API tools faq
paste
Advertisement
Guest User

Exploitable fun more

a guest
Apr 10th, 2017
412
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.93 KB | None | 0 0
raw download clone embed print report
  1. oot@localhost:~# nikto -host yolimachine.com
  2. - Nikto v2.1.6
  3. ---------------------------------------------------------------------------
  4. + Target IP: 47.88.24.47
  5. + Target Hostname: yolimachine.com
  6. + Target Port: 80
  7. + Start Time: 2017-04-10 02:20:15 (GMT-4)
  8. ---------------------------------------------------------------------------
  9. + Server: Tengine/1.3.0
  10. + Retrieved x-powered-by header: PHP/5.2.17p1
  11. + The anti-clickjacking X-Frame-Options header is not present.
  12. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  13. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  14. + Cookie PHPSESSID created without the httponly flag
  15. + Root page / redirects to: http://www.yolimachine.com/
  16. + No CGI Directories found (use '-C all' to force check all possible dirs)
  17. + "robots.txt" contains 3 entries which should be manually viewed.
  18. + Cookie wordpress_test_cookie created without the httponly flag
  19. + /guestbook/admin.php: Guestbook admin page available without authentication.
  20. + OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  21. + OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  22. + OSVDB-3204: /megabook/files/20/setup.db: Megabook guestbook configuration available remotely.
  23. + OSVDB-2225: /thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin: paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.
  24. + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
  25. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  26. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  27. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  28. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  29. + OSVDB-3092: /admin.php: This might be interesting...
  30. + OSVDB-3092: /admin/: This might be interesting...
  31. + OSVDB-3092: /files/: This might be interesting...
  32. + OSVDB-3093: /dotproject/modules/files/index_table.php: This might be interesting... has been seen in web logs from an unknown scanner.
  33. + OSVDB-9624: /admin/admin.php?adminpy=1: PY-Membres 4.2 may allow administrator access.
  34. + Cookie currency created without the httponly flag
  35. + 7459 requests: 10 error(s) and 23 item(s) reported on remote host
  36. + End Time: 2017-04-10 03:09:09 (GMT-4) (2934 seconds)
  37. ---------------------------------------------------------------------------
  38. + 1 host(s) tested
  39.  
  40.  
  41.  
  42.  
  43.  
  44.  
  45. [+] URL: http://www.yolimachine.com/
  46. [+] Started: Mon Apr 10 02:58:14 2017
  47.  
  48. [+] robots.txt available under: 'http://www.yolimachine.com/robots.txt'
  49. [+] Interesting entry from robots.txt: http://www.yolimachine.com/wp-*
  50. [+] Interesting entry from robots.txt: http://www.yolimachine.com/gd-*
  51. [+] Interesting entry from robots.txt: /*?*
  52. [+] Interesting header: SERVER: Tengine/1.3.0
  53. [+] Interesting header: X-POWERED-BY: PHP/5.2.17p1
  54.  
  55. [+] WordPress version 3.6.1 identified from advanced fingerprinting (Released on 2013-09-11)
  56. [!] 23 vulnerabilities identified from the version number
  57.  
  58. [!] Title: WordPress 3.5 - 3.7.1 XML-RPC DoS
  59. Reference: https://wpvulndb.com/vulnerabilities/7526
  60. Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/
  61. Reference: http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/
  62. Reference: http://www.breaksec.com/?p=6362
  63. [i] Fixed in: 3.9.2
  64.  
  65. [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  66. Reference: https://wpvulndb.com/vulnerabilities/7528
  67. Reference: https://core.trac.wordpress.org/changeset/29384
  68. Reference: https://core.trac.wordpress.org/changeset/29408
  69. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  70. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  71. [i] Fixed in: 3.9.2
  72.  
  73. [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  74. Reference: https://wpvulndb.com/vulnerabilities/7529
  75. Reference: https://core.trac.wordpress.org/changeset/29398
  76. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  77. [i] Fixed in: 3.9.2
  78.  
  79. [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
  80. Reference: https://wpvulndb.com/vulnerabilities/7530
  81. Reference: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
  82. Reference: http://getid3.sourceforge.net/
  83. Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/
  84. Reference: http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
  85. Reference: https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
  86. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
  87. [i] Fixed in: 3.9.2
  88.  
  89. [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  90. Reference: https://wpvulndb.com/vulnerabilities/7531
  91. Reference: http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  92. Reference: http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html
  93. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  94. [i] Fixed in: 4.0
  95.  
  96. [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  97. Reference: https://wpvulndb.com/vulnerabilities/7680
  98. Reference: http://klikki.fi/adv/wordpress.html
  99. Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  100. Reference: http://klikki.fi/adv/wordpress_update.html
  101. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  102. [i] Fixed in: 4.0
  103.  
  104. [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  105. Reference: https://wpvulndb.com/vulnerabilities/7681
  106. Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  107. Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  108. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  109. Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  110. Reference: https://www.exploit-db.com/exploits/35413/
  111. Reference: https://www.exploit-db.com/exploits/35414/
  112. [i] Fixed in: 4.0.1
  113.  
  114. [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  115. Reference: https://wpvulndb.com/vulnerabilities/7696
  116. Reference: http://www.securityfocus.com/bid/71234/
  117. Reference: https://core.trac.wordpress.org/changeset/30444
  118. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  119. [i] Fixed in: 4.0.1
  120.  
  121. [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  122. Reference: https://wpvulndb.com/vulnerabilities/8111
  123. Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
  124. Reference: https://twitter.com/klikkioy/status/624264122570526720
  125. Reference: https://klikki.fi/adv/wordpress3.html
  126. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  127. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  128. [i] Fixed in: 4.2.3
  129.  
  130. [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  131. Reference: https://wpvulndb.com/vulnerabilities/8473
  132. Reference: https://codex.wordpress.org/Version_4.5
  133. Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  134. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  135. [i] Fixed in: 4.5
  136.  
  137. [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  138. Reference: https://wpvulndb.com/vulnerabilities/8474
  139. Reference: https://codex.wordpress.org/Version_4.5
  140. Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  141. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  142. [i] Fixed in: 4.5
  143.  
  144. [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  145. Reference: https://wpvulndb.com/vulnerabilities/8475
  146. Reference: https://codex.wordpress.org/Version_4.5
  147. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  148. [i] Fixed in: 4.5
  149.  
  150. [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  151. Reference: https://wpvulndb.com/vulnerabilities/8519
  152. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  153. Reference: https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  154. Reference: https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  155. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  156. [i] Fixed in: 4.5.3
  157.  
  158. [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  159. Reference: https://wpvulndb.com/vulnerabilities/8520
  160. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  161. Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  162. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  163. [i] Fixed in: 4.5.3
  164.  
  165. [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  166. Reference: https://wpvulndb.com/vulnerabilities/8615
  167. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  168. Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  169. Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  170. Reference: http://seclists.org/fulldisclosure/2016/Sep/6
  171. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  172. [i] Fixed in: 4.6.1
  173.  
  174. [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  175. Reference: https://wpvulndb.com/vulnerabilities/8616
  176. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  177. Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  178. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  179. [i] Fixed in: 4.6.1
  180.  
  181. [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  182. Reference: https://wpvulndb.com/vulnerabilities/8718
  183. Reference: https://www.mehmetince.net/low-severity-wordpress/
  184. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  185. Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  186. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  187. [i] Fixed in: 4.7.1
  188.  
  189. [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  190. Reference: https://wpvulndb.com/vulnerabilities/8719
  191. Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  192. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  193. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  194. [i] Fixed in: 4.7.1
  195.  
  196. [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  197. Reference: https://wpvulndb.com/vulnerabilities/8720
  198. Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  199. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  200. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  201. [i] Fixed in: 4.7.1
  202.  
  203. [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  204. Reference: https://wpvulndb.com/vulnerabilities/8721
  205. Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  206. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  207. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  208. [i] Fixed in: 4.7.1
  209.  
  210. [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  211. Reference: https://wpvulndb.com/vulnerabilities/8730
  212. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  213. Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  214. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  215. [i] Fixed in: 4.7.2
  216.  
  217. [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  218. Reference: https://wpvulndb.com/vulnerabilities/8765
  219. Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  220. Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  221. Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  222. Reference: http://seclists.org/oss-sec/2017/q1/563
  223. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  224. [i] Fixed in: 4.7.3
  225.  
  226. [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  227. Reference: https://wpvulndb.com/vulnerabilities/8766
  228. Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  229. Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  230. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  231. [i] Fixed in: 4.7.3
  232.  
  233. [+] WordPress theme in use: SHOP03
  234.  
  235. [+] Name: SHOP03
  236. | Location: http://www.yolimachine.com/wp-content/themes/SHOP03/
  237. | Style URL: http://www.yolimachine.com/wp-content/themes/SHOP03/style.css
  238.  
  239. [+] Enumerating plugins from passive detection ...
  240. | 5 plugins found:
  241.  
  242. [+] Name: contact-form-7 - v3.4.1
  243. | Location: http://www.yolimachine.com/wp-content/plugins/contact-form-7/
  244. | Readme: http://www.yolimachine.com/wp-content/plugins/contact-form-7/readme.txt
  245. [!] The version is out of date, the latest version is 4.7
  246.  
  247. [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass
  248. Reference: https://wpvulndb.com/vulnerabilities/7020
  249. Reference: http://www.securityfocus.com/bid/66381/
  250. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
  251. [i] Fixed in: 3.7.2
  252.  
  253. [!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
  254. Reference: https://wpvulndb.com/vulnerabilities/7022
  255. Reference: http://packetstormsecurity.com/files/124154/
  256. [i] Fixed in: 3.5.3
  257.  
  258. [+] Name: prisna-wp-translate
  259. | Location: http://www.yolimachine.com/wp-content/plugins/prisna-wp-translate/
  260.  
  261. [+] Name: theme-my-login - v6.3.10
  262. | Location: http://www.yolimachine.com/wp-content/plugins/theme-my-login/
  263. | Readme: http://www.yolimachine.com/wp-content/plugins/theme-my-login/readme.txt
  264. [!] The version is out of date, the latest version is 6.4.9
  265.  
  266. [+] Name: wordpress-social-login
  267. | Latest version: 2.3.3
  268. | Location: http://www.yolimachine.com/wp-content/plugins/wordpress-social-login/
  269.  
  270. [+] Name: wp-postratings - v1.78
  271. | Location: http://www.yolimachine.com/wp-content/plugins/wp-postratings/
  272. | Readme: http://www.yolimachine.com/wp-content/plugins/wp-postratings/readme.txt
  273. [!] The version is out of date, the latest version is 1.84.1
  274.  
  275. [+] Finished: Mon Apr 10 02:59:40 2017
  276. [+] Requests Done: 94
  277. [+] Memory used: 124.695 MB
  278. [+] Elapsed time: 00:01:26
  279. root@localhost:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!