SHARE
TWEET

Untitled

a guest Apr 4th, 2016 2,450 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. _______________________________________________________________
  2.         __          _______   _____                  
  3.         \ \        / /  __ \ / ____|                
  4.          \ \  /\  / /| |__) | (___   ___  __ _ _ __  
  5.           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
  6.           \  /\  /  | |     ____) | (__| (_| | | | |
  7.            \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  8.  
  9.        WordPress Security Scanner by the WPScan Team
  10.                       Version 2.9
  11.          Sponsored by Sucuri - https://sucuri.net
  12.   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  13. _______________________________________________________________
  14.  
  15. [+] URL: http://www.mossfon.com/
  16. [+] Started: Mon Apr  4 18:50:19 2016
  17.  
  18. [+] robots.txt available under: 'http://www.mossfon.com/robots.txt'
  19. [+] Interesting entry from robots.txt: http://www.mossfon.com/
  20. [+] Interesting entry from robots.txt: http://www.mossfon.com/wp-admin/
  21. [+] Interesting entry from robots.txt: http://www.mossfon.com/downloads/
  22. [!] The WordPress 'http://www.mossfon.com/readme.html' file exists exposing a version number
  23. [+] Interesting header: SERVER: Apache/2.2.15 (Oracle)
  24. [+] Interesting header: X-CDN: Incapsula
  25. [+] Interesting header: X-IINFO: 10-27211852-27211853 NNNN CT(292 -1 0) RT(1459810237306 4) q(0 0 3 -1) r(5 5) U6
  26. [+] Interesting header: X-POWERED-BY: W3 Total Cache/0.9.4.1
  27. [+] XML-RPC Interface available under: http://www.mossfon.com/xmlrpc.php
  28.  
  29. [+] WordPress version 4.2.6 identified from meta generator
  30. [!] 2 vulnerabilities identified from the version number
  31.  
  32. [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  33.    Reference: https://wpvulndb.com/vulnerabilities/8376
  34.    Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  35.    Reference: https://core.trac.wordpress.org/changeset/36435
  36.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  37. [i] Fixed in: 4.2.7
  38.  
  39. [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  40.    Reference: https://wpvulndb.com/vulnerabilities/8377
  41.    Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  42.    Reference: https://core.trac.wordpress.org/changeset/36444
  43.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  44. [i] Fixed in: 4.2.7
  45.  
  46. [+] WordPress theme in use: twentyten
  47.  
  48. [+] Name: twentyten
  49. |  Latest version: 2.1
  50. |  Location: http://www.mossfon.com/wp-content/themes/twentyten/
  51. |  Readme: http://www.mossfon.com/wp-content/themes/twentyten/readme.txt
  52. |  Style URL: http://www.mossfon.com/wp-content/themes/twentyten/style.css
  53. |  Referenced style.css: http://www.mossfon.com/wp-content/themes/twentyten/css/style.css
  54. |  Description:
  55.  
  56. [+] Enumerating plugins from passive detection ...
  57. | 7 plugins found:
  58.  
  59. [+] Name: contact-form-7 - v4.2.2
  60. |  Location: http://www.mossfon.com/wp-content/plugins/contact-form-7/
  61. |  Readme: http://www.mossfon.com/wp-content/plugins/contact-form-7/readme.txt
  62. [!] The version is out of date, the latest version is 4.4.1
  63. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/contact-form-7/
  64.  
  65. [+] Name: front-end-upload - v0.6.1
  66. |  Latest version: 0.6.1 (up to date)
  67. |  Location: http://www.mossfon.com/wp-content/plugins/front-end-upload/
  68. |  Readme: http://www.mossfon.com/wp-content/plugins/front-end-upload/readme.txt
  69.  
  70. [+] Name: qtranslate - v2.5.32
  71. |  Location: http://www.mossfon.com/wp-content/plugins/qtranslate/
  72. |  Readme: http://www.mossfon.com/wp-content/plugins/qtranslate/readme.txt
  73. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/qtranslate/
  74.  
  75. [!] Title: qTranslate 2.5.34 - Setting Manipulation CSRF
  76.    Reference: https://wpvulndb.com/vulnerabilities/6846
  77.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3251
  78.    Reference: https://secunia.com/advisories/53126/
  79.    Reference: http://osvdb.org/show/osvdb/93873
  80.  
  81. [!] Title: qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)
  82.    Reference: https://wpvulndb.com/vulnerabilities/8120
  83.    Reference: http://seclists.org/bugtraq/2015/Jul/139
  84.    Reference: https://www.htbridge.com/advisory/HTB23265
  85.    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5535
  86.  
  87. [+] Name: resume-submissions-job-postings - v2.5.3
  88. |  Latest version: 2.5.3 (up to date)
  89. |  Location: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/
  90. |  Readme: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/readme.txt
  91. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/resume-submissions-job-postings/
  92.  
  93. [!] Title: Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload
  94.    Reference: https://wpvulndb.com/vulnerabilities/6160
  95.    Reference: http://packetstormsecurity.com/files/114716/
  96.    Reference: https://secunia.com/advisories/49896/
  97.    Reference: http://osvdb.org/show/osvdb/83807
  98.    Reference: https://www.exploit-db.com/exploits/19791/
  99.  
  100. [+] Name: wp-pagenavi - v2.87
  101. |  Location: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/
  102. |  Readme: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/readme.txt
  103. [!] The version is out of date, the latest version is 2.89.1
  104. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/wp-pagenavi/
  105.  
  106. [+] Name: wp-paginate - v1.3.1
  107. |  Latest version: 1.3.1 (up to date)
  108. |  Location: http://www.mossfon.com/wp-content/plugins/wp-paginate/
  109. |  Readme: http://www.mossfon.com/wp-content/plugins/wp-paginate/readme.txt
  110. [!] Directory listing is enabled: http://www.mossfon.com/wp-content/plugins/wp-paginate/
  111.  
  112. [+] Name: w3-total-cache - v0.9.4.1
  113. |  Latest version: 0.9.4.1 (up to date)
  114. |  Location: http://www.mossfon.com/wp-content/plugins/w3-total-cache/
  115. |  Readme: http://www.mossfon.com/wp-content/plugins/w3-total-cache/readme.txt
  116. |  Changelog: http://www.mossfon.com/wp-content/plugins/w3-total-cache/changelog.txt
  117.  
  118. [+] Finished: Mon Apr  4 18:51:23 2016
  119. [+] Requests Done: 64
  120. [+] Memory used: 79.215 MB
  121. [+] Elapsed time: 00:01:04
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top