test

1. root@debian75:~/tool/wpscan# ./wpscan.rb -u http://visinteriors.com
2. _______________________________________________________________
3. __ _______ _____
4. \ \ / / __ \ / ____|
5. \ \ /\ / /| |__) | (___ ___ __ _ _ __
6. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
7. \ /\ / | | ____) | (__| (_| | | | |
8. \/ \/ |_| |_____/ \___|\__,_|_| |_|
9.  
10. WordPress Security Scanner by the WPScan Team
11. Version v2.4.1r8f51ff2
12. Sponsored by the RandomStorm Open Source Initiative
13. @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
14. _______________________________________________________________
15.  
16. [+] URL: http://visinteriors.com/
17. [+] Started: Sun Jun 1 10:14:56 2014
18.  
19. [+] robots.txt available under: 'http://visinteriors.com/robots.txt'
20. [+] Interesting entry from robots.txt: http://visinteriors.com/go/
21. [!] Full Path Disclosure (FPD) in: 'http://visinteriors.com/wp-includes/rss-functions.php'
22. [+] Interesting header: SERVER: Apache
23. [+] XML-RPC Interface available under: http://visinteriors.com/xmlrpc.php
24.  
25. [+] WordPress version 3.6.1 identified from meta generator
26.  
27. [+] WordPress theme in use: visinterior
28.  
29. [+] Name: visinterior
30. | Location: http://visinteriors.com/wp-content/themes/visinterior/
31. [!] Directory listing is enabled: http://visinteriors.com/wp-content/themes/visinterior/
32. | Style URL: http://visinteriors.com/wp-content/themes/visinterior/style.css
33. | Theme Name: visinterior
34. | Description: Author: vis interior
35. | Author: vis interior
36.  
37. [+] Detected parent theme: visinteriors - v2.7.2
38.  
39. [+] Name: visinteriors - v2.7.2
40. | Location: http://visinteriors.com/wp-content/themes/visinteriors/
41. | Style URL: http://visinteriors.com/wp-content/themes/visinteriors/style.css
42. | Theme Name: Valerie
43. | Theme URI: http://umbrella.al/
44. | Description: Valerie theme from Umbrella
45. | Author: Umbrella
46. | Author URI: http://umbrella.al/
47.  
48. [+] Enumerating plugins from passive detection ...
49. | 3 plugins found:
50.  
51. [+] Name: db-prefix-change - v1.1
52. | Location: http://visinteriors.com/wp-content/plugins/db-prefix-change/
53. | Readme: http://visinteriors.com/wp-content/plugins/db-prefix-change/readme.txt
54. [!] Directory listing is enabled: http://visinteriors.com/wp-content/plugins/db-prefix-change/
55.  
56. [+] Name: gallery-plugin - v4.1.5
57. | Location: http://visinteriors.com/wp-content/plugins/gallery-plugin/
58. | Readme: http://visinteriors.com/wp-content/plugins/gallery-plugin/readme.txt
59. [!] Directory listing is enabled: http://visinteriors.com/wp-content/plugins/gallery-plugin/
60.  
61. [!] Title: Gallery 3.06 - gallery-plugin/upload/php.php File Upload PHP Code Execution
62. Reference: http://osvdb.org/82661
63. Reference: http://www.exploit-db.com/exploits/18998/
64.  
65. [!] Title: Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access
66. Reference: http://packetstormsecurity.com/files/119458/
67. Reference: http://www.securityfocus.com/bid/57256
68. Reference: http://seclists.org/bugtraq/2013/Jan/45
69. Reference: http://osvdb.org/89124
70.  
71. [+] Name: wp-slimstat - v3.4.1
72. | Location: http://visinteriors.com/wp-content/plugins/wp-slimstat/
73. | Readme: http://visinteriors.com/wp-content/plugins/wp-slimstat/readme.txt
74.  
75. [!] Title: WP SlimStat 3.5.5 - Overview URI Stored XSS
76. Reference: http://secunia.com/advisories/57305
77. Reference: http://osvdb.org/104428
78. [i] Fixed in: 3.5.6
79.  
80. [+] Finished: Sun Jun 1 10:15:32 2014
81. [+] Memory used: 1.961 MB
82. [+] Elapsed time: 00:00:36
83. root@debian75:~/tool/wpscan#