Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 2.6
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
- _______________________________________________________________
- [+] URL: http://ltcgear.com/
- [+] Started: Tue Jan 27 18:13:03 2015
- [+] robots.txt available under: 'http://ltcgear.com/robots.txt'
- [!] The WordPress 'http://ltcgear.com/readme.html' file exists exposing a version number
- [+] Interesting header: SERVER: nginx/1.0.15
- [+] Interesting header: X-POWERED-BY: PHP/5.4.35-0+deb7u2
- [+] XML-RPC Interface available under: http://ltcgear.com/xmlrpc.php
- [+] WordPress version 4.1 identified from meta generator
- [+] WordPress theme in use: woostore - v1.8.1
- [+] Name: woostore - v1.8.1
- | Location: http://ltcgear.com/wp-content/themes/woostore/
- | Changelog: http://ltcgear.com/wp-content/themes/woostore/changelog.txt
- | Style URL: http://ltcgear.com/wp-content/themes/woostore/style.css
- | Theme Name: WooStore
- | Theme URI: http://www.woothemes.com/
- | Description: Designed by <a href="http://www.jepson.no">Magnus Jepson</a>.
- | Author: WooThemes
- | Author URI: http://www.woothemes.com
- [!] Title: WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- Reference: https://wpvulndb.com/vulnerabilities/7358
- Reference: https://gist.github.com/2523147
- [+] Enumerating installed plugins ...
- Time: 00:01:57 <=========================================> (2176 / 2176) 100.00% Time: 00:01:57
- [+] We found 14 plugins:
- [+] Name: adminer - v1.3.2
- | Location: http://ltcgear.com/wp-content/plugins/adminer/
- | Readme: http://ltcgear.com/wp-content/plugins/adminer/readme.txt
- [+] Name: akismet - v3.0.4
- | Location: http://ltcgear.com/wp-content/plugins/akismet/
- | Readme: http://ltcgear.com/wp-content/plugins/akismet/readme.txt
- [+] Name: captcha - v4.0.8
- | Location: http://ltcgear.com/wp-content/plugins/captcha/
- | Readme: http://ltcgear.com/wp-content/plugins/captcha/readme.txt
- [+] Name: export-user-data - v1.1.1
- | Location: http://ltcgear.com/wp-content/plugins/export-user-data/
- | Readme: http://ltcgear.com/wp-content/plugins/export-user-data/readme.txt
- [+] Name: feed
- | Location: http://ltcgear.com/wp-content/plugins/feed/
- [+] We could not determine a version so all vulnerabilities are printed out
- [!] Title: Feed - news_dt.php nid Parameter SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/6965
- Reference: http://packetstormsecurity.com/files/122260/
- Reference: http://osvdb.org/94804
- [+] Name: import-users-from-csv-with-meta - v1.1.6
- | Location: http://ltcgear.com/wp-content/plugins/import-users-from-csv-with-meta/
- | Readme: http://ltcgear.com/wp-content/plugins/import-users-from-csv-with-meta/readme.txt
- [+] Name: mycred - v1.5.4
- | Location: http://ltcgear.com/wp-content/plugins/mycred/
- | Readme: http://ltcgear.com/wp-content/plugins/mycred/readme.txt
- [+] Name: simple-backup - v2.7.8
- | Location: http://ltcgear.com/wp-content/plugins/simple-backup/
- | Readme: http://ltcgear.com/wp-content/plugins/simple-backup/readme.txt
- [+] Name: under-construction-page - v3.2
- | Location: http://ltcgear.com/wp-content/plugins/under-construction-page/
- | Readme: http://ltcgear.com/wp-content/plugins/under-construction-page/readme.txt
- [+] Name: underconstruction - v1.12
- | Location: http://ltcgear.com/wp-content/plugins/underconstruction/
- | Readme: http://ltcgear.com/wp-content/plugins/underconstruction/readme.txt
- [+] Name: wassup - v1.8.6
- | Location: http://ltcgear.com/wp-content/plugins/wassup/
- | Readme: http://ltcgear.com/wp-content/plugins/wassup/readme.txt
- [!] Title: WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit
- Reference: https://wpvulndb.com/vulnerabilities/6492
- Reference: http://www.exploit-db.com/exploits/5017/
- [+] Name: woocommerce - v2.2.10
- | Location: http://ltcgear.com/wp-content/plugins/woocommerce/
- | Readme: http://ltcgear.com/wp-content/plugins/woocommerce/readme.txt
- [!] Title: WooCommerce <= 2.2.2 - Reflected XSS
- Reference: https://wpvulndb.com/vulnerabilities/7699
- Reference: http://seclists.org/fulldisclosure/2014/Sep/59
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6313
- Reference: https://secunia.com/advisories/61377
- Reference: http://osvdb.org/111611
- [+] Name: woocommerce-simple-auctions
- | Location: http://ltcgear.com/wp-content/plugins/woocommerce-simple-auctions/
- | Readme: http://ltcgear.com/wp-content/plugins/woocommerce-simple-auctions/readme.txt
- | Changelog: http://ltcgear.com/wp-content/plugins/woocommerce-simple-auctions/changelog.txt
- [+] Name: wpmandrill - v1.33
- | Location: http://ltcgear.com/wp-content/plugins/wpmandrill/
- | Readme: http://ltcgear.com/wp-content/plugins/wpmandrill/readme.txt
- [+] Finished: Tue Jan 27 18:15:32 2015
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement