API tools faq
paste
Advertisement
mahokodinger

test wpscan

mahokodinger
Jun 1st, 2014
389
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 4.78 KB | None | 0 0
raw download clone embed print report
  1. root@debian75:~/tool/wpscan# ./wpscan.rb -u http://wpthemestar.com
  2. _______________________________________________________________
  3.         __          _______   _____
  4.         \ \        / /  __ \ / ____|
  5.          \ \  /\  / /| |__) | (___   ___  __ _ _ __
  6.           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
  7.           \ /\ /  | |     ____) | (__| (_| | | | |
  8.            \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  9.  
  10.        WordPress Security Scanner by the WPScan Team
  11.                    Version v2.4.1r8f51ff2
  12.     Sponsored by the RandomStorm Open Source Initiative
  13.   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  14. _______________________________________________________________
  15.  
  16. [+] URL: http://wpthemestar.com/
  17. [+] Started: Sun Jun  1 10:05:48 2014
  18.  
  19. [+] robots.txt available under: 'http://wpthemestar.com/robots.txt'
  20. [!] The WordPress 'http://wpthemestar.com/readme.html' file exists
  21. [!] Full Path Disclosure (FPD) in: 'http://wpthemestar.com/wp-includes/rss-functions.php'
  22. [+] Interesting header: SERVER: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
  23. [+] Interesting header: X-POWERED-BY: PHP/5.4.28
  24. [+] XML-RPC Interface available under: http://wpthemestar.com/xmlrpc.php
  25.  
  26. [+] WordPress version 3.6.1 identified from meta generator
  27.  
  28. [+] WordPress theme in use: ThemeStar - vVersion
  29.  
  30. [+] Name: ThemeStar - vVersion
  31. |  Location: http://wpthemestar.com/wp-content/themes/ThemeStar/
  32. |  Style URL: http://wpthemestar.com/wp-content/themes/ThemeStar/style.css
  33. |  Theme Name: ThemeStar
  34. |  Description: Official Theme For WPThemeStar.com
  35. |  Author: Bradley Drummen
  36. |  Author URI: http://WPThemeStar.com/
  37.  
  38. [+] Enumerating plugins from passive detection ...
  39. | 5 plugins found:
  40.  
  41. [+] Name: LayerSlider
  42. |  Location: http://wpthemestar.com/wp-content/plugins/LayerSlider/
  43. [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/LayerSlider/
  44.  
  45. [!] Title: LayerSlider 4.6.1 - wp-admin/admin.php Style Editing CSRF
  46.    Reference: http://packetstormsecurity.com/files/125637/
  47.    Reference: http://secunia.com/advisories/57930
  48.    Reference: http://osvdb.org/104393
  49.  
  50. [!] Title: LayerSlider 4.6.1 - LayerSlider/editor.php skin Parameter Remote Path Traversal File Access
  51.    Reference: http://packetstormsecurity.com/files/125637/
  52.    Reference: http://secunia.com/advisories/57309
  53.    Reference: http://osvdb.org/104394
  54.  
  55. [+] Name: contact-form-7 - v3.4.2
  56. |  Location: http://wpthemestar.com/wp-content/plugins/contact-form-7/
  57. |  Readme: http://wpthemestar.com/wp-content/plugins/contact-form-7/readme.txt
  58. [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/contact-form-7/
  59.  
  60. [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
  61.    Reference: http://www.securityfocus.com/bid/66381/
  62.    Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2265
  63. [i] Fixed in: 3.7.2
  64.  
  65. [!] Title: Contact Form 7 & Old WP Versions - Crafted File Extension Upload Remote Code Execution
  66.    Reference: http://packetstormsecurity.com/files/125018/
  67.    Reference: http://seclists.org/fulldisclosure/2014/Feb/0
  68.    Reference: http://osvdb.org/102776
  69.  
  70. [!] Title: Contact Form 7 <= 3.5.2 - Arbitrary File Upload Remote Code Execution
  71.    Reference: http://packetstormsecurity.com/files/124154/
  72.    Reference: http://osvdb.org/100189
  73. [i] Fixed in: 3.5.3
  74.  
  75. [+] Name: jquery-updater - v2.0.0.2
  76. |  Location: http://wpthemestar.com/wp-content/plugins/jquery-updater/
  77. |  Readme: http://wpthemestar.com/wp-content/plugins/jquery-updater/readme.txt
  78. [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/jquery-updater/
  79.  
  80. [+] Name: shadowbox-js - v3.0.3.10.2
  81. |  Location: http://wpthemestar.com/wp-content/plugins/shadowbox-js/
  82. |  Readme: http://wpthemestar.com/wp-content/plugins/shadowbox-js/readme.txt
  83. [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/shadowbox-js/
  84.  
  85. [+] Name: all-in-one-seo-pack - v2.0.2
  86. |  Location: http://wpthemestar.com/wp-content/plugins/all-in-one-seo-pack/
  87. |  Readme: http://wpthemestar.com/wp-content/plugins/all-in-one-seo-pack/readme.txt
  88. [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/all-in-one-seo-pack/
  89.  
  90. [!] Title: All in One SEO Pack <= 2.0.3 - XSS Vulnerability
  91.    Reference: http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html
  92.    Reference: http://packetstormsecurity.com/files/123490/
  93.    Reference: http://www.securityfocus.com/bid/62784
  94.    Reference: http://seclists.org/bugtraq/2013/Oct/8
  95.    Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5988
  96.    Reference: http://secunia.com/advisories/55133
  97.    Reference: http://osvdb.org/98023
  98. [i] Fixed in: 2.0.3.1
  99.  
  100. [+] Finished: Sun Jun  1 10:06:00 2014
  101. [+] Memory used: 6.91 MB
  102. [+] Elapsed time: 00:00:11
  103. root@debian75:~/tool/wpscan#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!