.6
- [!] Title: Gravity Forms - Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/7917
- Reference: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
- Reference: http://osvdb.org/show/osvdb/121070
- [+] Name: instagram-feed - v1.3.3
- | Location: http://www.thecrushagency.com/wp-content/plugins/instagram-feed/
- | Readme: http://www.thecrushagency.com/wp-content/plugins/instagram-feed/README.txt
- [+] Name: optin-monster
- | Location: http://www.thecrushagency.com/wp-content/plugins/optin-monster/
- [+] Name: simple-social-icons - v1.0.8
- | Location: http://www.thecrushagency.com/wp-content/plugins/simple-social-icons/
- | Readme: http://www.thecrushagency.com/wp-content/plugins/simple-social-icons/readme.txt
- [+] Name: wordpress-seo - v2.0.1
- | Location: http://www.thecrushagency.com/wp-content/plugins/wordpress-seo/
- | Readme: http://www.thecrushagency.com/wp-content/plugins/wordpress-seo/readme.txt
- | Changelog: http://www.thecrushagency.com/wp-content/plugins/wordpress-seo/changelog.txt
- [!] Title: WordPress SEO by Yoast <= 2.1.1 - Authenticated Stored DOM XSS
- Reference: https://wpvulndb.com/vulnerabilities/8045
- Reference: https://inventropy.us/blog/yoast-seo-plugin-cross-site-scripting-vulnerability/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6692
- [i] Fixed in: 2.2
- [+] Enumerating usernames ...
- [+] Identified the following 10 user/s:
- +----+--------+--------------------------------------------------+
- | Id | Login | Name |
- +----+--------+--------------------------------------------------+
- | 1 | alison | Alison Engelhardt, Author at The CRUSH |
- | 2 | joe | Tampa SEO Specialist & WordPress Developer - Joe |
- | 3 | liane | Liane Caruso, Author at The CRUSH |
- | 4 | emily | Emily Montes de Oca, Author at The CRUSH |
- | 5 | wendy | Wendy Kirkwood, Author at The CRUSH |
- | 6 | kim | Kim Patterson, Author at The CRUSH |
- | 7 | corina | Corina Sheridan, Author at The CRUSH |
- | 8 | angela | Angela Rodriguez, Author at The CRUSH |
- | 9 | brie | Brie Slowik, Author at The CRUSH |
- | 10 | diana | Diana Vilares, Author at The CRUSH |
- +----+--------+--------------------------------------------------+
- [+] Finished: Tue Jun 30 20:44:57 2015
- [+] Requests Done: 188
- [+] Memory used: 18.477 MB
- [+] Elapsed time: 00:00:31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement