Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@debian75:~/tool/wpscan# ./wpscan.rb -u http://wpthemestar.com
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version v2.4.1r8f51ff2
- Sponsored by the RandomStorm Open Source Initiative
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
- _______________________________________________________________
- [+] URL: http://wpthemestar.com/
- [+] Started: Sun Jun 1 10:05:48 2014
- [+] robots.txt available under: 'http://wpthemestar.com/robots.txt'
- [!] The WordPress 'http://wpthemestar.com/readme.html' file exists
- [!] Full Path Disclosure (FPD) in: 'http://wpthemestar.com/wp-includes/rss-functions.php'
- [+] Interesting header: SERVER: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
- [+] Interesting header: X-POWERED-BY: PHP/5.4.28
- [+] XML-RPC Interface available under: http://wpthemestar.com/xmlrpc.php
- [+] WordPress version 3.6.1 identified from meta generator
- [+] WordPress theme in use: ThemeStar - vVersion
- [+] Name: ThemeStar - vVersion
- | Location: http://wpthemestar.com/wp-content/themes/ThemeStar/
- | Style URL: http://wpthemestar.com/wp-content/themes/ThemeStar/style.css
- | Theme Name: ThemeStar
- | Description: Official Theme For WPThemeStar.com
- | Author: Bradley Drummen
- | Author URI: http://WPThemeStar.com/
- [+] Enumerating plugins from passive detection ...
- | 5 plugins found:
- [+] Name: LayerSlider
- | Location: http://wpthemestar.com/wp-content/plugins/LayerSlider/
- [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/LayerSlider/
- [!] Title: LayerSlider 4.6.1 - wp-admin/admin.php Style Editing CSRF
- Reference: http://packetstormsecurity.com/files/125637/
- Reference: http://secunia.com/advisories/57930
- Reference: http://osvdb.org/104393
- [!] Title: LayerSlider 4.6.1 - LayerSlider/editor.php skin Parameter Remote Path Traversal File Access
- Reference: http://packetstormsecurity.com/files/125637/
- Reference: http://secunia.com/advisories/57309
- Reference: http://osvdb.org/104394
- [+] Name: contact-form-7 - v3.4.2
- | Location: http://wpthemestar.com/wp-content/plugins/contact-form-7/
- | Readme: http://wpthemestar.com/wp-content/plugins/contact-form-7/readme.txt
- [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/contact-form-7/
- [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
- Reference: http://www.securityfocus.com/bid/66381/
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2265
- [i] Fixed in: 3.7.2
- [!] Title: Contact Form 7 & Old WP Versions - Crafted File Extension Upload Remote Code Execution
- Reference: http://packetstormsecurity.com/files/125018/
- Reference: http://seclists.org/fulldisclosure/2014/Feb/0
- Reference: http://osvdb.org/102776
- [!] Title: Contact Form 7 <= 3.5.2 - Arbitrary File Upload Remote Code Execution
- Reference: http://packetstormsecurity.com/files/124154/
- Reference: http://osvdb.org/100189
- [i] Fixed in: 3.5.3
- [+] Name: jquery-updater - v2.0.0.2
- | Location: http://wpthemestar.com/wp-content/plugins/jquery-updater/
- | Readme: http://wpthemestar.com/wp-content/plugins/jquery-updater/readme.txt
- [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/jquery-updater/
- [+] Name: shadowbox-js - v3.0.3.10.2
- | Location: http://wpthemestar.com/wp-content/plugins/shadowbox-js/
- | Readme: http://wpthemestar.com/wp-content/plugins/shadowbox-js/readme.txt
- [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/shadowbox-js/
- [+] Name: all-in-one-seo-pack - v2.0.2
- | Location: http://wpthemestar.com/wp-content/plugins/all-in-one-seo-pack/
- | Readme: http://wpthemestar.com/wp-content/plugins/all-in-one-seo-pack/readme.txt
- [!] Directory listing is enabled: http://wpthemestar.com/wp-content/plugins/all-in-one-seo-pack/
- [!] Title: All in One SEO Pack <= 2.0.3 - XSS Vulnerability
- Reference: http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html
- Reference: http://packetstormsecurity.com/files/123490/
- Reference: http://www.securityfocus.com/bid/62784
- Reference: http://seclists.org/bugtraq/2013/Oct/8
- Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5988
- Reference: http://secunia.com/advisories/55133
- Reference: http://osvdb.org/98023
- [i] Fixed in: 2.0.3.1
- [+] Finished: Sun Jun 1 10:06:00 2014
- [+] Memory used: 6.91 MB
- [+] Elapsed time: 00:00:11
- root@debian75:~/tool/wpscan#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement