Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@kali:~# wpscan mintemafrumos.ro _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 2.6
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
- _______________________________________________________________
- [+] URL: http://mintemafrumos.ro/
- [+] Started: Sat Mar 28 14:24:17 2015
- [!] The WordPress 'http://mintemafrumos.ro/readme.html' file exists exposing a version number
- [!] Full Path Disclosure (FPD) in: 'http://mintemafrumos.ro/wp-includes/rss-functions.php'
- [+] Interesting header: SERVER: Apache
- [+] Interesting header: X-POWERED-BY: PHP/5.4.21
- [+] XML-RPC Interface available under: http://mintemafrumos.ro/xmlrpc.php
- [!] Upload directory has directory listing enabled: http://mintemafrumos.ro/wp-content/uploads/
- [+] WordPress version 3.4.1 identified from meta generator
- [!] 13 vulnerabilities identified from the version number
- [!] Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- Reference: https://wpvulndb.com/vulnerabilities/5978
- Reference: http://seclists.org/fulldisclosure/2013/Jul/70
- Reference: http://osvdb.org/95060
- [i] Fixed in: 3.5.2
- [!] Title: WordPress 3.4 - 3.5.1 DoS in class-phpass.php
- Reference: https://wpvulndb.com/vulnerabilities/5986
- Reference: http://seclists.org/fulldisclosure/2013/Jun/65
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2173
- Reference: https://secunia.com/advisories/53676
- Reference: http://osvdb.org/94235
- [i] Fixed in: 3.5.2
- [!] Title: WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)
- Reference: https://wpvulndb.com/vulnerabilities/5987
- Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
- [!] Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
- Reference: https://wpvulndb.com/vulnerabilities/5988
- Reference: https://github.com/FireFart/WordpressPingbackPortScanner
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0235
- [i] Fixed in: 3.5.1
- [!] Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
- Reference: https://wpvulndb.com/vulnerabilities/5989
- Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
- [!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
- Reference: https://wpvulndb.com/vulnerabilities/5970
- Reference: http://packetstormsecurity.com/files/123589/
- Reference: http://core.trac.wordpress.org/changeset/25323
- Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4339
- Reference: https://secunia.com/advisories/54803
- Reference: http://osvdb.org/97212
- Reference: http://www.exploit-db.com/exploits/28958/
- [i] Fixed in: 3.6.1
- [!] Title: WordPress Plupload Unspecified XSS
- Reference: https://wpvulndb.com/vulnerabilities/5966
- Reference: https://secunia.com/advisories/57769
- Reference: http://osvdb.org/105622
- [i] Fixed in: 3.8.2
- [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
- Reference: https://wpvulndb.com/vulnerabilities/7528
- Reference: https://core.trac.wordpress.org/changeset/29384
- Reference: https://core.trac.wordpress.org/changeset/29408
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5204
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5205
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
- Reference: https://wpvulndb.com/vulnerabilities/7529
- Reference: https://core.trac.wordpress.org/changeset/29398
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5240
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/7680
- Reference: http://klikki.fi/adv/wordpress.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: http://klikki.fi/adv/wordpress_update.html
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9031
- [i] Fixed in: 4.0
- [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
- Reference: https://wpvulndb.com/vulnerabilities/7681
- Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9034
- Reference: http://osvdb.org/114857
- Reference: http://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
- Reference: http://www.exploit-db.com/exploits/35413/
- Reference: http://www.exploit-db.com/exploits/35414/
- [i] Fixed in: 4.0.1
- [!] Title: WordPress <= 4.0 - CSRF in wp-login.php Password Reset
- Reference: https://wpvulndb.com/vulnerabilities/7691
- Reference: https://core.trac.wordpress.org/changeset/30418
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9033
- [i] Fixed in: 4.0.1
- [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
- Reference: https://wpvulndb.com/vulnerabilities/7696
- Reference: http://www.securityfocus.com/bid/71234
- Reference: https://core.trac.wordpress.org/changeset/30444
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9038
- [i] Fixed in: 4.0.1
- [+] WordPress theme in use: SimplePress - v1.8
- [+] Name: SimplePress - v1.8
- | Location: http://mintemafrumos.ro/wp-content/themes/SimplePress/
- | Style URL: http://mintemafrumos.ro/wp-content/themes/SimplePress/style.css
- | Theme Name: SimplePress
- | Theme URI: http://www.elegantthemes.com/gallery/simplepress
- | Description: 2 Column theme from Elegant Themes
- | Author: Elegant Themes
- | Author URI: http://www.elegantthemes.com
- [+] Enumerating plugins from passive detection ...
- | 2 plugins found:
- [+] Name: flv-embed - v1.2.1
- | Location: http://mintemafrumos.ro/wp-content/plugins/flv-embed/
- | Readme: http://mintemafrumos.ro/wp-content/plugins/flv-embed/readme.txt
- [!] Directory listing is enabled: http://mintemafrumos.ro/wp-content/plugins/flv-embed/
- [+] Name: pdf-ppt-viewer
- | Location: http://mintemafrumos.ro/wp-content/plugins/pdf-ppt-viewer/
- [+] Finished: Sat Mar 28 14:24:24 2015
- [+] Memory used: 3.41 MB
- [+] Elapsed time: 00:00:07
- root@kali:~# ^C
- root@kali:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement