API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 30th, 2015
231
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.36 KB | None | 0 0
raw download clone embed print report
  1. _______________________________________________________________
  2. __ _______ _____
  3. \ \ / / __ \ / ____|
  4. \ \ /\ / /| |__) | (___ ___ __ _ _ __
  5. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  6. \ /\ / | | ____) | (__| (_| | | | |
  7. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  8.  
  9. WordPress Security Scanner by the WPScan Team
  10. Version 2.8
  11. Sponsored by Sucuri - https://sucuri.net
  12. @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  13. _______________________________________________________________
  14.  
  15. [i] The remote host tried to redirect to: http://www.thecrushagency.com/
  16. [?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]Y
  17. [+] URL: http://www.thecrushagency.com/
  18. [+] Started: Tue Jun 30 20:44:26 2015
  19.  
  20. [+] robots.txt available under: 'http://www.thecrushagency.com/robots.txt'
  21. [!] The WordPress 'http://www.thecrushagency.com/readme.html' file exists exposing a version number
  22. [+] Interesting header: AGE: 201
  23. [+] Interesting header: LINK: <http://www.thecrushagency.com/>; rel=shortlink
  24. [+] Interesting header: SERVER: nginx
  25. [+] Interesting header: VIA: 1.1 varnish
  26. [+] Interesting header: X-PANTHEON-ENDPOINT: 0592e158-6cf6-446a-ab78-d18e19ab9bdb
  27. [+] Interesting header: X-PANTHEON-STYX-HOSTNAME: styx4f38fad2
  28. [+] Interesting header: X-POWERED-BY: PHP/5.5.24
  29. [+] Interesting header: X-STYX-BUILD-DATE: Wed Apr 29 20:43:17 UTC 2015
  30. [+] Interesting header: X-STYX-BUILD-NUM: 946
  31. [+] Interesting header: X-STYX-BUILD-SHA: 39667cea44763e7df6d81c544b0d294bf223876f
  32. [+] Interesting header: X-STYX-REQ-ID: styx-ccabc08cf9588bb80d1800f1a0033153
  33. [+] Interesting header: X-STYX-VERSION: StyxGo
  34. [+] Interesting header: X-VARNISH: 2938258984 2938075637
  35. [+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
  36. [+] XML-RPC Interface available under: http://www.thecrushagency.com/xmlrpc.php
  37.  
  38. [+] WordPress version 4.2.2 identified from rss generator
  39.  
  40. [+] WordPress theme in use: genesis-sample - v2.1.2
  41.  
  42. [+] Name: genesis-sample - v2.1.2
  43. | Location: http://www.thecrushagency.com/wp-content/themes/genesis-sample/
  44. | Style URL: http://www.thecrushagency.com/wp-content/themes/genesis-sample/style.css
  45. | Theme Name: Genesis Sample Theme
  46. | Theme URI: http://my.studiopress.com/themes/genesis/
  47. | Description: This is the sample theme created for the Genesis Framework.
  48. | Author: StudioPress
  49. | Author URI: http://www.studiopress.com/
  50.  
  51. [+] Detected parent theme: genesis - v2.1.2
  52.  
  53. [+] Name: genesis - v2.1.2
  54. | Location: http://www.thecrushagency.com/wp-content/themes/genesis/
  55. | Style URL: http://www.thecrushagency.com/wp-content/themes/genesis/style.css
  56. | Theme Name: Genesis
  57. | Theme URI: http://my.studiopress.com/themes/genesis/
  58. | Description: The industry standard for Premium WordPress Themes. Please do not modify this style sheet, as it ...
  59. | Author: StudioPress
  60. | Author URI: http://www.studiopress.com/
  61.  
  62. [+] Enumerating plugins from passive detection ...
  63. | 5 plugins found:
  64.  
  65. [+] Name: gravityforms
  66. | Location: http://www.thecrushagency.com/wp-content/plugins/gravityforms/
  67.  
  68. [!] We could not determine a version so all vulnerabilities are printed out
  69.  
  70. [!] Title: Gravity Forms <= 1.8.19 - Arbitrary File Upload
  71. Reference: https://wpvulndb.com/vulnerabilities/7820
  72. Reference: http://blog.sucuri.net/2015/02/malware-cleanup-to-arbitrary-file-upload-in-gravity-forms.html
  73. Reference: http://www.gravityhelp.com/gravity-forms-v1-8-20-released/
  74. [i] Fixed in: 1.8.20
  75.  
  76. [!] Title: Gravity Forms 1.8 <= 1.9.3.5 - Blind SQL Injection
  77. Reference: https://wpvulndb.com/vulnerabilities/7849
  78. Reference: http://www.gravityforms.com/
  79. [i] Fixed in: 1.9.3.6
  80.  
  81. [!] Title: Gravity Forms - Cross-Site Scripting (XSS)
  82. Reference: https://wpvulndb.com/vulnerabilities/7917
  83. Reference: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
  84. Reference: http://osvdb.org/show/osvdb/121070
  85.  
  86. [+] Name: instagram-feed - v1.3.3
  87. | Location: http://www.thecrushagency.com/wp-content/plugins/instagram-feed/
  88. | Readme: http://www.thecrushagency.com/wp-content/plugins/instagram-feed/README.txt
  89.  
  90. [+] Name: optin-monster
  91. | Location: http://www.thecrushagency.com/wp-content/plugins/optin-monster/
  92.  
  93. [+] Name: simple-social-icons - v1.0.8
  94. | Location: http://www.thecrushagency.com/wp-content/plugins/simple-social-icons/
  95. | Readme: http://www.thecrushagency.com/wp-content/plugins/simple-social-icons/readme.txt
  96.  
  97. [+] Name: wordpress-seo - v2.0.1
  98. | Location: http://www.thecrushagency.com/wp-content/plugins/wordpress-seo/
  99. | Readme: http://www.thecrushagency.com/wp-content/plugins/wordpress-seo/readme.txt
  100. | Changelog: http://www.thecrushagency.com/wp-content/plugins/wordpress-seo/changelog.txt
  101.  
  102. [!] Title: WordPress SEO by Yoast <= 2.1.1 - Authenticated Stored DOM XSS
  103. Reference: https://wpvulndb.com/vulnerabilities/8045
  104. Reference: https://inventropy.us/blog/yoast-seo-plugin-cross-site-scripting-vulnerability/
  105. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6692
  106. [i] Fixed in: 2.2
  107.  
  108. [+] Enumerating usernames ...
  109. [+] Identified the following 10 user/s:
  110. +----+--------+--------------------------------------------------+
  111. | Id | Login | Name |
  112. +----+--------+--------------------------------------------------+
  113. | 1 | alison | Alison Engelhardt, Author at The CRUSH |
  114. | 2 | joe | Tampa SEO Specialist & WordPress Developer - Joe |
  115. | 3 | liane | Liane Caruso, Author at The CRUSH |
  116. | 4 | emily | Emily Montes de Oca, Author at The CRUSH |
  117. | 5 | wendy | Wendy Kirkwood, Author at The CRUSH |
  118. | 6 | kim | Kim Patterson, Author at The CRUSH |
  119. | 7 | corina | Corina Sheridan, Author at The CRUSH |
  120. | 8 | angela | Angela Rodriguez, Author at The CRUSH |
  121. | 9 | brie | Brie Slowik, Author at The CRUSH |
  122. | 10 | diana | Diana Vilares, Author at The CRUSH |
  123. +----+--------+--------------------------------------------------+
  124.  
  125. [+] Finished: Tue Jun 30 20:44:57 2015
  126. [+] Requests Done: 188
  127. [+] Memory used: 18.477 MB
  128. [+] Elapsed time: 00:00:31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!