Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 2.9
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
- _______________________________________________________________
- [32m[+][0m URL: http://www.mossfon.com/
- [32m[+][0m Started: Mon Apr 4 18:50:19 2016
- [32m[+][0m robots.txt available under: 'http://www.mossfon.com/robots.txt'
- [32m[+][0m Interesting entry from robots.txt: http://www.mossfon.com/
- [32m[+][0m Interesting entry from robots.txt: http://www.mossfon.com/wp-admin/
- [32m[+][0m Interesting entry from robots.txt: http://www.mossfon.com/downloads/
- [33m[!][0m The WordPress 'http://www.mossfon.com/readme.html' file exists exposing a version number
- [32m[+][0m Interesting header: SERVER: Apache/2.2.15 (Oracle)
- [32m[+][0m Interesting header: X-CDN: Incapsula
- [32m[+][0m Interesting header: X-IINFO: 10-27211852-27211853 NNNN CT(292 -1 0) RT(1459810237306 4) q(0 0 3 -1) r(5 5) U6
- [32m[+][0m Interesting header: X-POWERED-BY: W3 Total Cache/0.9.4.1
- [32m[+][0m XML-RPC Interface available under: http://www.mossfon.com/xmlrpc.php
- [32m[+][0m WordPress version 4.2.6 identified from meta generator
- [31m[!][0m 2 vulnerabilities identified from the version number
- [31m[!][0m Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
- Reference: https://wpvulndb.com/vulnerabilities/8376
- Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/36435
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
- [34m[i][0m Fixed in: 4.2.7
- [31m[!][0m Title: WordPress 3.7-4.4.1 - Open Redirect
- Reference: https://wpvulndb.com/vulnerabilities/8377
- Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/36444
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
- [34m[i][0m Fixed in: 4.2.7
- [32m[+][0m WordPress theme in use: twentyten
- [32m[+][0m Name: twentyten
- | Latest version: 2.1
- | Location: http://www.mossfon.com/wp-content/themes/twentyten/
- | Readme: http://www.mossfon.com/wp-content/themes/twentyten/readme.txt
- | Style URL: http://www.mossfon.com/wp-content/themes/twentyten/style.css
- | Referenced style.css: http://www.mossfon.com/wp-content/themes/twentyten/css/style.css
- | Description:
- [32m[+][0m Enumerating plugins from passive detection ...
- | 7 plugins found:
- [32m[+][0m Name: contact-form-7 - v4.2.2
- | Location: http://www.mossfon.com/wp-content/plugins/contact-form-7/
- | Readme: http://www.mossfon.com/wp-content/plugins/contact-form-7/readme.txt
- [33m[!][0m The version is out of date, the latest version is 4.4.1
- [33m[!][0m Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/contact-form-7/
- [32m[+][0m Name: front-end-upload - v0.6.1
- | Latest version: 0.6.1 (up to date)
- | Location: http://www.mossfon.com/wp-content/plugins/front-end-upload/
- | Readme: http://www.mossfon.com/wp-content/plugins/front-end-upload/readme.txt
- [32m[+][0m Name: qtranslate - v2.5.32
- | Location: http://www.mossfon.com/wp-content/plugins/qtranslate/
- | Readme: http://www.mossfon.com/wp-content/plugins/qtranslate/readme.txt
- [33m[!][0m Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/qtranslate/
- [31m[!][0m Title: qTranslate 2.5.34 - Setting Manipulation CSRF
- Reference: https://wpvulndb.com/vulnerabilities/6846
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3251
- Reference: https://secunia.com/advisories/53126/
- Reference: http://osvdb.org/show/osvdb/93873
- [31m[!][0m Title: qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8120
- Reference: http://seclists.org/bugtraq/2015/Jul/139
- Reference: https://www.htbridge.com/advisory/HTB23265
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5535
- [32m[+][0m Name: resume-submissions-job-postings - v2.5.3
- | Latest version: 2.5.3 (up to date)
- | Location: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/
- | Readme: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/readme.txt
- [33m[!][0m Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/
- [31m[!][0m Title: Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload
- Reference: https://wpvulndb.com/vulnerabilities/6160
- Reference: http://packetstormsecurity.com/files/114716/
- Reference: https://secunia.com/advisories/49896/
- Reference: http://osvdb.org/show/osvdb/83807
- Reference: https://www.exploit-db.com/exploits/19791/
- [32m[+][0m Name: wp-pagenavi - v2.87
- | Location: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/
- | Readme: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/readme.txt
- [33m[!][0m The version is out of date, the latest version is 2.89.1
- [33m[!][0m Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/
- [32m[+][0m Name: wp-paginate - v1.3.1
- | Latest version: 1.3.1 (up to date)
- | Location: http://www.mossfon.com/wp-content/plugins/wp-paginate/
- | Readme: http://www.mossfon.com/wp-content/plugins/wp-paginate/readme.txt
- [33m[!][0m Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/wp-paginate/
- [32m[+][0m Name: w3-total-cache - v0.9.4.1
- | Latest version: 0.9.4.1 (up to date)
- | Location: http://www.mossfon.com/wp-content/plugins/w3-total-cache/
- | Readme: http://www.mossfon.com/wp-content/plugins/w3-total-cache/readme.txt
- | Changelog: http://www.mossfon.com/wp-content/plugins/w3-total-cache/changelog.txt
- [32m[+][0m Finished: Mon Apr 4 18:51:23 2016
- [32m[+][0m Requests Done: 64
- [32m[+][0m Memory used: 79.215 MB
- [32m[+][0m Elapsed time: 00:01:04
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement