Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- oot@localhost:~# nikto -host yolimachine.com
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 47.88.24.47
- + Target Hostname: yolimachine.com
- + Target Port: 80
- + Start Time: 2017-04-10 02:20:15 (GMT-4)
- ---------------------------------------------------------------------------
- + Server: Tengine/1.3.0
- + Retrieved x-powered-by header: PHP/5.2.17p1
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Cookie PHPSESSID created without the httponly flag
- + Root page / redirects to: http://www.yolimachine.com/
- + No CGI Directories found (use '-C all' to force check all possible dirs)
- + "robots.txt" contains 3 entries which should be manually viewed.
- + Cookie wordpress_test_cookie created without the httponly flag
- + /guestbook/admin.php: Guestbook admin page available without authentication.
- + OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
- + OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
- + OSVDB-3204: /megabook/files/20/setup.db: Megabook guestbook configuration available remotely.
- + OSVDB-2225: /thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin: paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.
- + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
- + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-3092: /admin.php: This might be interesting...
- + OSVDB-3092: /admin/: This might be interesting...
- + OSVDB-3092: /files/: This might be interesting...
- + OSVDB-3093: /dotproject/modules/files/index_table.php: This might be interesting... has been seen in web logs from an unknown scanner.
- + OSVDB-9624: /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access.
- + Cookie currency created without the httponly flag
- + 7459 requests: 10 error(s) and 23 item(s) reported on remote host
- + End Time: 2017-04-10 03:09:09 (GMT-4) (2934 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
- [+] URL: http://www.yolimachine.com/
- [+] Started: Mon Apr 10 02:58:14 2017
- [+] robots.txt available under: 'http://www.yolimachine.com/robots.txt'
- [+] Interesting entry from robots.txt: http://www.yolimachine.com/wp-*
- [+] Interesting entry from robots.txt: http://www.yolimachine.com/gd-*
- [+] Interesting entry from robots.txt: /*?*
- [+] Interesting header: SERVER: Tengine/1.3.0
- [+] Interesting header: X-POWERED-BY: PHP/5.2.17p1
- [+] WordPress version 3.6.1 identified from advanced fingerprinting (Released on 2013-09-11)
- [!] 23 vulnerabilities identified from the version number
- [!] Title: WordPress 3.5 - 3.7.1 XML-RPC DoS
- Reference: https://wpvulndb.com/vulnerabilities/7526
- Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/
- Reference: http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/
- Reference: http://www.breaksec.com/?p=6362
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
- Reference: https://wpvulndb.com/vulnerabilities/7528
- Reference: https://core.trac.wordpress.org/changeset/29384
- Reference: https://core.trac.wordpress.org/changeset/29408
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
- Reference: https://wpvulndb.com/vulnerabilities/7529
- Reference: https://core.trac.wordpress.org/changeset/29398
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
- Reference: https://wpvulndb.com/vulnerabilities/7530
- Reference: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
- Reference: http://getid3.sourceforge.net/
- Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/
- Reference: http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
- Reference: https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
- Reference: https://wpvulndb.com/vulnerabilities/7531
- Reference: http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
- Reference: http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
- [i] Fixed in: 4.0
- [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/7680
- Reference: http://klikki.fi/adv/wordpress.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: http://klikki.fi/adv/wordpress_update.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
- [i] Fixed in: 4.0
- [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
- Reference: https://wpvulndb.com/vulnerabilities/7681
- Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
- Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
- Reference: https://www.exploit-db.com/exploits/35413/
- Reference: https://www.exploit-db.com/exploits/35414/
- [i] Fixed in: 4.0.1
- [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
- Reference: https://wpvulndb.com/vulnerabilities/7696
- Reference: http://www.securityfocus.com/bid/71234/
- Reference: https://core.trac.wordpress.org/changeset/30444
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
- [i] Fixed in: 4.0.1
- [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8111
- Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
- Reference: https://twitter.com/klikkioy/status/624264122570526720
- Reference: https://klikki.fi/adv/wordpress3.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
- [i] Fixed in: 4.2.3
- [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
- Reference: https://wpvulndb.com/vulnerabilities/8473
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
- [i] Fixed in: 4.5
- [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
- Reference: https://wpvulndb.com/vulnerabilities/8474
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
- [i] Fixed in: 4.5
- [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8475
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
- [i] Fixed in: 4.5
- [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
- Reference: https://wpvulndb.com/vulnerabilities/8519
- Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
- Reference: https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
- Reference: https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
- [i] Fixed in: 4.5.3
- [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
- Reference: https://wpvulndb.com/vulnerabilities/8520
- Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
- Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
- [i] Fixed in: 4.5.3
- [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
- Reference: https://wpvulndb.com/vulnerabilities/8615
- Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
- Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
- Reference: http://seclists.org/fulldisclosure/2016/Sep/6
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
- [i] Fixed in: 4.6.1
- [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
- Reference: https://wpvulndb.com/vulnerabilities/8616
- Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
- [i] Fixed in: 4.6.1
- [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
- Reference: https://wpvulndb.com/vulnerabilities/8718
- Reference: https://www.mehmetince.net/low-severity-wordpress/
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
- [i] Fixed in: 4.7.1
- [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
- Reference: https://wpvulndb.com/vulnerabilities/8719
- Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
- [i] Fixed in: 4.7.1
- [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
- Reference: https://wpvulndb.com/vulnerabilities/8720
- Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
- [i] Fixed in: 4.7.1
- [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- Reference: https://wpvulndb.com/vulnerabilities/8721
- Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
- [i] Fixed in: 4.7.1
- [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/8730
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
- Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
- [i] Fixed in: 4.7.2
- [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
- Reference: https://wpvulndb.com/vulnerabilities/8765
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
- Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
- Reference: http://seclists.org/oss-sec/2017/q1/563
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
- [i] Fixed in: 4.7.3
- [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
- Reference: https://wpvulndb.com/vulnerabilities/8766
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
- [i] Fixed in: 4.7.3
- [+] WordPress theme in use: SHOP03
- [+] Name: SHOP03
- | Location: http://www.yolimachine.com/wp-content/themes/SHOP03/
- | Style URL: http://www.yolimachine.com/wp-content/themes/SHOP03/style.css
- [+] Enumerating plugins from passive detection ...
- | 5 plugins found:
- [+] Name: contact-form-7 - v3.4.1
- | Location: http://www.yolimachine.com/wp-content/plugins/contact-form-7/
- | Readme: http://www.yolimachine.com/wp-content/plugins/contact-form-7/readme.txt
- [!] The version is out of date, the latest version is 4.7
- [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass
- Reference: https://wpvulndb.com/vulnerabilities/7020
- Reference: http://www.securityfocus.com/bid/66381/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
- [i] Fixed in: 3.7.2
- [!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
- Reference: https://wpvulndb.com/vulnerabilities/7022
- Reference: http://packetstormsecurity.com/files/124154/
- [i] Fixed in: 3.5.3
- [+] Name: prisna-wp-translate
- | Location: http://www.yolimachine.com/wp-content/plugins/prisna-wp-translate/
- [+] Name: theme-my-login - v6.3.10
- | Location: http://www.yolimachine.com/wp-content/plugins/theme-my-login/
- | Readme: http://www.yolimachine.com/wp-content/plugins/theme-my-login/readme.txt
- [!] The version is out of date, the latest version is 6.4.9
- [+] Name: wordpress-social-login
- | Latest version: 2.3.3
- | Location: http://www.yolimachine.com/wp-content/plugins/wordpress-social-login/
- [+] Name: wp-postratings - v1.78
- | Location: http://www.yolimachine.com/wp-content/plugins/wp-postratings/
- | Readme: http://www.yolimachine.com/wp-content/plugins/wp-postratings/readme.txt
- [!] The version is out of date, the latest version is 1.84.1
- [+] Finished: Mon Apr 10 02:59:40 2017
- [+] Requests Done: 94
- [+] Memory used: 124.695 MB
- [+] Elapsed time: 00:01:26
- root@localhost:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement