API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 28th, 2015
244
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.89 KB | None | 0 0
raw download clone embed print report
  1. root@kali:~# wpscan mintemafrumos.ro _______________________________________________________________
  2. __ _______ _____
  3. \ \ / / __ \ / ____|
  4. \ \ /\ / /| |__) | (___ ___ __ _ _ __
  5. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  6. \ /\ / | | ____) | (__| (_| | | | |
  7. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  8.  
  9. WordPress Security Scanner by the WPScan Team
  10. Version 2.6
  11. Sponsored by Sucuri - https://sucuri.net
  12. @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  13. _______________________________________________________________
  14.  
  15. [+] URL: http://mintemafrumos.ro/
  16. [+] Started: Sat Mar 28 14:24:17 2015
  17.  
  18. [!] The WordPress 'http://mintemafrumos.ro/readme.html' file exists exposing a version number
  19. [!] Full Path Disclosure (FPD) in: 'http://mintemafrumos.ro/wp-includes/rss-functions.php'
  20. [+] Interesting header: SERVER: Apache
  21. [+] Interesting header: X-POWERED-BY: PHP/5.4.21
  22. [+] XML-RPC Interface available under: http://mintemafrumos.ro/xmlrpc.php
  23. [!] Upload directory has directory listing enabled: http://mintemafrumos.ro/wp-content/uploads/
  24.  
  25. [+] WordPress version 3.4.1 identified from meta generator
  26. [!] 13 vulnerabilities identified from the version number
  27.  
  28. [!] Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
  29. Reference: https://wpvulndb.com/vulnerabilities/5978
  30. Reference: http://seclists.org/fulldisclosure/2013/Jul/70
  31. Reference: http://osvdb.org/95060
  32. [i] Fixed in: 3.5.2
  33.  
  34. [!] Title: WordPress 3.4 - 3.5.1 DoS in class-phpass.php
  35. Reference: https://wpvulndb.com/vulnerabilities/5986
  36. Reference: http://seclists.org/fulldisclosure/2013/Jun/65
  37. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2173
  38. Reference: https://secunia.com/advisories/53676
  39. Reference: http://osvdb.org/94235
  40. [i] Fixed in: 3.5.2
  41.  
  42. [!] Title: WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)
  43. Reference: https://wpvulndb.com/vulnerabilities/5987
  44. Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
  45.  
  46. [!] Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
  47. Reference: https://wpvulndb.com/vulnerabilities/5988
  48. Reference: https://github.com/FireFart/WordpressPingbackPortScanner
  49. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0235
  50. [i] Fixed in: 3.5.1
  51.  
  52. [!] Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
  53. Reference: https://wpvulndb.com/vulnerabilities/5989
  54. Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
  55.  
  56. [!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
  57. Reference: https://wpvulndb.com/vulnerabilities/5970
  58. Reference: http://packetstormsecurity.com/files/123589/
  59. Reference: http://core.trac.wordpress.org/changeset/25323
  60. Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
  61. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4339
  62. Reference: https://secunia.com/advisories/54803
  63. Reference: http://osvdb.org/97212
  64. Reference: http://www.exploit-db.com/exploits/28958/
  65. [i] Fixed in: 3.6.1
  66.  
  67. [!] Title: WordPress Plupload Unspecified XSS
  68. Reference: https://wpvulndb.com/vulnerabilities/5966
  69. Reference: https://secunia.com/advisories/57769
  70. Reference: http://osvdb.org/105622
  71. [i] Fixed in: 3.8.2
  72.  
  73. [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  74. Reference: https://wpvulndb.com/vulnerabilities/7528
  75. Reference: https://core.trac.wordpress.org/changeset/29384
  76. Reference: https://core.trac.wordpress.org/changeset/29408
  77. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5204
  78. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5205
  79. [i] Fixed in: 3.9.2
  80.  
  81. [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  82. Reference: https://wpvulndb.com/vulnerabilities/7529
  83. Reference: https://core.trac.wordpress.org/changeset/29398
  84. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5240
  85. [i] Fixed in: 3.9.2
  86.  
  87. [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  88. Reference: https://wpvulndb.com/vulnerabilities/7680
  89. Reference: http://klikki.fi/adv/wordpress.html
  90. Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  91. Reference: http://klikki.fi/adv/wordpress_update.html
  92. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9031
  93. [i] Fixed in: 4.0
  94.  
  95. [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  96. Reference: https://wpvulndb.com/vulnerabilities/7681
  97. Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  98. Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  99. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9034
  100. Reference: http://osvdb.org/114857
  101. Reference: http://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  102. Reference: http://www.exploit-db.com/exploits/35413/
  103. Reference: http://www.exploit-db.com/exploits/35414/
  104. [i] Fixed in: 4.0.1
  105.  
  106. [!] Title: WordPress <= 4.0 - CSRF in wp-login.php Password Reset
  107. Reference: https://wpvulndb.com/vulnerabilities/7691
  108. Reference: https://core.trac.wordpress.org/changeset/30418
  109. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9033
  110. [i] Fixed in: 4.0.1
  111.  
  112. [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  113. Reference: https://wpvulndb.com/vulnerabilities/7696
  114. Reference: http://www.securityfocus.com/bid/71234
  115. Reference: https://core.trac.wordpress.org/changeset/30444
  116. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9038
  117. [i] Fixed in: 4.0.1
  118.  
  119. [+] WordPress theme in use: SimplePress - v1.8
  120.  
  121. [+] Name: SimplePress - v1.8
  122. | Location: http://mintemafrumos.ro/wp-content/themes/SimplePress/
  123. | Style URL: http://mintemafrumos.ro/wp-content/themes/SimplePress/style.css
  124. | Theme Name: SimplePress
  125. | Theme URI: http://www.elegantthemes.com/gallery/simplepress
  126. | Description: 2 Column theme from Elegant Themes
  127. | Author: Elegant Themes
  128. | Author URI: http://www.elegantthemes.com
  129.  
  130. [+] Enumerating plugins from passive detection ...
  131. | 2 plugins found:
  132.  
  133. [+] Name: flv-embed - v1.2.1
  134. | Location: http://mintemafrumos.ro/wp-content/plugins/flv-embed/
  135. | Readme: http://mintemafrumos.ro/wp-content/plugins/flv-embed/readme.txt
  136. [!] Directory listing is enabled: http://mintemafrumos.ro/wp-content/plugins/flv-embed/
  137.  
  138. [+] Name: pdf-ppt-viewer
  139. | Location: http://mintemafrumos.ro/wp-content/plugins/pdf-ppt-viewer/
  140.  
  141. [+] Finished: Sat Mar 28 14:24:24 2015
  142. [+] Memory used: 3.41 MB
  143. [+] Elapsed time: 00:00:07
  144. root@kali:~# ^C
  145. root@kali:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!