Advertisement
Guest User

Anonymous JTSEC #OpSudan Full Recon #12

a guest
Feb 14th, 2019
4,544
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 165.55 KB | None | 0 0
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname mocit.gov.sd ISP NICDC
  4. Continent Africa Flag
  5. SD
  6. Country Sudan Country Code SD
  7. Region Unknown Local time 14 Feb 2019 17:44 CAT
  8. City Unknown Postal Code Unknown
  9. IP Address 62.12.105.2 Latitude 15
  10. Longitude 30
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > mocit.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: mocit.gov.sd
  19. Address: 62.12.105.2
  20. >
  21. #######################################################################################################################################
  22. HostIP:62.12.105.2
  23. HostName:mocit.gov.sd
  24.  
  25. Gathered Inet-whois information for 62.12.105.2
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 62.12.96.0 - 62.12.127.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:46:54Z
  61. last-modified: 2019-01-07T10:46:54Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
  77.  
  78.  
  79.  
  80. Gathered Inic-whois information for mocit.gov.sd
  81. ---------------------------------------------------------------------------------------------------------------------------------------
  82. Error: Unable to connect - Invalid Host
  83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  84. close error
  85.  
  86. Gathered Netcraft information for mocit.gov.sd
  87. ---------------------------------------------------------------------------------------------------------------------------------------
  88.  
  89. Retrieving Netcraft.com information for mocit.gov.sd
  90. Netcraft.com Information gathered
  91.  
  92. Gathered Subdomain information for mocit.gov.sd
  93. ---------------------------------------------------------------------------------------------------------------------------------------
  94. Searching Google.com:80...
  95. Searching Altavista.com:80...
  96. Found 0 possible subdomain(s) for host mocit.gov.sd, Searched 0 pages containing 0 results
  97.  
  98. Gathered E-Mail information for mocit.gov.sd
  99. ---------------------------------------------------------------------------------------------------------------------------------------
  100. Searching Google.com:80...
  101. Searching Altavista.com:80...
  102. Found 0 E-Mail(s) for host mocit.gov.sd, Searched 0 pages containing 0 results
  103.  
  104. Gathered TCP Port information for 62.12.105.2
  105. ---------------------------------------------------------------------------------------------------------------------------------------
  106.  
  107. Port State
  108.  
  109. 21/tcp open
  110. 80/tcp open
  111. 110/tcp open
  112. 143/tcp open
  113.  
  114. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
  115. #######################################################################################################################################
  116. [i] Scanning Site: http://mocit.gov.sd
  117.  
  118.  
  119.  
  120. B A S I C I N F O
  121. =======================================================================================================================================
  122.  
  123.  
  124. [+] Site Title: وزارة الثقافة والاعلام والسياحة
  125. [+] IP address: 62.12.105.2
  126. [+] Web Server: Could Not Detect
  127. [+] CMS: WordPress
  128. [+] Cloudflare: Not Detected
  129. [+] Robots File: Could NOT Find robots.txt!
  130.  
  131.  
  132.  
  133.  
  134. G E O I P L O O K U P
  135. =======================================================================================================================================
  136.  
  137. [i] IP Address: 62.12.105.2
  138. [i] Country: Sudan
  139. [i] State:
  140. [i] City:
  141. [i] Latitude: 15.0
  142. [i] Longitude: 30.0
  143.  
  144.  
  145.  
  146.  
  147. H T T P H E A D E R S
  148. =======================================================================================================================================
  149.  
  150.  
  151. [i] HTTP/1.1 302 Found
  152. [i] Date: Thu, 14 Feb 2019 15:39:21 GMT
  153. [i] Content-Type: text/html
  154. [i] Content-Length: 0
  155. [i] X-Powered-By: PHP/5.3.29
  156. [i] Set-Cookie: csrf_cookie_name=338c17f74036158d14db6c42c47ff67b; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  157. [i] Location: http://mocit.gov.sd/index.php/ar/
  158. [i] X-Powered-By: PleskLin
  159. [i] Connection: close
  160. [i] HTTP/1.1 200 OK
  161. [i] Date: Thu, 14 Feb 2019 15:39:22 GMT
  162. [i] Content-Type: text/html
  163. [i] X-Powered-By: PHP/5.3.29
  164. [i] Set-Cookie: csrf_cookie_name=8c58df1bf97fa806ed52ed3eb34212e0; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  165. [i] Set-Cookie: user_lang=ar; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  166. [i] Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22390ad74586c1a5b39a558b8854f90b91%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22176.113.74.35%22%3Bs%3A10%3A%22user_agent%22%3Bb%3A0%3Bs%3A13%3A%22last_activity%22%3Bi%3A1550158761%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D6b7eb7793c71b387f6d616fb6f72320b; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  167. [i] X-Powered-By: PleskLin
  168. [i] Connection: close
  169.  
  170.  
  171.  
  172.  
  173. D N S L O O K U P
  174. =======================================================================================================================================
  175.  
  176. mocit.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  177. mocit.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  178. mocit.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  179. mocit.gov.sd. 21599 IN A 62.12.105.2
  180. mocit.gov.sd. 21599 IN MX 10 f03-web02.nic.gov.sd.
  181. mocit.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  182.  
  183.  
  184.  
  185.  
  186. S U B N E T C A L C U L A T I O N
  187. =======================================================================================================================================
  188.  
  189. Address = 62.12.105.2
  190. Network = 62.12.105.2 / 32
  191. Netmask = 255.255.255.255
  192. Broadcast = not needed on Point-to-Point links
  193. Wildcard Mask = 0.0.0.0
  194. Hosts Bits = 0
  195. Max. Hosts = 1 (2^0 - 0)
  196. Host Range = { 62.12.105.2 - 62.12.105.2 }
  197.  
  198.  
  199.  
  200. N M A P P O R T S C A N
  201. =======================================================================================================================================
  202.  
  203.  
  204. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 16:37 UTC
  205. Nmap scan report for mocit.gov.sd (62.12.105.2)
  206. Host is up (0.18s latency).
  207. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  208. PORT STATE SERVICE
  209. 21/tcp filtered ftp
  210. 22/tcp filtered ssh
  211. 23/tcp filtered telnet
  212. 80/tcp filtered http
  213. 110/tcp filtered pop3
  214. 143/tcp filtered imap
  215. 443/tcp filtered https
  216. 3389/tcp filtered ms-wbt-server
  217.  
  218. Nmap done: 1 IP address (1 host up) scanned in 13.88 seconds
  219. #######################################################################################################################################
  220. [?] Enter the target: example( http://domain.com )
  221. http://mocit.gov.sd/index.php/ar/
  222. [!] IP Address : 62.12.105.2
  223. [!] mocit.gov.sd doesn't seem to use a CMS
  224. [+] Honeypot Probabilty: 0%
  225. ---------------------------------------------------------------------------------------------------------------------------------------
  226. [~] Trying to gather whois information for mocit.gov.sd
  227. [+] Whois information found
  228. [-] Unable to build response, visit https://who.is/whois/mocit.gov.sd
  229. ---------------------------------------------------------------------------------------------------------------------------------------
  230. PORT STATE SERVICE
  231. 21/tcp filtered ftp
  232. 22/tcp filtered ssh
  233. 23/tcp filtered telnet
  234. 80/tcp filtered http
  235. 110/tcp filtered pop3
  236. 143/tcp filtered imap
  237. 443/tcp filtered https
  238. 3389/tcp filtered ms-wbt-server
  239. Nmap done: 1 IP address (1 host up) scanned in 14.16 seconds
  240. ---------------------------------------------------------------------------------------------------------------------------------------
  241.  
  242. [+] DNS Records
  243. ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
  244. ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
  245.  
  246. [+] MX Records
  247. 10 (62.12.105.2) Egypt Egypt
  248.  
  249. [+] Host Records (A)
  250. mocit.gov.sd (62.12.105.2) Egypt Egypt
  251.  
  252. [+] TXT Records
  253. "v=spf1 mx -all"
  254.  
  255. [+] DNS Map: https://dnsdumpster.com/static/map/mocit.gov.sd.png
  256.  
  257. [>] Initiating 3 intel modules
  258. [>] Loading Alpha module (1/3)
  259. [>] Beta module deployed (2/3)
  260. [>] Gamma module initiated (3/3)
  261.  
  262.  
  263. [+] Emails found:
  264. ---------------------------------------------------------------------------------------------------------------------------------------
  265.  
  266. [+] Hosts found in search engines:
  267. --------------------------------------------------------------------------------------------------------------------------------------
  268. [-] Resolving hostnames IPs...
  269. 62.12.105.2:www.mocit.gov.sd
  270. [+] Virtual hosts:
  271. ---------------------------------------------------------------------------------------------------------------------------------------
  272. ######################################################################################################################################
  273. Enter Address Website = mocit.gov.sd
  274.  
  275.  
  276.  
  277. Reverse IP With YouGetSignal 'mocit.gov.sd'
  278. ---------------------------------------------------------------------------------------------------------------------------------------
  279.  
  280. [*] IP: 62.12.105.2
  281. [*] Domain: mocit.gov.sd
  282. [*] Total Domains: 6
  283.  
  284. [+] agricmi.gov.sd
  285. [+] eastgezira.gov.sd
  286. [+] mocit.gov.sd
  287. [+] sudan.gov.sd
  288. [+] unionkhr.sd
  289. [+] www.sudan.gov.sd
  290. #######################################################################################################################################
  291. Geo IP Lookup 'mocit.gov.sd'
  292. ---------------------------------------------------------------------------------------------------------------------------------------
  293.  
  294. [+] IP Address: 62.12.105.2
  295. [+] Country: Sudan
  296. [+] State:
  297. [+] City:
  298. [+] Latitude: 15.0
  299. [+] Longitude: 30.0
  300. #######################################################################################################################################
  301. DNS Lookup 'mocit.gov.sd'
  302. ---------------------------------------------------------------------------------------------------------------------------------------
  303.  
  304. [+] mocit.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  305. [+] mocit.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  306. [+] mocit.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  307. [+] mocit.gov.sd. 21599 IN A 62.12.105.2
  308. [+] mocit.gov.sd. 21599 IN MX 10 f03-web02.nic.gov.sd.
  309. [+] mocit.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  310. #######################################################################################################################################
  311. Show HTTP Header 'mocit.gov.sd'
  312. ---------------------------------------------------------------------------------------------------------------------------------------
  313.  
  314. [+] HTTP/1.1 302 Moved Temporarily
  315. [+] Server: nginx
  316. [+] Date: Thu, 14 Feb 2019 15:39:14 GMT
  317. [+] Content-Type: text/html
  318. [+] Connection: keep-alive
  319. [+] X-Powered-By: PHP/5.3.29
  320. [+] Set-Cookie: csrf_cookie_name=76583c8c25944d3f10d80b9a2798d617; expires=Thu, 14-Feb-2019 17:39:14 GMT; path=/
  321. [+] Location: http://mocit.gov.sd/index.php/ar/
  322. [+] X-Powered-By: PleskLin
  323. #######################################################################################################################################Port Scan 'mocit.gov.sd'
  324. ---------------------------------------------------------------------------------------------------------------------------------------
  325.  
  326.  
  327. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 16:37 UTC
  328. Nmap scan report for mocit.gov.sd (62.12.105.2)
  329. Host is up (0.18s latency).
  330. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  331. PORT STATE SERVICE
  332. 21/tcp filtered ftp
  333. 22/tcp filtered ssh
  334. 23/tcp filtered telnet
  335. 80/tcp filtered http
  336. 110/tcp filtered pop3
  337. 143/tcp filtered imap
  338. 443/tcp filtered https
  339. 3389/tcp filtered ms-wbt-server
  340.  
  341. Nmap done: 1 IP address (1 host up) scanned in 14.38 seconds
  342. #######################################################################################################################################
  343. Traceroute 'mocit.gov.sd'
  344. ---------------------------------------------------------------------------------------------------------------------------------------
  345.  
  346. Start: 2019-02-14T16:37:27+0000
  347. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  348. 1.|-- 45.79.12.201 0.0% 3 1.1 1.1 0.8 1.2 0.2
  349. 2.|-- 45.79.12.0 0.0% 3 13.4 12.5 3.7 20.6 8.5
  350. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.3 2.2 1.3 3.9 1.4
  351. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 2.1 2.0 1.9 2.1 0.1
  352. 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 12.0 11.8 11.4 12.1 0.4
  353. 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.4 24.2 23.4 25.0 0.8
  354. 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.7 30.7 30.5 30.8 0.1
  355. 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.3 41.3 41.3 41.4 0.1
  356. 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 45.7 45.7 45.6 45.7 0.0
  357. 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.5 107.7 107.5 107.9 0.2
  358. 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 108.1 108.0 107.9 108.1 0.1
  359. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 108.5 107.9 107.6 108.5 0.5
  360. 13.|-- 185.153.20.70 0.0% 3 185.6 185.9 185.6 186.4 0.4
  361. 14.|-- 185.153.20.82 0.0% 3 185.6 185.8 185.6 185.9 0.1
  362. 15.|-- 185.153.20.94 0.0% 3 185.5 185.5 185.5 185.6 0.0
  363. 16.|-- 185.153.20.153 0.0% 3 230.0 219.6 214.2 230.0 9.0
  364. 17.|-- 212.0.131.109 0.0% 3 227.6 227.4 226.9 227.8 0.4
  365. 18.|-- 196.202.137.249 0.0% 3 219.0 219.3 218.9 220.0 0.6
  366. 19.|-- 196.202.145.94 0.0% 3 219.1 219.3 219.1 219.5 0.2
  367. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  368. #######################################################################################################################################
  369. Ping 'mocit.gov.sd'
  370. ---------------------------------------------------------------------------------------------------------------------------------------
  371.  
  372. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-14 16:37 UTC
  373. SENT (0.0038s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=1] IP [ttl=64 id=6748 iplen=28 ]
  374. SENT (1.0040s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=2] IP [ttl=64 id=6748 iplen=28 ]
  375. SENT (2.0056s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=3] IP [ttl=64 id=6748 iplen=28 ]
  376. SENT (3.0069s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=4] IP [ttl=64 id=6748 iplen=28 ]
  377.  
  378. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  379. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  380. Nping done: 1 IP address pinged in 4.01 seconds
  381. #######################################################################################################################################
  382. ; <<>> DiG 9.11.5-P1-1-Debian <<>> mocit.gov.sd
  383. ;; global options: +cmd
  384. ;; Got answer:
  385. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11094
  386. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  387.  
  388. ;; OPT PSEUDOSECTION:
  389. ; EDNS: version: 0, flags:; udp: 4096
  390. ;; QUESTION SECTION:
  391. ;mocit.gov.sd. IN A
  392.  
  393. ;; ANSWER SECTION:
  394. mocit.gov.sd. 82189 IN A 62.12.105.2
  395.  
  396. ;; Query time: 35 msec
  397. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  398. ;; WHEN: jeu fév 14 11:54:19 EST 2019
  399. ;; MSG SIZE rcvd: 57
  400. #######################################################################################################################################
  401. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace mocit.gov.sd
  402. ;; global options: +cmd
  403. . 80866 IN NS a.root-servers.net.
  404. . 80866 IN NS b.root-servers.net.
  405. . 80866 IN NS d.root-servers.net.
  406. . 80866 IN NS k.root-servers.net.
  407. . 80866 IN NS c.root-servers.net.
  408. . 80866 IN NS f.root-servers.net.
  409. . 80866 IN NS j.root-servers.net.
  410. . 80866 IN NS g.root-servers.net.
  411. . 80866 IN NS m.root-servers.net.
  412. . 80866 IN NS i.root-servers.net.
  413. . 80866 IN NS h.root-servers.net.
  414. . 80866 IN NS e.root-servers.net.
  415. . 80866 IN NS l.root-servers.net.
  416. . 80866 IN RRSIG NS 8 0 518400 20190227050000 20190214040000 16749 . KjRJi44YfIrOlhPKeg7qiGlwP2QsgQmM2rTFegujHBe0cRTA1uH0NEgj FPJX+q10aSbYdSr3FGT2cW1YTRmLmAbNXGwZz84jYBm+Z+Au+Yhr9TRN 4DHs4voHtgr8u/sm5Hx72ghRbXOSK+ffIljYBTSwk4TKkFi1sqYbs7V6 tMz0LjK1rEuWHnPi2Vnrp93/WKdWMQmytU2qvKr9x6/s8TSkWWOKzaEX sOGlz9aFDRpYkreMZvOWKjUJbkzz9BgvKhnT72q0oDdhdrhle1bTM+yV rZ4pgndNM0b3TAdcMiNhNEISL0uQ0b5tUM3Y3rOT9YLlF4gA+p01UD3a cuep6w==
  417. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 33 ms
  418.  
  419. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  420. sd. 172800 IN NS ns1.uaenic.ae.
  421. sd. 172800 IN NS ns2.uaenic.ae.
  422. sd. 172800 IN NS ans1.sis.sd.
  423. sd. 172800 IN NS ans1.canar.sd.
  424. sd. 172800 IN NS ans2.canar.sd.
  425. sd. 172800 IN NS ns-sd.afrinic.net.
  426. sd. 86400 IN NSEC se. NS RRSIG NSEC
  427. sd. 86400 IN RRSIG NSEC 8 1 86400 20190227050000 20190214040000 16749 . p5xCmXr6/UJpXVFgnTVrZf/qZ0bsqHWSMXrkDI4WLDsbzoK/TSBtEgO2 KSA9Is1n0hWTqY3HfWl5R0HypWb+vtX32FbjdPNUpm2FBtpujLQgxvry /nJRvXzYKmy1NPoLesExvMg/3coxIQKAPxmfwm09ddZ5vfvc+NKc5X7D znXBTk+j6KILgL7LvhhJ0/TsikCqL3gPGKH8aW6RId4tcxJV1dmgRR8F FcGkESYs2KJmG6KN/JG5OiJ/rOVUSQCkHjUAMoX1x+qKLAy+dDJkBnyy OkdQ+04CkijYHauuo/VvJjk14/60ChpgDqc//AF+VJgvGPs9tSEQLApC wFQsOg==
  428. ;; Received 699 bytes from 199.7.91.13#53(d.root-servers.net) in 36 ms
  429.  
  430. gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
  431. gov.sd. 14400 IN NS ns1.uaenic.ae.
  432. gov.sd. 14400 IN NS ns2.uaenic.ae.
  433. gov.sd. 14400 IN NS ans1.sis.sd.
  434. gov.sd. 14400 IN NS ans1.canar.sd.
  435. gov.sd. 14400 IN NS ans2.canar.sd.
  436. gov.sd. 14400 IN NS ns-sd.afrinic.net.
  437. ;; Received 268 bytes from 196.216.168.26#53(ns-sd.afrinic.net) in 274 ms
  438.  
  439. mocit.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
  440. mocit.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
  441. ;; Received 113 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 106 ms
  442.  
  443. mocit.gov.sd. 86400 IN A 62.12.105.2
  444. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  445. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  446. ;; Received 129 bytes from 62.12.109.3#53(ns1.ndc.gov.sd) in 206 ms
  447. #######################################################################################################################################
  448. [*] Performing General Enumeration of Domain: mocit.gov.sd
  449. [-] DNSSEC is not configured for mocit.gov.sd
  450. [*] SOA ns0.ndc.gov.sd 62.12.109.2
  451. [*] NS ns1.ndc.gov.sd 62.12.109.3
  452. [*] Bind Version for 62.12.109.3 you guess!
  453. [*] NS ns0.ndc.gov.sd 62.12.109.2
  454. [*] Bind Version for 62.12.109.2 you guess!
  455. [*] MX f03-web02.nic.gov.sd 62.12.105.2
  456. [*] A mocit.gov.sd 62.12.105.2
  457. [*] TXT mocit.gov.sd v=spf1 mx -all
  458. [*] Enumerating SRV Records
  459. [-] No SRV Records Found for mocit.gov.sd
  460. [+] 0 Records Found
  461. #######################################################################################################################################
  462. [*] Processing domain mocit.gov.sd
  463. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  464. [+] Getting nameservers
  465. 62.12.109.3 - ns1.ndc.gov.sd
  466. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  467. mocit.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  468. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  469. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  470. mocit.gov.sd. 86400 IN A 62.12.105.2
  471. mocit.gov.sd. 86400 IN MX 10 f03-web02.nic.gov.sd.
  472. mocit.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  473. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  474. mail.mocit.gov.sd. 86400 IN MX 10 mail.mocit.gov.sd.
  475. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  476. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  477. #######################################################################################################################################
  478. Ip Address Status Type Domain Name Server
  479. ---------- ------ ---- ----------- ------
  480. 62.12.105.2 200 host mail.mocit.gov.sd nginx
  481. 62.12.105.2 200 alias webmail.mocit.gov.sd nginx
  482. 62.12.105.2 200 host mail.mocit.gov.sd nginx
  483. 62.12.105.2 301 host www.mocit.gov.sd nginx
  484. #######################################################################################################################################
  485. [+] Testing domain
  486. www.mocit.gov.sd 62.12.105.2
  487. [+] Dns resolving
  488. Domain name Ip address Name server
  489. mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  490. Found 1 host(s) for mocit.gov.sd
  491. [+] Testing wildcard
  492. Ok, no wildcard found.
  493.  
  494. [+] Scanning for subdomain on mocit.gov.sd
  495. [!] Wordlist not specified. I scannig with my internal wordlist...
  496. Estimated time about 106.32 seconds
  497.  
  498. Subdomain Ip address Name server
  499.  
  500. mail.mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  501. webmail.mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  502. www.mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  503. #######################################################################################################################################
  504. dnsenum VERSION:1.2.4
  505.  
  506. ----- mocit.gov.sd -----
  507.  
  508.  
  509. Host's addresses:
  510. __________________
  511.  
  512. mocit.gov.sd. 82581 IN A 62.12.105.2
  513.  
  514.  
  515. Name Servers:
  516. ______________
  517.  
  518. ns0.ndc.gov.sd. 13744 IN A 62.12.109.2
  519. ns1.ndc.gov.sd. 13744 IN A 62.12.109.3
  520.  
  521.  
  522. Mail (MX) Servers:
  523. ___________________
  524.  
  525. f03-web02.nic.gov.sd. 86400 IN A 62.12.105.2
  526.  
  527.  
  528. Trying Zone Transfers and getting Bind Versions:
  529. _________________________________________________
  530.  
  531.  
  532. Trying Zone Transfer for mocit.gov.sd on ns0.ndc.gov.sd ...
  533. mocit.gov.sd. 86400 IN SOA (
  534. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  535. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  536. mocit.gov.sd. 86400 IN A 62.12.105.2
  537. mocit.gov.sd. 86400 IN MX 10
  538. mocit.gov.sd. 86400 IN TXT "v=spf1
  539. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  540. mail.mocit.gov.sd. 86400 IN MX 10
  541. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  542. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  543.  
  544. Trying Zone Transfer for mocit.gov.sd on ns1.ndc.gov.sd ...
  545. mocit.gov.sd. 86400 IN SOA (
  546. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  547. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  548. mocit.gov.sd. 86400 IN A 62.12.105.2
  549. mocit.gov.sd. 86400 IN MX 10
  550. mocit.gov.sd. 86400 IN TXT "v=spf1
  551. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  552. mail.mocit.gov.sd. 86400 IN MX 10
  553. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  554. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  555. #######################################################################################################################################
  556.  
  557. ____ _ _ _ _ _____
  558. / ___| _ _| |__ | (_)___| |_|___ / _ __
  559. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  560. ___) | |_| | |_) | | \__ \ |_ ___) | |
  561. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  562.  
  563. # Coded By Ahmed Aboul-Ela - @aboul3la
  564.  
  565. [-] Enumerating subdomains now for mocit.gov.sd
  566. [-] verbosity is enabled, will show the subdomains results in realtime
  567. [-] Searching now in Baidu..
  568. [-] Searching now in Yahoo..
  569. [-] Searching now in Google..
  570. [-] Searching now in Bing..
  571. [-] Searching now in Ask..
  572. [-] Searching now in Netcraft..
  573. [-] Searching now in DNSdumpster..
  574. [-] Searching now in Virustotal..
  575. [-] Searching now in ThreatCrowd..
  576. [-] Searching now in SSL Certificates..
  577. [-] Searching now in PassiveDNS..
  578. Virustotal: www.mocit.gov.sd
  579. Virustotal: mail.mocit.gov.sd
  580. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-mocit.gov.sd.txt
  581. [-] Total Unique Subdomains Found: 2
  582. www.mocit.gov.sd
  583. mail.mocit.gov.sd
  584. #######################################################################################################################################
  585. ===============================================
  586. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  587. ===============================================
  588.  
  589.  
  590. Running Source: Ask
  591. Running Source: Archive.is
  592. Running Source: Baidu
  593. Running Source: Bing
  594. Running Source: CertDB
  595. Running Source: CertificateTransparency
  596. Running Source: Certspotter
  597. Running Source: Commoncrawl
  598. Running Source: Crt.sh
  599. Running Source: Dnsdb
  600. Running Source: DNSDumpster
  601. Running Source: DNSTable
  602. Running Source: Dogpile
  603. Running Source: Exalead
  604. Running Source: Findsubdomains
  605. Running Source: Googleter
  606. Running Source: Hackertarget
  607. Running Source: Ipv4Info
  608. Running Source: PTRArchive
  609. Running Source: Sitedossier
  610. Running Source: Threatcrowd
  611. Running Source: ThreatMiner
  612. Running Source: WaybackArchive
  613. Running Source: Yahoo
  614.  
  615. Running enumeration on mocit.gov.sd
  616.  
  617. dnsdb: Unexpected return status 503
  618.  
  619. archiveis: Get http://archive.is/*.mocit.gov.sd: dial tcp 213.183.51.24:80: connect: connection timed out
  620.  
  621.  
  622. Starting Bruteforcing of mocit.gov.sd with 9985 words
  623.  
  624. Total 5 Unique subdomains found for mocit.gov.sd
  625.  
  626. .mocit.gov.sd
  627. mail.mocit.gov.sd
  628. mail.mocit.gov.sd
  629. webmail.mocit.gov.sd
  630. www.mocit.gov.sd
  631. #######################################################################################################################################
  632. [*] Processing domain mocit.gov.sd
  633. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  634. [+] Getting nameservers
  635. 62.12.109.3 - ns1.ndc.gov.sd
  636. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  637. mocit.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  638. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  639. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  640. mocit.gov.sd. 86400 IN A 62.12.105.2
  641. mocit.gov.sd. 86400 IN MX 10 f03-web02.nic.gov.sd.
  642. mocit.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  643. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  644. mail.mocit.gov.sd. 86400 IN MX 10 mail.mocit.gov.sd.
  645. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  646. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  647. #######################################################################################################################################
  648. [*] Found SPF record:
  649. [*] v=spf1 mx -all
  650. [*] SPF record contains an All item: -all
  651. [*] No DMARC record found. Looking for organizational record
  652. [+] No organizational DMARC record
  653. [+] Spoofing possible for mocit.gov.sd!
  654. #######################################################################################################################################
  655. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:53 EST
  656. Nmap scan report for mocit.gov.sd (62.12.105.2)
  657. Host is up (0.16s latency).
  658. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  659. Not shown: 464 filtered ports, 4 closed ports
  660. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  661. PORT STATE SERVICE
  662. 21/tcp open ftp
  663. 80/tcp open http
  664. 110/tcp open pop3
  665. 143/tcp open imap
  666. 443/tcp open https
  667. 993/tcp open imaps
  668. 995/tcp open pop3s
  669. 8443/tcp open https-alt
  670. #######################################################################################################################################
  671. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:53 EST
  672. Nmap scan report for mocit.gov.sd (62.12.105.2)
  673. Host is up (0.023s latency).
  674. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  675. Not shown: 2 filtered ports
  676. PORT STATE SERVICE
  677. 53/udp open|filtered domain
  678. 67/udp open|filtered dhcps
  679. 68/udp open|filtered dhcpc
  680. 69/udp open|filtered tftp
  681. 88/udp open|filtered kerberos-sec
  682. 123/udp open|filtered ntp
  683. 139/udp open|filtered netbios-ssn
  684. 161/udp open|filtered snmp
  685. 162/udp open|filtered snmptrap
  686. 389/udp open|filtered ldap
  687. 520/udp open|filtered route
  688. 2049/udp open|filtered nfs
  689. #######################################################################################################################################
  690. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:53 EST
  691. Nmap scan report for mocit.gov.sd (62.12.105.2)
  692. Host is up (0.21s latency).
  693. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  694.  
  695. PORT STATE SERVICE VERSION
  696. 21/tcp open tcpwrapped
  697. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  698. Device type: specialized|WAP|general purpose|router
  699. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  700. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  701. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  702. Network Distance: 20 hops
  703.  
  704. TRACEROUTE (using port 21/tcp)
  705. HOP RTT ADDRESS
  706. 1 23.11 ms 10.244.200.1
  707. 2 23.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  708. 3 27.79 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  709. 4 23.19 ms 82.102.29.44
  710. 5 23.61 ms 38.122.42.161
  711. 6 23.66 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  712. 7 92.83 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  713. 8 98.65 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  714. 9 99.88 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  715. 10 99.95 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  716. 11 104.18 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  717. 12 182.94 ms 185.153.20.70
  718. 13 182.95 ms 185.153.20.82
  719. 14 182.67 ms 185.153.20.94
  720. 15 196.46 ms 185.153.20.153
  721. 16 ... 17
  722. 18 212.81 ms 196.202.145.94
  723. 19 ...
  724. 20 206.78 ms f03-web02.nic.gov.sd (62.12.105.2)
  725. #######################################################################################################################################
  726. http://mocit.gov.sd [302 Found] Cookies[csrf_cookie_name], HTTPServer[nginx], IP[62.12.105.2], PHP[5.3.29,], Plesk[Lin], RedirectLocation[http://mocit.gov.sd/index.php/ar/], X-Powered-By[PHP/5.3.29, PleskLin], nginx
  727. http://mocit.gov.sd/index.php/ar/ [200 OK] CodeIgniter-PHP-Framework[ci_session Cookie], Cookies[ci_session,csrf_cookie_name,user_lang], Frame, HTML5, HTTPServer[nginx], IP[62.12.105.2], JQuery[1.6.4], PHP[5.3.29,], Plesk[Lin], Script[text/javascript], Title[وزارة الثقافة والاعلام والسياحة], probably WordPress, X-Powered-By[PHP/5.3.29, PleskLin], YouTube, nginx
  728. #######################################################################################################################################
  729. wig - WebApp Information Gatherer
  730.  
  731.  
  732. Scanning http://mocit.gov.sd...
  733. _________________________________________ SITE INFO _________________________________________
  734. IP Title
  735. 62.12.105.2 وزارة الثقافة والاعلام والسياحة
  736.  
  737. __________________________________________ VERSION __________________________________________
  738. Name Versions Type
  739. WordPress CMS
  740. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  741. 2.4.9
  742. PHP 5.3.29 Platform
  743. nginx Platform
  744.  
  745. ________________________________________ INTERESTING ________________________________________
  746. URL Note Type
  747. /install.php Installation file Interesting
  748. /test.php Test file Interesting
  749.  
  750. ___________________________________________ TOOLS ___________________________________________
  751. Name Link Software
  752. wpscan https://github.com/wpscanteam/wpscan WordPress
  753. CMSmap https://github.com/Dionach/CMSmap WordPress
  754.  
  755. _____________________________________________________________________________________________
  756. Time: 39.2 sec Urls: 477 Fingerprints: 40401
  757. #######################################################################################################################################
  758. HTTP/1.1 302 Moved Temporarily
  759. Server: nginx
  760. Date: Thu, 14 Feb 2019 16:08:15 GMT
  761. Content-Type: text/html
  762. Connection: keep-alive
  763. X-Powered-By: PHP/5.3.29
  764. Set-Cookie: csrf_cookie_name=3415093e41ec9f23ba6e1233b5da84c0; expires=Thu, 14-Feb-2019 18:08:15 GMT; path=/
  765. Location: http://mocit.gov.sd/index.php/ar/
  766. X-Powered-By: PleskLin
  767.  
  768. HTTP/1.1 302 Moved Temporarily
  769. Server: nginx
  770. Date: Thu, 14 Feb 2019 16:08:16 GMT
  771. Content-Type: text/html
  772. Connection: keep-alive
  773. X-Powered-By: PHP/5.3.29
  774. Set-Cookie: csrf_cookie_name=ac8d37ef201fc8221b6bd93244c20002; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  775. Location: http://mocit.gov.sd/index.php/ar/
  776. X-Powered-By: PleskLin
  777.  
  778. HTTP/1.1 200 OK
  779. Server: nginx
  780. Date: Thu, 14 Feb 2019 16:08:16 GMT
  781. Content-Type: text/html
  782. Connection: keep-alive
  783. X-Powered-By: PHP/5.3.29
  784. Set-Cookie: csrf_cookie_name=1d32e0ea8cb6b7a7f4b9ad5c6fb1be0a; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  785. Set-Cookie: user_lang=ar; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  786. Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269755f6fa613543efa203f4c446a6811%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22176.113.74.44%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A11%3A%22curl%2F7.64.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1550160496%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D35c17dd7c3c1c6a25e6e55b37a3d2e54; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  787. X-Powered-By: PleskLin
  788. #######################################################################################################################################
  789. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:06 EST
  790. Nmap scan report for mocit.gov.sd (62.12.105.2)
  791. Host is up (0.21s latency).
  792. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  793.  
  794. PORT STATE SERVICE VERSION
  795. 110/tcp open pop3 Dovecot pop3d
  796. | pop3-brute:
  797. | Accounts: No valid accounts found
  798. |_ Statistics: Performed 185 guesses in 191 seconds, average tps: 0.8
  799. |_pop3-capabilities: APOP UIDL USER RESP-CODES CAPA STLS PIPELINING AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP
  800. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  801. OS fingerprint not ideal because: Timing level 5 (Insane) used
  802. No OS matches for host
  803. Network Distance: 19 hops
  804. Service Info: Host: fo3-web02.nic.gov.sd
  805.  
  806. TRACEROUTE (using port 443/tcp)
  807. HOP RTT ADDRESS
  808. 1 21.62 ms 10.244.200.1
  809. 2 22.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  810. 3 22.02 ms 37.120.128.168
  811. 4 21.79 ms 82.102.29.44
  812. 5 23.21 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  813. 6 22.04 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  814. 7 91.87 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  815. 8 97.48 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  816. 9 98.48 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  817. 10 98.74 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  818. 11 99.84 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  819. 12 178.43 ms 185.153.20.70
  820. 13 178.44 ms 185.153.20.82
  821. 14 178.43 ms 185.153.20.94
  822. 15 192.91 ms 185.153.20.153
  823. 16 ... 17
  824. 18 210.81 ms 196.202.145.94
  825. 19 209.26 ms f03-web02.nic.gov.sd (62.12.105.2)
  826. #######################################################################################################################################
  827. Version: 1.11.12-static
  828. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  829.  
  830. Connected to 62.12.105.2
  831.  
  832. Testing SSL server mocit.gov.sd on port 443 using SNI name mocit.gov.sd
  833.  
  834. TLS Fallback SCSV:
  835. Server supports TLS Fallback SCSV
  836.  
  837. TLS renegotiation:
  838. Secure session renegotiation supported
  839.  
  840. TLS Compression:
  841. Compression disabled
  842.  
  843. Heartbleed:
  844. TLS 1.2 not vulnerable to heartbleed
  845. TLS 1.1 not vulnerable to heartbleed
  846. TLS 1.0 not vulnerable to heartbleed
  847.  
  848. Supported Server Cipher(s):
  849. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  850. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  851. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  852. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  853. Accepted TLSv1.2 256 bits AES256-SHA256
  854. Accepted TLSv1.2 256 bits AES256-SHA
  855. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  856. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  857. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  858. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  859. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  860. Accepted TLSv1.2 128 bits AES128-SHA256
  861. Accepted TLSv1.2 128 bits AES128-SHA
  862. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  863. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  864. Accepted TLSv1.1 256 bits AES256-SHA
  865. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  866. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  867. Accepted TLSv1.1 128 bits AES128-SHA
  868. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  869. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  870. Accepted TLSv1.0 256 bits AES256-SHA
  871. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  872. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  873. Accepted TLSv1.0 128 bits AES128-SHA
  874. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  875.  
  876. SSL Certificate:
  877. Signature Algorithm: sha256WithRSAEncryption
  878. RSA Key Strength: 2048
  879.  
  880. Subject: Plesk
  881. Issuer: Plesk
  882.  
  883. Not valid before: Apr 20 02:40:27 2016 GMT
  884. Not valid after: Apr 20 02:40:27 2017 GMT
  885. #######################################################################################################################################
  886. --------------------------------------------------------
  887. <<<Yasuo discovered following vulnerable applications>>>
  888. --------------------------------------------------------
  889. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  890. | App Name | URL to Application | Potential Exploit | Username | Password |
  891. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  892. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  893. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  894. #######################################################################################################################################
  895. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:47 EST
  896. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  897. Host is up (0.17s latency).
  898. Not shown: 464 filtered ports, 4 closed ports
  899. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  900. PORT STATE SERVICE
  901. 21/tcp open ftp
  902. 80/tcp open http
  903. 110/tcp open pop3
  904. 143/tcp open imap
  905. 443/tcp open https
  906. 993/tcp open imaps
  907. 995/tcp open pop3s
  908. 8443/tcp open https-alt
  909. #######################################################################################################################################
  910. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:48 EST
  911. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  912. Host is up (0.023s latency).
  913. Not shown: 2 filtered ports
  914. PORT STATE SERVICE
  915. 53/udp open|filtered domain
  916. 67/udp open|filtered dhcps
  917. 68/udp open|filtered dhcpc
  918. 69/udp open|filtered tftp
  919. 88/udp open|filtered kerberos-sec
  920. 123/udp open|filtered ntp
  921. 139/udp open|filtered netbios-ssn
  922. 161/udp open|filtered snmp
  923. 162/udp open|filtered snmptrap
  924. 389/udp open|filtered ldap
  925. 520/udp open|filtered route
  926. 2049/udp open|filtered nfs
  927. #######################################################################################################################################
  928. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:48 EST
  929. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  930. Host is up (0.21s latency).
  931.  
  932. PORT STATE SERVICE VERSION
  933. 21/tcp open tcpwrapped
  934. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  935. Device type: specialized|WAP|general purpose|router
  936. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  937. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  938. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  939. Network Distance: 20 hops
  940.  
  941. TRACEROUTE (using port 21/tcp)
  942. HOP RTT ADDRESS
  943. 1 24.45 ms 10.244.200.1
  944. 2 24.92 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  945. 3 31.95 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  946. 4 24.89 ms 82.102.29.44
  947. 5 25.31 ms 38.122.42.161
  948. 6 24.94 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  949. 7 95.68 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  950. 8 100.26 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  951. 9 101.34 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  952. 10 101.73 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  953. 11 98.62 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  954. 12 177.26 ms 185.153.20.70
  955. 13 177.29 ms 185.153.20.82
  956. 14 177.02 ms 185.153.20.94
  957. 15 195.66 ms 185.153.20.153
  958. 16 ... 17
  959. 18 216.11 ms 196.202.145.94
  960. 19 ...
  961. 20 205.41 ms f03-web02.nic.gov.sd (62.12.105.2)
  962. #######################################################################################################################################
  963. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:59 EST
  964. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  965. Host is up.
  966.  
  967. PORT STATE SERVICE VERSION
  968. 67/udp open|filtered dhcps
  969. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  970. Too many fingerprints match this host to give specific OS details
  971.  
  972. TRACEROUTE (using proto 1/icmp)
  973. HOP RTT ADDRESS
  974. 1 23.12 ms 10.244.200.1
  975. 2 24.27 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  976. 3 38.80 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  977. 4 24.23 ms 82.102.29.44
  978. 5 24.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  979. 6 24.30 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  980. 7 93.66 ms 154.54.44.165
  981. 8 99.33 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  982. 9 100.35 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  983. 10 100.36 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  984. 11 99.83 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  985. 12 178.44 ms 185.153.20.70
  986. 13 178.49 ms 185.153.20.82
  987. 14 178.46 ms 185.153.20.94
  988. 15 192.23 ms 185.153.20.153
  989. 16 203.36 ms 212.0.131.109
  990. 17 205.31 ms 196.202.137.249
  991. 18 214.59 ms 196.202.145.94
  992. 19 ... 30
  993. #######################################################################################################################################
  994. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:01 EST
  995. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  996. Host is up.
  997.  
  998. PORT STATE SERVICE VERSION
  999. 68/udp open|filtered dhcpc
  1000. Too many fingerprints match this host to give specific OS details
  1001.  
  1002. TRACEROUTE (using proto 1/icmp)
  1003. HOP RTT ADDRESS
  1004. 1 23.35 ms 10.244.200.1
  1005. 2 23.78 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1006. 3 39.94 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1007. 4 23.42 ms 82.102.29.44
  1008. 5 25.42 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1009. 6 24.22 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1010. 7 93.39 ms 154.54.44.165
  1011. 8 99.25 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1012. 9 100.21 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1013. 10 100.52 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1014. 11 107.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1015. 12 186.35 ms 185.153.20.70
  1016. 13 186.64 ms 185.153.20.82
  1017. 14 186.31 ms 185.153.20.94
  1018. 15 200.10 ms 185.153.20.153
  1019. 16 208.02 ms 212.0.131.109
  1020. 17 201.44 ms 196.202.137.249
  1021. 18 210.35 ms 196.202.145.94
  1022. 19 ... 30
  1023. #######################################################################################################################################
  1024. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:03 EST
  1025. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1026. Host is up.
  1027.  
  1028. PORT STATE SERVICE VERSION
  1029. 69/udp open|filtered tftp
  1030. Too many fingerprints match this host to give specific OS details
  1031.  
  1032. TRACEROUTE (using proto 1/icmp)
  1033. HOP RTT ADDRESS
  1034. 1 26.41 ms 10.244.200.1
  1035. 2 26.84 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1036. 3 40.24 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1037. 4 28.85 ms 82.102.29.44
  1038. 5 26.88 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1039. 6 26.89 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1040. 7 97.92 ms 154.54.44.165
  1041. 8 103.48 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1042. 9 103.51 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1043. 10 103.56 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1044. 11 98.40 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1045. 12 177.01 ms 185.153.20.70
  1046. 13 177.02 ms 185.153.20.82
  1047. 14 176.96 ms 185.153.20.94
  1048. 15 190.75 ms 185.153.20.153
  1049. 16 208.88 ms 212.0.131.109
  1050. 17 206.14 ms 196.202.137.249
  1051. 18 211.22 ms 196.202.145.94
  1052. 19 ... 30
  1053. #######################################################################################################################################
  1054. wig - WebApp Information Gatherer
  1055.  
  1056.  
  1057. Scanning http://62.12.105.2...
  1058. ________________________________________ SITE INFO _________________________________________
  1059. IP Title
  1060. 62.12.105.2 Domain Default page
  1061.  
  1062. _________________________________________ VERSION __________________________________________
  1063. Name Versions Type
  1064. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  1065. 2.4.9
  1066. nginx Platform
  1067.  
  1068. ____________________________________________________________________________________________
  1069. Time: 1.4 sec Urls: 811 Fingerprints: 40401
  1070. #######################################################################################################################################
  1071. HTTP/1.1 200 OK
  1072. Server: nginx
  1073. Date: Thu, 14 Feb 2019 16:08:25 GMT
  1074. Content-Type: text/html
  1075. Content-Length: 3750
  1076. Connection: keep-alive
  1077. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1078. ETag: "ea6-5649d8e57844b"
  1079. Accept-Ranges: bytes
  1080.  
  1081. HTTP/1.1 200 OK
  1082. Server: nginx
  1083. Date: Thu, 14 Feb 2019 16:08:25 GMT
  1084. Content-Type: text/html
  1085. Content-Length: 3750
  1086. Connection: keep-alive
  1087. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1088. ETag: "ea6-5649d8e57844b"
  1089. Accept-Ranges: bytes
  1090. #######################################################################################################################################
  1091. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:06 EST
  1092. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1093. Host is up (0.21s latency).
  1094.  
  1095. PORT STATE SERVICE VERSION
  1096. 110/tcp open pop3 Dovecot pop3d
  1097. | pop3-brute:
  1098. | Accounts: No valid accounts found
  1099. |_ Statistics: Performed 218 guesses in 196 seconds, average tps: 1.2
  1100. |_pop3-capabilities: APOP STLS RESP-CODES PIPELINING USER UIDL CAPA TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE
  1101. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1102. OS fingerprint not ideal because: Timing level 5 (Insane) used
  1103. No OS matches for host
  1104. Network Distance: 19 hops
  1105. Service Info: Host: fo3-web02.nic.gov.sd
  1106.  
  1107. TRACEROUTE (using port 443/tcp)
  1108. HOP RTT ADDRESS
  1109. 1 22.03 ms 10.244.200.1
  1110. 2 22.56 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1111. 3 26.75 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1112. 4 22.36 ms 82.102.29.44
  1113. 5 22.58 ms 38.122.42.161
  1114. 6 23.02 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  1115. 7 91.84 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  1116. 8 99.05 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1117. 9 99.08 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1118. 10 99.11 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1119. 11 99.99 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1120. 12 178.49 ms 185.153.20.70
  1121. 13 178.49 ms 185.153.20.82
  1122. 14 178.46 ms 185.153.20.94
  1123. 15 193.09 ms 185.153.20.153
  1124. 16 ... 17
  1125. 18 211.39 ms 196.202.145.94
  1126. 19 206.57 ms f03-web02.nic.gov.sd (62.12.105.2)
  1127. #######################################################################################################################################
  1128. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:10 EST
  1129. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1130. Host is up.
  1131.  
  1132. PORT STATE SERVICE VERSION
  1133. 123/udp open|filtered ntp
  1134. Too many fingerprints match this host to give specific OS details
  1135.  
  1136. TRACEROUTE (using proto 1/icmp)
  1137. HOP RTT ADDRESS
  1138. 1 21.95 ms 10.244.200.1
  1139. 2 22.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1140. 3 36.50 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1141. 4 22.02 ms 82.102.29.44
  1142. 5 22.41 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1143. 6 22.38 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1144. 7 91.78 ms 154.54.44.165
  1145. 8 97.73 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1146. 9 98.92 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1147. 10 98.62 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1148. 11 99.65 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1149. 12 178.50 ms 185.153.20.70
  1150. 13 178.50 ms 185.153.20.82
  1151. 14 178.46 ms 185.153.20.94
  1152. 15 191.62 ms 185.153.20.153
  1153. 16 213.56 ms 212.0.131.109
  1154. 17 201.82 ms 196.202.137.249
  1155. 18 210.81 ms 196.202.145.94
  1156. 19 ... 30
  1157. #######################################################################################################################################
  1158. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:12 EST
  1159. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1160. Host is up (0.20s latency).
  1161.  
  1162. PORT STATE SERVICE VERSION
  1163. 161/tcp filtered snmp
  1164. 161/udp open|filtered snmp
  1165. Too many fingerprints match this host to give specific OS details
  1166.  
  1167. TRACEROUTE (using proto 1/icmp)
  1168. HOP RTT ADDRESS
  1169. 1 22.84 ms 10.244.200.1
  1170. 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1171. 3 44.46 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1172. 4 23.05 ms 82.102.29.44
  1173. 5 23.49 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1174. 6 23.27 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1175. 7 93.02 ms 154.54.44.165
  1176. 8 98.72 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1177. 9 100.12 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1178. 10 100.17 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1179. 11 99.48 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1180. 12 178.15 ms 185.153.20.70
  1181. 13 178.15 ms 185.153.20.82
  1182. 14 177.87 ms 185.153.20.94
  1183. 15 191.68 ms 185.153.20.153
  1184. 16 203.26 ms 212.0.131.109
  1185. 17 203.45 ms 196.202.137.249
  1186. 18 212.58 ms 196.202.145.94
  1187. 19 ... 30
  1188. #######################################################################################################################################
  1189. Version: 1.11.12-static
  1190. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1191.  
  1192. Connected to 62.12.105.2
  1193.  
  1194. Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
  1195.  
  1196. TLS Fallback SCSV:
  1197. Server supports TLS Fallback SCSV
  1198.  
  1199. TLS renegotiation:
  1200. Secure session renegotiation supported
  1201.  
  1202. TLS Compression:
  1203. Compression disabled
  1204.  
  1205. Heartbleed:
  1206. TLS 1.2 not vulnerable to heartbleed
  1207. TLS 1.1 not vulnerable to heartbleed
  1208. TLS 1.0 not vulnerable to heartbleed
  1209.  
  1210. Supported Server Cipher(s):
  1211. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1212. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1213. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1214. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1215. Accepted TLSv1.2 256 bits AES256-SHA256
  1216. Accepted TLSv1.2 256 bits AES256-SHA
  1217. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1218. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1219. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1220. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1221. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1222. Accepted TLSv1.2 128 bits AES128-SHA256
  1223. Accepted TLSv1.2 128 bits AES128-SHA
  1224. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1225. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1226. Accepted TLSv1.1 256 bits AES256-SHA
  1227. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1228. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1229. Accepted TLSv1.1 128 bits AES128-SHA
  1230. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1231. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1232. Accepted TLSv1.0 256 bits AES256-SHA
  1233. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1234. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1235. Accepted TLSv1.0 128 bits AES128-SHA
  1236. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1237.  
  1238. SSL Certificate:
  1239. Signature Algorithm: sha256WithRSAEncryption
  1240. RSA Key Strength: 2048
  1241.  
  1242. Subject: Plesk
  1243. Issuer: Plesk
  1244.  
  1245. Not valid before: Apr 20 02:40:27 2016 GMT
  1246. Not valid after: Apr 20 02:40:27 2017 GMT
  1247. ######################################################################################################################################
  1248. --------------------------------------------------------
  1249. <<<Yasuo discovered following vulnerable applications>>>
  1250. --------------------------------------------------------
  1251. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1252. | App Name | URL to Application | Potential Exploit | Username | Password |
  1253. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1254. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  1255. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1256. #######################################################################################################################################
  1257. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:20 EST
  1258. NSE: Loaded 148 scripts for scanning.
  1259. NSE: Script Pre-scanning.
  1260. NSE: Starting runlevel 1 (of 2) scan.
  1261. Initiating NSE at 12:20
  1262. Completed NSE at 12:20, 0.00s elapsed
  1263. NSE: Starting runlevel 2 (of 2) scan.
  1264. Initiating NSE at 12:20
  1265. Completed NSE at 12:20, 0.00s elapsed
  1266. Initiating Ping Scan at 12:20
  1267. Scanning 62.12.105.2 [4 ports]
  1268. Completed Ping Scan at 12:20, 0.24s elapsed (1 total hosts)
  1269. Initiating Parallel DNS resolution of 1 host. at 12:20
  1270. Completed Parallel DNS resolution of 1 host. at 12:20, 0.02s elapsed
  1271. Initiating Connect Scan at 12:20
  1272. Scanning f03-web02.nic.gov.sd (62.12.105.2) [1000 ports]
  1273. Discovered open port 143/tcp on 62.12.105.2
  1274. Discovered open port 993/tcp on 62.12.105.2
  1275. Discovered open port 995/tcp on 62.12.105.2
  1276. Discovered open port 110/tcp on 62.12.105.2
  1277. Discovered open port 21/tcp on 62.12.105.2
  1278. Discovered open port 80/tcp on 62.12.105.2
  1279. Discovered open port 443/tcp on 62.12.105.2
  1280. Discovered open port 8443/tcp on 62.12.105.2
  1281. Completed Connect Scan at 12:20, 14.11s elapsed (1000 total ports)
  1282. Initiating Service scan at 12:20
  1283. Scanning 8 services on f03-web02.nic.gov.sd (62.12.105.2)
  1284. Completed Service scan at 12:20, 14.41s elapsed (8 services on 1 host)
  1285. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1286. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1287. WARNING: OS didn't match until try #2
  1288. Initiating Traceroute at 12:20
  1289. Completed Traceroute at 12:20, 6.16s elapsed
  1290. Initiating Parallel DNS resolution of 18 hosts. at 12:20
  1291. Completed Parallel DNS resolution of 18 hosts. at 12:21, 16.51s elapsed
  1292. NSE: Script scanning 62.12.105.2.
  1293. NSE: Starting runlevel 1 (of 2) scan.
  1294. Initiating NSE at 12:21
  1295. NSE Timing: About 98.90% done; ETC: 12:21 (0:00:00 remaining)
  1296. NSE Timing: About 99.08% done; ETC: 12:22 (0:00:01 remaining)
  1297. NSE Timing: About 99.17% done; ETC: 12:22 (0:00:01 remaining)
  1298. NSE Timing: About 99.54% done; ETC: 12:23 (0:00:01 remaining)
  1299. Completed NSE at 12:23, 139.17s elapsed
  1300. NSE: Starting runlevel 2 (of 2) scan.
  1301. Initiating NSE at 12:23
  1302. Completed NSE at 12:23, 0.45s elapsed
  1303. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1304. Host is up, received syn-ack ttl 44 (0.15s latency).
  1305. Scanned at 2019-02-14 12:20:12 EST for 198s
  1306. Not shown: 988 filtered ports
  1307. Reason: 987 no-responses and 1 host-unreach
  1308. PORT STATE SERVICE REASON VERSION
  1309. 21/tcp open tcpwrapped syn-ack
  1310. 25/tcp closed smtp conn-refused
  1311. 80/tcp open http syn-ack nginx
  1312. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
  1313. | http-methods:
  1314. |_ Supported Methods: GET HEAD POST OPTIONS
  1315. |_http-server-header: nginx
  1316. |_http-title: Domain Default page
  1317. 110/tcp open pop3 syn-ack Dovecot pop3d
  1318. |_pop3-capabilities: UIDL USER APOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP AUTH-RESP-CODE STLS RESP-CODES PIPELINING CAPA
  1319. |_ssl-date: TLS randomness does not represent time
  1320. 113/tcp closed ident conn-refused
  1321. 139/tcp closed netbios-ssn conn-refused
  1322. 143/tcp open imap syn-ack Dovecot imapd
  1323. |_imap-capabilities: post-login AUTH=CRAM-MD5A0001 STARTTLS LITERAL+ IMAP4rev1 SASL-IR OK Pre-login AUTH=PLAIN listed have ID AUTH=LOGIN AUTH=DIGEST-MD5 more IDLE capabilities LOGIN-REFERRALS ENABLE
  1324. 443/tcp open ssl/http syn-ack nginx
  1325. | http-methods:
  1326. |_ Supported Methods: GET HEAD POST OPTIONS
  1327. |_http-server-header: nginx
  1328. |_http-title: Domain Default page
  1329. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/[email protected]/localityName=Seattle
  1330. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/[email protected]/localityName=Seattle
  1331. | Public Key type: rsa
  1332. | Public Key bits: 2048
  1333. | Signature Algorithm: sha256WithRSAEncryption
  1334. | Not valid before: 2016-04-20T02:40:27
  1335. | Not valid after: 2017-04-20T02:40:27
  1336. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1337. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1338. | -----BEGIN CERTIFICATE-----
  1339. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1340. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1341. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1342. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1343. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1344. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1345. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1346. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1347. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1348. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1349. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1350. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1351. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1352. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1353. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1354. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1355. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1356. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1357. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1358. |_-----END CERTIFICATE-----
  1359. |_ssl-date: TLS randomness does not represent time
  1360. | tls-alpn:
  1361. |_ http/1.1
  1362. | tls-nextprotoneg:
  1363. |_ http/1.1
  1364. 445/tcp closed microsoft-ds conn-refused
  1365. 993/tcp open ssl/imaps? syn-ack
  1366. |_ssl-date: TLS randomness does not represent time
  1367. 995/tcp open ssl/pop3s? syn-ack
  1368. |_ssl-date: TLS randomness does not represent time
  1369. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
  1370. | http-methods:
  1371. |_ Supported Methods: GET HEAD POST OPTIONS
  1372. |_http-server-header: sw-cp-server
  1373. |_http-title: Plesk Onyx 17.5.3
  1374. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/[email protected]/localityName=Seattle
  1375. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/[email protected]/localityName=Seattle
  1376. | Public Key type: rsa
  1377. | Public Key bits: 2048
  1378. | Signature Algorithm: sha256WithRSAEncryption
  1379. | Not valid before: 2016-04-20T02:40:27
  1380. | Not valid after: 2017-04-20T02:40:27
  1381. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1382. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1383. | -----BEGIN CERTIFICATE-----
  1384. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1385. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1386. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1387. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1388. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1389. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1390. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1391. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1392. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1393. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1394. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1395. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1396. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1397. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1398. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1399. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1400. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1401. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1402. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1403. |_-----END CERTIFICATE-----
  1404. |_ssl-date: TLS randomness does not represent time
  1405. | tls-nextprotoneg:
  1406. |_ http/1.1
  1407. Device type: general purpose
  1408. Running: Linux 2.6.X
  1409. OS CPE: cpe:/o:linux:linux_kernel:2.6
  1410. OS details: Linux 2.6.18 - 2.6.22
  1411. TCP/IP fingerprint:
  1412. OS:SCAN(V=7.70%E=4%D=2/14%OT=80%CT=25%CU=%PV=N%G=N%TM=5C65A412%P=x86_64-pc-
  1413. OS:linux-gnu)SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=Z%TS=A)SEQ(CI=Z)OPS(O1=M4B3ST
  1414. OS:11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4
  1415. OS:B3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%
  1416. OS:TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=A
  1417. OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD
  1418. OS:=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
  1419.  
  1420. Service Info: Host: fo3-web02.nic.gov.sd
  1421.  
  1422. TRACEROUTE (using proto 1/icmp)
  1423. HOP RTT ADDRESS
  1424. 1 26.30 ms 10.244.200.1
  1425. 2 53.08 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1426. 3 39.06 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1427. 4 26.50 ms 82.102.29.44
  1428. 5 27.12 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1429. 6 26.71 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1430. 7 96.33 ms 154.54.44.165
  1431. 8 102.00 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1432. 9 103.36 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1433. 10 103.44 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1434. 11 99.27 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1435. 12 177.88 ms 185.153.20.70
  1436. 13 179.65 ms 185.153.20.82
  1437. 14 177.90 ms 185.153.20.94
  1438. 15 203.23 ms 185.153.20.153
  1439. 16 206.77 ms 212.0.131.109
  1440. 17 200.98 ms 196.202.137.249
  1441. 18 212.37 ms 196.202.145.94
  1442. 19 ... 30
  1443.  
  1444. NSE: Script Post-scanning.
  1445. NSE: Starting runlevel 1 (of 2) scan.
  1446. Initiating NSE at 12:23
  1447. Completed NSE at 12:23, 0.00s elapsed
  1448. NSE: Starting runlevel 2 (of 2) scan.
  1449. Initiating NSE at 12:23
  1450. Completed NSE at 12:23, 0.00s elapsed
  1451. Read data files from: /usr/bin/../share/nmap
  1452. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1453. Nmap done: 1 IP address (1 host up) scanned in 199.27 seconds
  1454. Raw packets sent: 142 (10.432KB) | Rcvd: 50 (3.905KB)
  1455. #######################################################################################################################################
  1456. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:23 EST
  1457. NSE: Loaded 148 scripts for scanning.
  1458. NSE: Script Pre-scanning.
  1459. Initiating NSE at 12:23
  1460. Completed NSE at 12:23, 0.00s elapsed
  1461. Initiating NSE at 12:23
  1462. Completed NSE at 12:23, 0.00s elapsed
  1463. Initiating Parallel DNS resolution of 1 host. at 12:23
  1464. Completed Parallel DNS resolution of 1 host. at 12:23, 0.02s elapsed
  1465. Initiating UDP Scan at 12:23
  1466. Scanning f03-web02.nic.gov.sd (62.12.105.2) [14 ports]
  1467. Completed UDP Scan at 12:23, 1.24s elapsed (14 total ports)
  1468. Initiating Service scan at 12:23
  1469. Scanning 12 services on f03-web02.nic.gov.sd (62.12.105.2)
  1470. Service scan Timing: About 8.33% done; ETC: 12:43 (0:17:58 remaining)
  1471. Completed Service scan at 12:25, 102.59s elapsed (12 services on 1 host)
  1472. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1473. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1474. Initiating Traceroute at 12:25
  1475. Completed Traceroute at 12:25, 7.07s elapsed
  1476. Initiating Parallel DNS resolution of 1 host. at 12:25
  1477. Completed Parallel DNS resolution of 1 host. at 12:25, 0.03s elapsed
  1478. NSE: Script scanning 62.12.105.2.
  1479. Initiating NSE at 12:25
  1480. Completed NSE at 12:25, 20.31s elapsed
  1481. Initiating NSE at 12:25
  1482. Completed NSE at 12:25, 1.03s elapsed
  1483. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1484. Host is up (0.023s latency).
  1485.  
  1486. PORT STATE SERVICE VERSION
  1487. 53/udp open|filtered domain
  1488. 67/udp open|filtered dhcps
  1489. 68/udp open|filtered dhcpc
  1490. 69/udp open|filtered tftp
  1491. 88/udp open|filtered kerberos-sec
  1492. 123/udp open|filtered ntp
  1493. 137/udp filtered netbios-ns
  1494. 138/udp filtered netbios-dgm
  1495. 139/udp open|filtered netbios-ssn
  1496. 161/udp open|filtered snmp
  1497. 162/udp open|filtered snmptrap
  1498. 389/udp open|filtered ldap
  1499. 520/udp open|filtered route
  1500. 2049/udp open|filtered nfs
  1501. Too many fingerprints match this host to give specific OS details
  1502.  
  1503. TRACEROUTE (using port 137/udp)
  1504. HOP RTT ADDRESS
  1505. 1 22.69 ms 10.244.200.1
  1506. 2 ... 3
  1507. 4 23.28 ms 10.244.200.1
  1508. 5 26.82 ms 10.244.200.1
  1509. 6 26.81 ms 10.244.200.1
  1510. 7 26.80 ms 10.244.200.1
  1511. 8 26.79 ms 10.244.200.1
  1512. 9 26.78 ms 10.244.200.1
  1513. 10 26.79 ms 10.244.200.1
  1514. 11 ... 18
  1515. 19 22.20 ms 10.244.200.1
  1516. 20 22.83 ms 10.244.200.1
  1517. 21 21.92 ms 10.244.200.1
  1518. 22 ... 29
  1519. 30 21.18 ms 10.244.200.1
  1520.  
  1521. NSE: Script Post-scanning.
  1522. Initiating NSE at 12:25
  1523. Completed NSE at 12:25, 0.00s elapsed
  1524. Initiating NSE at 12:25
  1525. Completed NSE at 12:25, 0.00s elapsed
  1526. Read data files from: /usr/bin/../share/nmap
  1527. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1528. Nmap done: 1 IP address (1 host up) scanned in 135.43 seconds
  1529. Raw packets sent: 147 (13.614KB) | Rcvd: 29 (3.062KB)
  1530. #######################################################################################################################################
  1531. [+] URL: http://mocit.gov.sd/
  1532. [+] Effective URL: http://mocit.gov.sd/index.php/ar/
  1533. [+] Started: Thu Feb 14 11:04:56 2019
  1534.  
  1535. Interesting Finding(s):
  1536.  
  1537. [+] http://mocit.gov.sd/index.php/ar/
  1538. | Interesting Entry: X-Powered-By: PHP/5.3.29, PleskLin
  1539. | Found By: Headers (Passive Detection)
  1540. | Confidence: 100%
  1541.  
  1542. Fingerprinting the version - Time: 00:00:31 <=========> (350 / 350) 100.00% Time: 00:00:31
  1543. [+] WordPress version 3.9.1 identified (Insecure, released on 2014-05-08).
  1544. | Detected By: Plugin And Theme Query Parameter In Homepage (Passive Detection)
  1545. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/lofslidera560.css?ver=3.9.1
  1546. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/scrollbara560.css?ver=3.9.1
  1547. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/stylea560.css?ver=3.9.1
  1548. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/weather-font/weathera560.css?ver=3.9.1
  1549. |
  1550. | [!] 66 vulnerabilities identified:
  1551. |
  1552. | [!] Title: WordPress 3.9 & 3.9.1 Unlikely Code Execution
  1553. | Fixed in: 3.9.2
  1554. | References:
  1555. | - https://wpvulndb.com/vulnerabilities/7527
  1556. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5203
  1557. | - https://core.trac.wordpress.org/changeset/29389
  1558. |
  1559. | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  1560. | Fixed in: 3.9.2
  1561. | References:
  1562. | - https://wpvulndb.com/vulnerabilities/7528
  1563. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  1564. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  1565. | - https://core.trac.wordpress.org/changeset/29384
  1566. | - https://core.trac.wordpress.org/changeset/29408
  1567. |
  1568. | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  1569. | Fixed in: 3.9.2
  1570. | References:
  1571. | - https://wpvulndb.com/vulnerabilities/7529
  1572. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  1573. | - https://core.trac.wordpress.org/changeset/29398
  1574. |
  1575. | [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
  1576. | Fixed in: 3.9.2
  1577. | References:
  1578. | - https://wpvulndb.com/vulnerabilities/7530
  1579. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
  1580. | - https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
  1581. | - http://getid3.sourceforge.net/
  1582. | - http://wordpress.org/news/2014/08/wordpress-3-9-2/
  1583. | - http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
  1584. | - https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
  1585. |
  1586. | [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  1587. | Fixed in: 4.0
  1588. | References:
  1589. | - https://wpvulndb.com/vulnerabilities/7531
  1590. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  1591. | - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  1592. | - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-to-get-full-compromise-on-wordpress-sites/
  1593. |
  1594. | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  1595. | Fixed in: 4.0
  1596. | References:
  1597. | - https://wpvulndb.com/vulnerabilities/7680
  1598. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  1599. | - http://klikki.fi/adv/wordpress.html
  1600. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  1601. | - http://klikki.fi/adv/wordpress_update.html
  1602. |
  1603. | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  1604. | Fixed in: 4.0.1
  1605. | References:
  1606. | - https://wpvulndb.com/vulnerabilities/7681
  1607. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  1608. | - https://www.exploit-db.com/exploits/35413/
  1609. | - https://www.exploit-db.com/exploits/35414/
  1610. | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  1611. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  1612. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  1613. |
  1614. | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  1615. | Fixed in: 4.0.1
  1616. | References:
  1617. | - https://wpvulndb.com/vulnerabilities/7696
  1618. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  1619. | - http://www.securityfocus.com/bid/71234/
  1620. | - https://core.trac.wordpress.org/changeset/30444
  1621. |
  1622. | [!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
  1623. | Fixed in: 4.0.1
  1624. | References:
  1625. | - https://wpvulndb.com/vulnerabilities/7697
  1626. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032
  1627. | - https://core.trac.wordpress.org/changeset/30422
  1628. |
  1629. | [!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  1630. | Fixed in: 4.1.2
  1631. | References:
  1632. | - https://wpvulndb.com/vulnerabilities/7929
  1633. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  1634. | - https://wordpress.org/news/2015/04/wordpress-4-1-2/
  1635. | - https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
  1636. |
  1637. | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  1638. | Fixed in: 3.9.7
  1639. | References:
  1640. | - https://wpvulndb.com/vulnerabilities/8111
  1641. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  1642. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  1643. | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
  1644. | - https://twitter.com/klikkioy/status/624264122570526720
  1645. | - https://klikki.fi/adv/wordpress3.html
  1646. |
  1647. | [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  1648. | Fixed in: 3.9.8
  1649. | References:
  1650. | - https://wpvulndb.com/vulnerabilities/8126
  1651. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  1652. | - https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  1653. |
  1654. | [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  1655. | Fixed in: 3.9.8
  1656. | References:
  1657. | - https://wpvulndb.com/vulnerabilities/8130
  1658. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  1659. | - https://core.trac.wordpress.org/changeset/33536
  1660. |
  1661. | [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  1662. | Fixed in: 3.9.8
  1663. | References:
  1664. | - https://wpvulndb.com/vulnerabilities/8131
  1665. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  1666. | - https://core.trac.wordpress.org/changeset/33529
  1667. |
  1668. | [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  1669. | Fixed in: 3.9.8
  1670. | References:
  1671. | - https://wpvulndb.com/vulnerabilities/8132
  1672. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  1673. | - https://core.trac.wordpress.org/changeset/33541
  1674. |
  1675. | [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  1676. | Fixed in: 3.9.8
  1677. | References:
  1678. | - https://wpvulndb.com/vulnerabilities/8133
  1679. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  1680. | - https://core.trac.wordpress.org/changeset/33549
  1681. | - https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  1682. |
  1683. | [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  1684. | Fixed in: 3.9.9
  1685. | References:
  1686. | - https://wpvulndb.com/vulnerabilities/8186
  1687. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  1688. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  1689. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  1690. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  1691. |
  1692. | [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  1693. | Fixed in: 3.9.9
  1694. | References:
  1695. | - https://wpvulndb.com/vulnerabilities/8187
  1696. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  1697. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  1698. | - https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  1699. |
  1700. | [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  1701. | Fixed in: 3.9.9
  1702. | References:
  1703. | - https://wpvulndb.com/vulnerabilities/8188
  1704. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  1705. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  1706. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  1707. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  1708. |
  1709. | [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  1710. | Fixed in: 3.9.10
  1711. | References:
  1712. | - https://wpvulndb.com/vulnerabilities/8358
  1713. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  1714. | - https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  1715. | - https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  1716. |
  1717. | [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  1718. | Fixed in: 3.9.11
  1719. | References:
  1720. | - https://wpvulndb.com/vulnerabilities/8376
  1721. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  1722. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  1723. | - https://core.trac.wordpress.org/changeset/36435
  1724. | - https://hackerone.com/reports/110801
  1725. |
  1726. | [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  1727. | Fixed in: 3.9.11
  1728. | References:
  1729. | - https://wpvulndb.com/vulnerabilities/8377
  1730. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  1731. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  1732. | - https://core.trac.wordpress.org/changeset/36444
  1733. |
  1734. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  1735. | Fixed in: 4.5
  1736. | References:
  1737. | - https://wpvulndb.com/vulnerabilities/8473
  1738. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  1739. | - https://codex.wordpress.org/Version_4.5
  1740. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  1741. |
  1742. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  1743. | Fixed in: 4.5
  1744. | References:
  1745. | - https://wpvulndb.com/vulnerabilities/8474
  1746. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  1747. | - https://codex.wordpress.org/Version_4.5
  1748. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  1749. |
  1750. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  1751. | Fixed in: 4.5
  1752. | References:
  1753. | - https://wpvulndb.com/vulnerabilities/8475
  1754. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  1755. | - https://codex.wordpress.org/Version_4.5
  1756. |
  1757. | [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  1758. | Fixed in: 3.9.12
  1759. | References:
  1760. | - https://wpvulndb.com/vulnerabilities/8489
  1761. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  1762. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  1763. | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  1764. | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  1765. |
  1766. | [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  1767. | Fixed in: 3.9.13
  1768. | References:
  1769. | - https://wpvulndb.com/vulnerabilities/8519
  1770. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  1771. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  1772. | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  1773. | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  1774. |
  1775. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  1776. | Fixed in: 3.9.13
  1777. | References:
  1778. | - https://wpvulndb.com/vulnerabilities/8520
  1779. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  1780. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  1781. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  1782. |
  1783. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  1784. | Fixed in: 3.9.14
  1785. | References:
  1786. | - https://wpvulndb.com/vulnerabilities/8615
  1787. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  1788. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  1789. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  1790. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  1791. | - http://seclists.org/fulldisclosure/2016/Sep/6
  1792. |
  1793. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  1794. | Fixed in: 3.9.14
  1795. | References:
  1796. | - https://wpvulndb.com/vulnerabilities/8616
  1797. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  1798. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  1799. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  1800. |
  1801. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  1802. | Fixed in: 3.9.15
  1803. | References:
  1804. | - https://wpvulndb.com/vulnerabilities/8716
  1805. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  1806. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  1807. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1808. |
  1809. | [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  1810. | Fixed in: 3.9.15
  1811. | References:
  1812. | - https://wpvulndb.com/vulnerabilities/8718
  1813. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  1814. | - https://www.mehmetince.net/low-severity-wordpress/
  1815. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1816. | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  1817. |
  1818. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  1819. | Fixed in: 3.9.15
  1820. | References:
  1821. | - https://wpvulndb.com/vulnerabilities/8719
  1822. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  1823. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  1824. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1825. |
  1826. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  1827. | Fixed in: 3.9.15
  1828. | References:
  1829. | - https://wpvulndb.com/vulnerabilities/8720
  1830. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  1831. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  1832. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1833. |
  1834. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  1835. | Fixed in: 3.9.15
  1836. | References:
  1837. | - https://wpvulndb.com/vulnerabilities/8721
  1838. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  1839. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  1840. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1841. |
  1842. | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  1843. | Fixed in: 3.9.16
  1844. | References:
  1845. | - https://wpvulndb.com/vulnerabilities/8730
  1846. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  1847. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  1848. | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  1849. |
  1850. | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  1851. | Fixed in: 3.9.17
  1852. | References:
  1853. | - https://wpvulndb.com/vulnerabilities/8765
  1854. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  1855. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  1856. | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  1857. | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  1858. | - http://seclists.org/oss-sec/2017/q1/563
  1859. |
  1860. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  1861. | Fixed in: 3.9.17
  1862. | References:
  1863. | - https://wpvulndb.com/vulnerabilities/8766
  1864. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  1865. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  1866. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  1867. |
  1868. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  1869. | References:
  1870. | - https://wpvulndb.com/vulnerabilities/8807
  1871. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  1872. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  1873. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  1874. | - https://core.trac.wordpress.org/ticket/25239
  1875. |
  1876. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  1877. | Fixed in: 3.9.19
  1878. | References:
  1879. | - https://wpvulndb.com/vulnerabilities/8815
  1880. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  1881. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  1882. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1883. |
  1884. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  1885. | Fixed in: 3.9.19
  1886. | References:
  1887. | - https://wpvulndb.com/vulnerabilities/8816
  1888. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  1889. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1890. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  1891. |
  1892. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  1893. | Fixed in: 3.9.19
  1894. | References:
  1895. | - https://wpvulndb.com/vulnerabilities/8817
  1896. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  1897. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1898. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  1899. |
  1900. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  1901. | Fixed in: 3.9.19
  1902. | References:
  1903. | - https://wpvulndb.com/vulnerabilities/8818
  1904. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  1905. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1906. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  1907. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  1908. |
  1909. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  1910. | Fixed in: 3.9.19
  1911. | References:
  1912. | - https://wpvulndb.com/vulnerabilities/8819
  1913. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  1914. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1915. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  1916. | - https://hackerone.com/reports/203515
  1917. | - https://hackerone.com/reports/203515
  1918. |
  1919. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  1920. | Fixed in: 3.9.19
  1921. | References:
  1922. | - https://wpvulndb.com/vulnerabilities/8820
  1923. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  1924. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1925. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  1926. |
  1927. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  1928. | Fixed in: 3.9.20
  1929. | References:
  1930. | - https://wpvulndb.com/vulnerabilities/8905
  1931. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1932. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  1933. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  1934. |
  1935. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  1936. | Fixed in: 4.7.5
  1937. | References:
  1938. | - https://wpvulndb.com/vulnerabilities/8906
  1939. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  1940. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1941. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  1942. | - https://wpvulndb.com/vulnerabilities/8905
  1943. |
  1944. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  1945. | Fixed in: 3.9.20
  1946. | References:
  1947. | - https://wpvulndb.com/vulnerabilities/8910
  1948. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  1949. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1950. | - https://core.trac.wordpress.org/changeset/41398
  1951. |
  1952. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  1953. | Fixed in: 3.9.20
  1954. | References:
  1955. | - https://wpvulndb.com/vulnerabilities/8911
  1956. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  1957. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1958. | - https://core.trac.wordpress.org/changeset/41457
  1959. |
  1960. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  1961. | Fixed in: 3.9.21
  1962. | References:
  1963. | - https://wpvulndb.com/vulnerabilities/8941
  1964. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  1965. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  1966. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  1967. | - https://twitter.com/ircmaxell/status/923662170092638208
  1968. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  1969. |
  1970. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  1971. | Fixed in: 3.9.22
  1972. | References:
  1973. | - https://wpvulndb.com/vulnerabilities/8966
  1974. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  1975. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  1976. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  1977. |
  1978. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  1979. | Fixed in: 3.9.22
  1980. | References:
  1981. | - https://wpvulndb.com/vulnerabilities/8967
  1982. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  1983. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  1984. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  1985. |
  1986. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  1987. | Fixed in: 3.9.22
  1988. | References:
  1989. | - https://wpvulndb.com/vulnerabilities/8969
  1990. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  1991. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  1992. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  1993. |
  1994. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  1995. | Fixed in: 3.9.23
  1996. | References:
  1997. | - https://wpvulndb.com/vulnerabilities/9006
  1998. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  1999. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  2000. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  2001. | - https://core.trac.wordpress.org/ticket/42720
  2002. |
  2003. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  2004. | References:
  2005. | - https://wpvulndb.com/vulnerabilities/9021
  2006. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  2007. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  2008. | - https://github.com/quitten/doser.py
  2009. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  2010. |
  2011. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  2012. | Fixed in: 3.9.24
  2013. | References:
  2014. | - https://wpvulndb.com/vulnerabilities/9053
  2015. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  2016. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2017. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  2018. |
  2019. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  2020. | Fixed in: 3.9.24
  2021. | References:
  2022. | - https://wpvulndb.com/vulnerabilities/9054
  2023. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  2024. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2025. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  2026. |
  2027. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  2028. | Fixed in: 3.9.24
  2029. | References:
  2030. | - https://wpvulndb.com/vulnerabilities/9055
  2031. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  2032. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2033. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  2034. |
  2035. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  2036. | Fixed in: 3.9.25
  2037. | References:
  2038. | - https://wpvulndb.com/vulnerabilities/9100
  2039. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  2040. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  2041. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  2042. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  2043. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  2044. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  2045. |
  2046. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  2047. | Fixed in: 3.9.26
  2048. | References:
  2049. | - https://wpvulndb.com/vulnerabilities/9169
  2050. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  2051. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2052. |
  2053. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  2054. | Fixed in: 3.9.26
  2055. | References:
  2056. | - https://wpvulndb.com/vulnerabilities/9170
  2057. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  2058. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2059. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  2060. |
  2061. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  2062. | Fixed in: 3.9.26
  2063. | References:
  2064. | - https://wpvulndb.com/vulnerabilities/9171
  2065. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  2066. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2067. |
  2068. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  2069. | Fixed in: 3.9.26
  2070. | References:
  2071. | - https://wpvulndb.com/vulnerabilities/9172
  2072. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  2073. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2074. |
  2075. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  2076. | Fixed in: 3.9.26
  2077. | References:
  2078. | - https://wpvulndb.com/vulnerabilities/9173
  2079. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  2080. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2081. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  2082. |
  2083. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  2084. | Fixed in: 3.9.26
  2085. | References:
  2086. | - https://wpvulndb.com/vulnerabilities/9174
  2087. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  2088. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2089. |
  2090. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  2091. | Fixed in: 3.9.26
  2092. | References:
  2093. | - https://wpvulndb.com/vulnerabilities/9175
  2094. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  2095. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2096. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  2097.  
  2098. [+] WordPress theme in use: asssd
  2099. | Location: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/
  2100. | Style URL: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/style.css
  2101. |
  2102. | Detected By: Urls In Homepage (Passive Detection)
  2103. |
  2104. | The version could not be determined.
  2105.  
  2106. [+] Enumerating Users (via Passive and Aggressive Methods)
  2107. Brute Forcing Author IDs - Time: 00:00:05 <============> (10 / 10) 100.00% Time: 00:00:05
  2108.  
  2109. [i] No Users Found.
  2110.  
  2111. [+] Finished: Thu Feb 14 11:05:54 2019
  2112. [+] Requests Done: 408
  2113. [+] Cached Requests: 9
  2114. [+] Data Sent: 259.038 KB
  2115. [+] Data Received: 1.077 MB
  2116. [+] Memory used: 15.758 MB
  2117. [+] Elapsed time: 00:00:57
  2118. #######################################################################################################################################
  2119. [+] URL: http://mocit.gov.sd/
  2120. [+] Effective URL: http://mocit.gov.sd/index.php/ar/
  2121. [+] Started: Thu Feb 14 10:50:16 2019
  2122.  
  2123. Interesting Finding(s):
  2124.  
  2125. [+] http://mocit.gov.sd/index.php/ar/
  2126. | Interesting Entry: X-Powered-By: PHP/5.3.29, PleskLin
  2127. | Found By: Headers (Passive Detection)
  2128. | Confidence: 100%
  2129.  
  2130. Fingerprinting the version - Time: 00:00:30 <=========> (350 / 350) 100.00% Time: 00:00:30
  2131. [+] WordPress version 3.9.1 identified (Insecure, released on 2014-05-08).
  2132. | Detected By: Plugin And Theme Query Parameter In Homepage (Passive Detection)
  2133. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/lofslidera560.css?ver=3.9.1
  2134. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/scrollbara560.css?ver=3.9.1
  2135. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/stylea560.css?ver=3.9.1
  2136. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/weather-font/weathera560.css?ver=3.9.1
  2137. |
  2138. | [!] 66 vulnerabilities identified:
  2139. |
  2140. | [!] Title: WordPress 3.9 & 3.9.1 Unlikely Code Execution
  2141. | Fixed in: 3.9.2
  2142. | References:
  2143. | - https://wpvulndb.com/vulnerabilities/7527
  2144. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5203
  2145. | - https://core.trac.wordpress.org/changeset/29389
  2146. |
  2147. | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  2148. | Fixed in: 3.9.2
  2149. | References:
  2150. | - https://wpvulndb.com/vulnerabilities/7528
  2151. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  2152. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  2153. | - https://core.trac.wordpress.org/changeset/29384
  2154. | - https://core.trac.wordpress.org/changeset/29408
  2155. |
  2156. | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  2157. | Fixed in: 3.9.2
  2158. | References:
  2159. | - https://wpvulndb.com/vulnerabilities/7529
  2160. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  2161. | - https://core.trac.wordpress.org/changeset/29398
  2162. |
  2163. | [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
  2164. | Fixed in: 3.9.2
  2165. | References:
  2166. | - https://wpvulndb.com/vulnerabilities/7530
  2167. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
  2168. | - https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
  2169. | - http://getid3.sourceforge.net/
  2170. | - http://wordpress.org/news/2014/08/wordpress-3-9-2/
  2171. | - http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
  2172. | - https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
  2173. |
  2174. | [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  2175. | Fixed in: 4.0
  2176. | References:
  2177. | - https://wpvulndb.com/vulnerabilities/7531
  2178. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  2179. | - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  2180. | - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-to-get-full-compromise-on-wordpress-sites/
  2181. |
  2182. | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2183. | Fixed in: 4.0
  2184. | References:
  2185. | - https://wpvulndb.com/vulnerabilities/7680
  2186. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  2187. | - http://klikki.fi/adv/wordpress.html
  2188. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2189. | - http://klikki.fi/adv/wordpress_update.html
  2190. |
  2191. | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  2192. | Fixed in: 4.0.1
  2193. | References:
  2194. | - https://wpvulndb.com/vulnerabilities/7681
  2195. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  2196. | - https://www.exploit-db.com/exploits/35413/
  2197. | - https://www.exploit-db.com/exploits/35414/
  2198. | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  2199. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2200. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  2201. |
  2202. | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  2203. | Fixed in: 4.0.1
  2204. | References:
  2205. | - https://wpvulndb.com/vulnerabilities/7696
  2206. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  2207. | - http://www.securityfocus.com/bid/71234/
  2208. | - https://core.trac.wordpress.org/changeset/30444
  2209. |
  2210. | [!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
  2211. | Fixed in: 4.0.1
  2212. | References:
  2213. | - https://wpvulndb.com/vulnerabilities/7697
  2214. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032
  2215. | - https://core.trac.wordpress.org/changeset/30422
  2216. |
  2217. | [!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2218. | Fixed in: 4.1.2
  2219. | References:
  2220. | - https://wpvulndb.com/vulnerabilities/7929
  2221. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  2222. | - https://wordpress.org/news/2015/04/wordpress-4-1-2/
  2223. | - https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
  2224. |
  2225. | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  2226. | Fixed in: 3.9.7
  2227. | References:
  2228. | - https://wpvulndb.com/vulnerabilities/8111
  2229. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  2230. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  2231. | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
  2232. | - https://twitter.com/klikkioy/status/624264122570526720
  2233. | - https://klikki.fi/adv/wordpress3.html
  2234. |
  2235. | [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  2236. | Fixed in: 3.9.8
  2237. | References:
  2238. | - https://wpvulndb.com/vulnerabilities/8126
  2239. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  2240. | - https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  2241. |
  2242. | [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  2243. | Fixed in: 3.9.8
  2244. | References:
  2245. | - https://wpvulndb.com/vulnerabilities/8130
  2246. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  2247. | - https://core.trac.wordpress.org/changeset/33536
  2248. |
  2249. | [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  2250. | Fixed in: 3.9.8
  2251. | References:
  2252. | - https://wpvulndb.com/vulnerabilities/8131
  2253. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  2254. | - https://core.trac.wordpress.org/changeset/33529
  2255. |
  2256. | [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  2257. | Fixed in: 3.9.8
  2258. | References:
  2259. | - https://wpvulndb.com/vulnerabilities/8132
  2260. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  2261. | - https://core.trac.wordpress.org/changeset/33541
  2262. |
  2263. | [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  2264. | Fixed in: 3.9.8
  2265. | References:
  2266. | - https://wpvulndb.com/vulnerabilities/8133
  2267. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  2268. | - https://core.trac.wordpress.org/changeset/33549
  2269. | - https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  2270. |
  2271. | [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  2272. | Fixed in: 3.9.9
  2273. | References:
  2274. | - https://wpvulndb.com/vulnerabilities/8186
  2275. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  2276. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2277. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2278. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2279. |
  2280. | [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  2281. | Fixed in: 3.9.9
  2282. | References:
  2283. | - https://wpvulndb.com/vulnerabilities/8187
  2284. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  2285. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2286. | - https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  2287. |
  2288. | [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  2289. | Fixed in: 3.9.9
  2290. | References:
  2291. | - https://wpvulndb.com/vulnerabilities/8188
  2292. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  2293. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2294. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2295. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2296. |
  2297. | [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  2298. | Fixed in: 3.9.10
  2299. | References:
  2300. | - https://wpvulndb.com/vulnerabilities/8358
  2301. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  2302. | - https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  2303. | - https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  2304. |
  2305. | [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  2306. | Fixed in: 3.9.11
  2307. | References:
  2308. | - https://wpvulndb.com/vulnerabilities/8376
  2309. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  2310. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2311. | - https://core.trac.wordpress.org/changeset/36435
  2312. | - https://hackerone.com/reports/110801
  2313. |
  2314. | [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  2315. | Fixed in: 3.9.11
  2316. | References:
  2317. | - https://wpvulndb.com/vulnerabilities/8377
  2318. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  2319. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2320. | - https://core.trac.wordpress.org/changeset/36444
  2321. |
  2322. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  2323. | Fixed in: 4.5
  2324. | References:
  2325. | - https://wpvulndb.com/vulnerabilities/8473
  2326. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  2327. | - https://codex.wordpress.org/Version_4.5
  2328. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  2329. |
  2330. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  2331. | Fixed in: 4.5
  2332. | References:
  2333. | - https://wpvulndb.com/vulnerabilities/8474
  2334. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  2335. | - https://codex.wordpress.org/Version_4.5
  2336. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  2337. |
  2338. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  2339. | Fixed in: 4.5
  2340. | References:
  2341. | - https://wpvulndb.com/vulnerabilities/8475
  2342. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  2343. | - https://codex.wordpress.org/Version_4.5
  2344. |
  2345. | [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  2346. | Fixed in: 3.9.12
  2347. | References:
  2348. | - https://wpvulndb.com/vulnerabilities/8489
  2349. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  2350. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  2351. | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  2352. | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  2353. |
  2354. | [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  2355. | Fixed in: 3.9.13
  2356. | References:
  2357. | - https://wpvulndb.com/vulnerabilities/8519
  2358. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  2359. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2360. | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  2361. | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  2362. |
  2363. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  2364. | Fixed in: 3.9.13
  2365. | References:
  2366. | - https://wpvulndb.com/vulnerabilities/8520
  2367. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  2368. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2369. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  2370. |
  2371. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  2372. | Fixed in: 3.9.14
  2373. | References:
  2374. | - https://wpvulndb.com/vulnerabilities/8615
  2375. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  2376. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2377. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  2378. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  2379. | - http://seclists.org/fulldisclosure/2016/Sep/6
  2380. |
  2381. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  2382. | Fixed in: 3.9.14
  2383. | References:
  2384. | - https://wpvulndb.com/vulnerabilities/8616
  2385. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  2386. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2387. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  2388. |
  2389. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  2390. | Fixed in: 3.9.15
  2391. | References:
  2392. | - https://wpvulndb.com/vulnerabilities/8716
  2393. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  2394. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  2395. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2396. |
  2397. | [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  2398. | Fixed in: 3.9.15
  2399. | References:
  2400. | - https://wpvulndb.com/vulnerabilities/8718
  2401. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  2402. | - https://www.mehmetince.net/low-severity-wordpress/
  2403. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2404. | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  2405. |
  2406. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  2407. | Fixed in: 3.9.15
  2408. | References:
  2409. | - https://wpvulndb.com/vulnerabilities/8719
  2410. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  2411. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  2412. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2413. |
  2414. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  2415. | Fixed in: 3.9.15
  2416. | References:
  2417. | - https://wpvulndb.com/vulnerabilities/8720
  2418. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  2419. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  2420. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2421. |
  2422. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  2423. | Fixed in: 3.9.15
  2424. | References:
  2425. | - https://wpvulndb.com/vulnerabilities/8721
  2426. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  2427. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  2428. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2429. |
  2430. | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  2431. | Fixed in: 3.9.16
  2432. | References:
  2433. | - https://wpvulndb.com/vulnerabilities/8730
  2434. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  2435. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  2436. | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  2437. |
  2438. | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  2439. | Fixed in: 3.9.17
  2440. | References:
  2441. | - https://wpvulndb.com/vulnerabilities/8765
  2442. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  2443. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  2444. | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  2445. | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  2446. | - http://seclists.org/oss-sec/2017/q1/563
  2447. |
  2448. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  2449. | Fixed in: 3.9.17
  2450. | References:
  2451. | - https://wpvulndb.com/vulnerabilities/8766
  2452. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  2453. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  2454. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  2455. |
  2456. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  2457. | References:
  2458. | - https://wpvulndb.com/vulnerabilities/8807
  2459. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  2460. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  2461. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  2462. | - https://core.trac.wordpress.org/ticket/25239
  2463. |
  2464. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  2465. | Fixed in: 3.9.19
  2466. | References:
  2467. | - https://wpvulndb.com/vulnerabilities/8815
  2468. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  2469. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  2470. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2471. |
  2472. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  2473. | Fixed in: 3.9.19
  2474. | References:
  2475. | - https://wpvulndb.com/vulnerabilities/8816
  2476. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  2477. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2478. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  2479. |
  2480. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  2481. | Fixed in: 3.9.19
  2482. | References:
  2483. | - https://wpvulndb.com/vulnerabilities/8817
  2484. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  2485. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2486. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  2487. |
  2488. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  2489. | Fixed in: 3.9.19
  2490. | References:
  2491. | - https://wpvulndb.com/vulnerabilities/8818
  2492. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  2493. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2494. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  2495. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  2496. |
  2497. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  2498. | Fixed in: 3.9.19
  2499. | References:
  2500. | - https://wpvulndb.com/vulnerabilities/8819
  2501. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  2502. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2503. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  2504. | - https://hackerone.com/reports/203515
  2505. | - https://hackerone.com/reports/203515
  2506. |
  2507. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  2508. | Fixed in: 3.9.19
  2509. | References:
  2510. | - https://wpvulndb.com/vulnerabilities/8820
  2511. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  2512. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2513. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  2514. |
  2515. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  2516. | Fixed in: 3.9.20
  2517. | References:
  2518. | - https://wpvulndb.com/vulnerabilities/8905
  2519. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2520. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  2521. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  2522. |
  2523. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  2524. | Fixed in: 4.7.5
  2525. | References:
  2526. | - https://wpvulndb.com/vulnerabilities/8906
  2527. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  2528. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2529. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  2530. | - https://wpvulndb.com/vulnerabilities/8905
  2531. |
  2532. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  2533. | Fixed in: 3.9.20
  2534. | References:
  2535. | - https://wpvulndb.com/vulnerabilities/8910
  2536. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  2537. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2538. | - https://core.trac.wordpress.org/changeset/41398
  2539. |
  2540. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  2541. | Fixed in: 3.9.20
  2542. | References:
  2543. | - https://wpvulndb.com/vulnerabilities/8911
  2544. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  2545. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2546. | - https://core.trac.wordpress.org/changeset/41457
  2547. |
  2548. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  2549. | Fixed in: 3.9.21
  2550. | References:
  2551. | - https://wpvulndb.com/vulnerabilities/8941
  2552. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  2553. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  2554. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  2555. | - https://twitter.com/ircmaxell/status/923662170092638208
  2556. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  2557. |
  2558. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  2559. | Fixed in: 3.9.22
  2560. | References:
  2561. | - https://wpvulndb.com/vulnerabilities/8966
  2562. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  2563. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  2564. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  2565. |
  2566. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  2567. | Fixed in: 3.9.22
  2568. | References:
  2569. | - https://wpvulndb.com/vulnerabilities/8967
  2570. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  2571. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  2572. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  2573. |
  2574. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  2575. | Fixed in: 3.9.22
  2576. | References:
  2577. | - https://wpvulndb.com/vulnerabilities/8969
  2578. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  2579. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  2580. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  2581. |
  2582. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  2583. | Fixed in: 3.9.23
  2584. | References:
  2585. | - https://wpvulndb.com/vulnerabilities/9006
  2586. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  2587. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  2588. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  2589. | - https://core.trac.wordpress.org/ticket/42720
  2590. |
  2591. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  2592. | References:
  2593. | - https://wpvulndb.com/vulnerabilities/9021
  2594. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  2595. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  2596. | - https://github.com/quitten/doser.py
  2597. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  2598. |
  2599. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  2600. | Fixed in: 3.9.24
  2601. | References:
  2602. | - https://wpvulndb.com/vulnerabilities/9053
  2603. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  2604. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2605. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  2606. |
  2607. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  2608. | Fixed in: 3.9.24
  2609. | References:
  2610. | - https://wpvulndb.com/vulnerabilities/9054
  2611. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  2612. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2613. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  2614. |
  2615. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  2616. | Fixed in: 3.9.24
  2617. | References:
  2618. | - https://wpvulndb.com/vulnerabilities/9055
  2619. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  2620. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2621. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  2622. |
  2623. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  2624. | Fixed in: 3.9.25
  2625. | References:
  2626. | - https://wpvulndb.com/vulnerabilities/9100
  2627. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  2628. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  2629. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  2630. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  2631. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  2632. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  2633. |
  2634. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  2635. | Fixed in: 3.9.26
  2636. | References:
  2637. | - https://wpvulndb.com/vulnerabilities/9169
  2638. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  2639. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2640. |
  2641. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  2642. | Fixed in: 3.9.26
  2643. | References:
  2644. | - https://wpvulndb.com/vulnerabilities/9170
  2645. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  2646. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2647. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  2648. |
  2649. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  2650. | Fixed in: 3.9.26
  2651. | References:
  2652. | - https://wpvulndb.com/vulnerabilities/9171
  2653. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  2654. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2655. |
  2656. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  2657. | Fixed in: 3.9.26
  2658. | References:
  2659. | - https://wpvulndb.com/vulnerabilities/9172
  2660. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  2661. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2662. |
  2663. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  2664. | Fixed in: 3.9.26
  2665. | References:
  2666. | - https://wpvulndb.com/vulnerabilities/9173
  2667. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  2668. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2669. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  2670. |
  2671. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  2672. | Fixed in: 3.9.26
  2673. | References:
  2674. | - https://wpvulndb.com/vulnerabilities/9174
  2675. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  2676. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2677. |
  2678. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  2679. | Fixed in: 3.9.26
  2680. | References:
  2681. | - https://wpvulndb.com/vulnerabilities/9175
  2682. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  2683. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2684. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  2685.  
  2686. [+] WordPress theme in use: asssd
  2687. | Location: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/
  2688. | Style URL: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/style.css
  2689. |
  2690. | Detected By: Urls In Homepage (Passive Detection)
  2691. |
  2692. | The version could not be determined.
  2693.  
  2694. [+] Enumerating All Plugins (via Passive Methods)
  2695.  
  2696. [i] No plugins Found.
  2697.  
  2698. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
  2699. Checking Config Backups - Time: 00:00:02 <=============> (21 / 21) 100.00% Time: 00:00:02
  2700.  
  2701. [i] No Config Backups Found.
  2702.  
  2703. [+] Finished: Thu Feb 14 10:51:10 2019
  2704. [+] Requests Done: 416
  2705. [+] Cached Requests: 5
  2706. [+] Data Sent: 257.474 KB
  2707. [+] Data Received: 596.052 KB
  2708. [+] Memory used: 77.254 MB
  2709. [+] Elapsed time: 00:00:53
  2710. #######################################################################################################################################
  2711. [+] URL: http://mocit.gov.sd/
  2712. [+] Effective URL: http://mocit.gov.sd/index.php/ar/
  2713. [+] Started: Thu Feb 14 10:52:48 2019
  2714.  
  2715. Interesting Finding(s):
  2716.  
  2717. [+] http://mocit.gov.sd/index.php/ar/
  2718. | Interesting Entry: X-Powered-By: PHP/5.3.29, PleskLin
  2719. | Found By: Headers (Passive Detection)
  2720. | Confidence: 100%
  2721.  
  2722. Fingerprinting the version - Time: 00:00:00 <> (350 / 350) 100.00% Time: 00:00:00
  2723. [+] WordPress version 3.9.1 identified (Insecure, released on 2014-05-08).
  2724. | Detected By: Plugin And Theme Query Parameter In Homepage (Passive Detection)
  2725. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/lofslidera560.css?ver=3.9.1
  2726. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/scrollbara560.css?ver=3.9.1
  2727. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/stylea560.css?ver=3.9.1
  2728. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/weather-font/weathera560.css?ver=3.9.1
  2729. |
  2730. | [!] 66 vulnerabilities identified:
  2731. |
  2732. | [!] Title: WordPress 3.9 & 3.9.1 Unlikely Code Execution
  2733. | Fixed in: 3.9.2
  2734. | References:
  2735. | - https://wpvulndb.com/vulnerabilities/7527
  2736. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5203
  2737. | - https://core.trac.wordpress.org/changeset/29389
  2738. |
  2739. | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  2740. | Fixed in: 3.9.2
  2741. | References:
  2742. | - https://wpvulndb.com/vulnerabilities/7528
  2743. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  2744. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  2745. | - https://core.trac.wordpress.org/changeset/29384
  2746. | - https://core.trac.wordpress.org/changeset/29408
  2747. |
  2748. | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  2749. | Fixed in: 3.9.2
  2750. | References:
  2751. | - https://wpvulndb.com/vulnerabilities/7529
  2752. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  2753. | - https://core.trac.wordpress.org/changeset/29398
  2754. |
  2755. | [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
  2756. | Fixed in: 3.9.2
  2757. | References:
  2758. | - https://wpvulndb.com/vulnerabilities/7530
  2759. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
  2760. | - https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
  2761. | - http://getid3.sourceforge.net/
  2762. | - http://wordpress.org/news/2014/08/wordpress-3-9-2/
  2763. | - http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
  2764. | - https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
  2765. |
  2766. | [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  2767. | Fixed in: 4.0
  2768. | References:
  2769. | - https://wpvulndb.com/vulnerabilities/7531
  2770. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  2771. | - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  2772. | - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-to-get-full-compromise-on-wordpress-sites/
  2773. |
  2774. | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2775. | Fixed in: 4.0
  2776. | References:
  2777. | - https://wpvulndb.com/vulnerabilities/7680
  2778. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  2779. | - http://klikki.fi/adv/wordpress.html
  2780. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2781. | - http://klikki.fi/adv/wordpress_update.html
  2782. |
  2783. | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  2784. | Fixed in: 4.0.1
  2785. | References:
  2786. | - https://wpvulndb.com/vulnerabilities/7681
  2787. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  2788. | - https://www.exploit-db.com/exploits/35413/
  2789. | - https://www.exploit-db.com/exploits/35414/
  2790. | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  2791. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2792. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  2793. |
  2794. | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  2795. | Fixed in: 4.0.1
  2796. | References:
  2797. | - https://wpvulndb.com/vulnerabilities/7696
  2798. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  2799. | - http://www.securityfocus.com/bid/71234/
  2800. | - https://core.trac.wordpress.org/changeset/30444
  2801. |
  2802. | [!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
  2803. | Fixed in: 4.0.1
  2804. | References:
  2805. | - https://wpvulndb.com/vulnerabilities/7697
  2806. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032
  2807. | - https://core.trac.wordpress.org/changeset/30422
  2808. |
  2809. | [!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2810. | Fixed in: 4.1.2
  2811. | References:
  2812. | - https://wpvulndb.com/vulnerabilities/7929
  2813. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  2814. | - https://wordpress.org/news/2015/04/wordpress-4-1-2/
  2815. | - https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
  2816. |
  2817. | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  2818. | Fixed in: 3.9.7
  2819. | References:
  2820. | - https://wpvulndb.com/vulnerabilities/8111
  2821. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  2822. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  2823. | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
  2824. | - https://twitter.com/klikkioy/status/624264122570526720
  2825. | - https://klikki.fi/adv/wordpress3.html
  2826. |
  2827. | [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  2828. | Fixed in: 3.9.8
  2829. | References:
  2830. | - https://wpvulndb.com/vulnerabilities/8126
  2831. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  2832. | - https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  2833. |
  2834. | [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  2835. | Fixed in: 3.9.8
  2836. | References:
  2837. | - https://wpvulndb.com/vulnerabilities/8130
  2838. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  2839. | - https://core.trac.wordpress.org/changeset/33536
  2840. |
  2841. | [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  2842. | Fixed in: 3.9.8
  2843. | References:
  2844. | - https://wpvulndb.com/vulnerabilities/8131
  2845. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  2846. | - https://core.trac.wordpress.org/changeset/33529
  2847. |
  2848. | [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  2849. | Fixed in: 3.9.8
  2850. | References:
  2851. | - https://wpvulndb.com/vulnerabilities/8132
  2852. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  2853. | - https://core.trac.wordpress.org/changeset/33541
  2854. |
  2855. | [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  2856. | Fixed in: 3.9.8
  2857. | References:
  2858. | - https://wpvulndb.com/vulnerabilities/8133
  2859. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  2860. | - https://core.trac.wordpress.org/changeset/33549
  2861. | - https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  2862. |
  2863. | [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  2864. | Fixed in: 3.9.9
  2865. | References:
  2866. | - https://wpvulndb.com/vulnerabilities/8186
  2867. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  2868. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2869. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2870. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2871. |
  2872. | [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  2873. | Fixed in: 3.9.9
  2874. | References:
  2875. | - https://wpvulndb.com/vulnerabilities/8187
  2876. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  2877. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2878. | - https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  2879. |
  2880. | [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  2881. | Fixed in: 3.9.9
  2882. | References:
  2883. | - https://wpvulndb.com/vulnerabilities/8188
  2884. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  2885. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2886. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2887. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2888. |
  2889. | [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  2890. | Fixed in: 3.9.10
  2891. | References:
  2892. | - https://wpvulndb.com/vulnerabilities/8358
  2893. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  2894. | - https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  2895. | - https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  2896. |
  2897. | [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  2898. | Fixed in: 3.9.11
  2899. | References:
  2900. | - https://wpvulndb.com/vulnerabilities/8376
  2901. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  2902. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2903. | - https://core.trac.wordpress.org/changeset/36435
  2904. | - https://hackerone.com/reports/110801
  2905. |
  2906. | [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  2907. | Fixed in: 3.9.11
  2908. | References:
  2909. | - https://wpvulndb.com/vulnerabilities/8377
  2910. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  2911. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2912. | - https://core.trac.wordpress.org/changeset/36444
  2913. |
  2914. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  2915. | Fixed in: 4.5
  2916. | References:
  2917. | - https://wpvulndb.com/vulnerabilities/8473
  2918. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  2919. | - https://codex.wordpress.org/Version_4.5
  2920. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  2921. |
  2922. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  2923. | Fixed in: 4.5
  2924. | References:
  2925. | - https://wpvulndb.com/vulnerabilities/8474
  2926. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  2927. | - https://codex.wordpress.org/Version_4.5
  2928. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  2929. |
  2930. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  2931. | Fixed in: 4.5
  2932. | References:
  2933. | - https://wpvulndb.com/vulnerabilities/8475
  2934. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  2935. | - https://codex.wordpress.org/Version_4.5
  2936. |
  2937. | [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  2938. | Fixed in: 3.9.12
  2939. | References:
  2940. | - https://wpvulndb.com/vulnerabilities/8489
  2941. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  2942. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  2943. | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  2944. | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  2945. |
  2946. | [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  2947. | Fixed in: 3.9.13
  2948. | References:
  2949. | - https://wpvulndb.com/vulnerabilities/8519
  2950. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  2951. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2952. | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  2953. | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  2954. |
  2955. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  2956. | Fixed in: 3.9.13
  2957. | References:
  2958. | - https://wpvulndb.com/vulnerabilities/8520
  2959. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  2960. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2961. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  2962. |
  2963. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  2964. | Fixed in: 3.9.14
  2965. | References:
  2966. | - https://wpvulndb.com/vulnerabilities/8615
  2967. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  2968. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2969. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  2970. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  2971. | - http://seclists.org/fulldisclosure/2016/Sep/6
  2972. |
  2973. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  2974. | Fixed in: 3.9.14
  2975. | References:
  2976. | - https://wpvulndb.com/vulnerabilities/8616
  2977. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  2978. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2979. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  2980. |
  2981. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  2982. | Fixed in: 3.9.15
  2983. | References:
  2984. | - https://wpvulndb.com/vulnerabilities/8716
  2985. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  2986. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  2987. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2988. |
  2989. | [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  2990. | Fixed in: 3.9.15
  2991. | References:
  2992. | - https://wpvulndb.com/vulnerabilities/8718
  2993. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  2994. | - https://www.mehmetince.net/low-severity-wordpress/
  2995. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2996. | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  2997. |
  2998. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  2999. | Fixed in: 3.9.15
  3000. | References:
  3001. | - https://wpvulndb.com/vulnerabilities/8719
  3002. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  3003. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  3004. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  3005. |
  3006. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  3007. | Fixed in: 3.9.15
  3008. | References:
  3009. | - https://wpvulndb.com/vulnerabilities/8720
  3010. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  3011. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  3012. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  3013. |
  3014. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  3015. | Fixed in: 3.9.15
  3016. | References:
  3017. | - https://wpvulndb.com/vulnerabilities/8721
  3018. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  3019. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  3020. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  3021. |
  3022. | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  3023. | Fixed in: 3.9.16
  3024. | References:
  3025. | - https://wpvulndb.com/vulnerabilities/8730
  3026. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  3027. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  3028. | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  3029. |
  3030. | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  3031. | Fixed in: 3.9.17
  3032. | References:
  3033. | - https://wpvulndb.com/vulnerabilities/8765
  3034. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  3035. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  3036. | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  3037. | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  3038. | - http://seclists.org/oss-sec/2017/q1/563
  3039. |
  3040. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  3041. | Fixed in: 3.9.17
  3042. | References:
  3043. | - https://wpvulndb.com/vulnerabilities/8766
  3044. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  3045. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  3046. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  3047. |
  3048. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  3049. | References:
  3050. | - https://wpvulndb.com/vulnerabilities/8807
  3051. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  3052. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  3053. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  3054. | - https://core.trac.wordpress.org/ticket/25239
  3055. |
  3056. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  3057. | Fixed in: 3.9.19
  3058. | References:
  3059. | - https://wpvulndb.com/vulnerabilities/8815
  3060. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  3061. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  3062. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3063. |
  3064. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  3065. | Fixed in: 3.9.19
  3066. | References:
  3067. | - https://wpvulndb.com/vulnerabilities/8816
  3068. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  3069. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3070. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  3071. |
  3072. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  3073. | Fixed in: 3.9.19
  3074. | References:
  3075. | - https://wpvulndb.com/vulnerabilities/8817
  3076. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  3077. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3078. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  3079. |
  3080. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  3081. | Fixed in: 3.9.19
  3082. | References:
  3083. | - https://wpvulndb.com/vulnerabilities/8818
  3084. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  3085. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3086. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  3087. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  3088. |
  3089. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  3090. | Fixed in: 3.9.19
  3091. | References:
  3092. | - https://wpvulndb.com/vulnerabilities/8819
  3093. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  3094. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3095. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  3096. | - https://hackerone.com/reports/203515
  3097. | - https://hackerone.com/reports/203515
  3098. |
  3099. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  3100. | Fixed in: 3.9.19
  3101. | References:
  3102. | - https://wpvulndb.com/vulnerabilities/8820
  3103. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  3104. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3105. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  3106. |
  3107. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  3108. | Fixed in: 3.9.20
  3109. | References:
  3110. | - https://wpvulndb.com/vulnerabilities/8905
  3111. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3112. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  3113. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  3114. |
  3115. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  3116. | Fixed in: 4.7.5
  3117. | References:
  3118. | - https://wpvulndb.com/vulnerabilities/8906
  3119. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  3120. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3121. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  3122. | - https://wpvulndb.com/vulnerabilities/8905
  3123. |
  3124. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  3125. | Fixed in: 3.9.20
  3126. | References:
  3127. | - https://wpvulndb.com/vulnerabilities/8910
  3128. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  3129. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3130. | - https://core.trac.wordpress.org/changeset/41398
  3131. |
  3132. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  3133. | Fixed in: 3.9.20
  3134. | References:
  3135. | - https://wpvulndb.com/vulnerabilities/8911
  3136. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  3137. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3138. | - https://core.trac.wordpress.org/changeset/41457
  3139. |
  3140. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  3141. | Fixed in: 3.9.21
  3142. | References:
  3143. | - https://wpvulndb.com/vulnerabilities/8941
  3144. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  3145. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  3146. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  3147. | - https://twitter.com/ircmaxell/status/923662170092638208
  3148. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  3149. |
  3150. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  3151. | Fixed in: 3.9.22
  3152. | References:
  3153. | - https://wpvulndb.com/vulnerabilities/8966
  3154. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  3155. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  3156. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  3157. |
  3158. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  3159. | Fixed in: 3.9.22
  3160. | References:
  3161. | - https://wpvulndb.com/vulnerabilities/8967
  3162. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  3163. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  3164. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  3165. |
  3166. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  3167. | Fixed in: 3.9.22
  3168. | References:
  3169. | - https://wpvulndb.com/vulnerabilities/8969
  3170. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  3171. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  3172. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  3173. |
  3174. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  3175. | Fixed in: 3.9.23
  3176. | References:
  3177. | - https://wpvulndb.com/vulnerabilities/9006
  3178. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  3179. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  3180. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  3181. | - https://core.trac.wordpress.org/ticket/42720
  3182. |
  3183. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  3184. | References:
  3185. | - https://wpvulndb.com/vulnerabilities/9021
  3186. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  3187. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  3188. | - https://github.com/quitten/doser.py
  3189. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  3190. |
  3191. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  3192. | Fixed in: 3.9.24
  3193. | References:
  3194. | - https://wpvulndb.com/vulnerabilities/9053
  3195. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  3196. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  3197. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  3198. |
  3199. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  3200. | Fixed in: 3.9.24
  3201. | References:
  3202. | - https://wpvulndb.com/vulnerabilities/9054
  3203. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  3204. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  3205. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  3206. |
  3207. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  3208. | Fixed in: 3.9.24
  3209. | References:
  3210. | - https://wpvulndb.com/vulnerabilities/9055
  3211. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  3212. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  3213. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  3214. |
  3215. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  3216. | Fixed in: 3.9.25
  3217. | References:
  3218. | - https://wpvulndb.com/vulnerabilities/9100
  3219. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  3220. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  3221. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  3222. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  3223. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  3224. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  3225. |
  3226. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  3227. | Fixed in: 3.9.26
  3228. | References:
  3229. | - https://wpvulndb.com/vulnerabilities/9169
  3230. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  3231. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3232. |
  3233. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  3234. | Fixed in: 3.9.26
  3235. | References:
  3236. | - https://wpvulndb.com/vulnerabilities/9170
  3237. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  3238. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3239. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  3240. |
  3241. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  3242. | Fixed in: 3.9.26
  3243. | References:
  3244. | - https://wpvulndb.com/vulnerabilities/9171
  3245. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  3246. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3247. |
  3248. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  3249. | Fixed in: 3.9.26
  3250. | References:
  3251. | - https://wpvulndb.com/vulnerabilities/9172
  3252. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  3253. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3254. |
  3255. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  3256. | Fixed in: 3.9.26
  3257. | References:
  3258. | - https://wpvulndb.com/vulnerabilities/9173
  3259. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  3260. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3261. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  3262. |
  3263. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  3264. | Fixed in: 3.9.26
  3265. | References:
  3266. | - https://wpvulndb.com/vulnerabilities/9174
  3267. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  3268. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3269. |
  3270. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  3271. | Fixed in: 3.9.26
  3272. | References:
  3273. | - https://wpvulndb.com/vulnerabilities/9175
  3274. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  3275. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3276. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  3277.  
  3278. [+] WordPress theme in use: asssd
  3279. | Location: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/
  3280. | Style URL: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/style.css
  3281. |
  3282. | Detected By: Urls In Homepage (Passive Detection)
  3283. |
  3284. | The version could not be determined.
  3285.  
  3286. [+] Enumerating Users (via Passive and Aggressive Methods)
  3287. Brute Forcing Author IDs - Time: 00:00:04 <==> (10 / 10) 100.00% Time: 00:00:04
  3288.  
  3289. [i] No Users Found.
  3290.  
  3291. [+] Finished: Thu Feb 14 10:52:56 2019
  3292. [+] Requests Done: 14
  3293. [+] Cached Requests: 403
  3294. [+] Data Sent: 13.673 KB
  3295. [+] Data Received: 533.083 KB
  3296. [+] Memory used: 11.672 MB
  3297. [+] Elapsed time: 00:00:07
  3298. #######################################################################################################################################
  3299. [-] Date & Time: 14/02/2019 10:50:18
  3300. [I] Threads: 5
  3301. [-] Target: http://mocit.gov.sd/index.php/ar (62.12.105.2)
  3302. [M] Website Not in HTTPS: http://mocit.gov.sd/index.php/ar
  3303. [I] X-Powered-By: PHP/5.3.29
  3304. [L] X-Frame-Options: Not Enforced
  3305. [I] Strict-Transport-Security: Not Enforced
  3306. [I] X-Content-Security-Policy: Not Enforced
  3307. [I] X-Content-Type-Options: Not Enforced
  3308. [L] No Robots.txt Found
  3309. [I] CMS Detection: WordPress
  3310. [I] Wordpress Theme: asssd
  3311. [M] XML-RPC services are enabled
  3312. [I] Autocomplete Off Not Found: http://mocit.gov.sd/index.php/ar/wp-login.php
  3313. [-] Default WordPress Files:
  3314. [-] Searching Wordpress Plugins ...
  3315. [I] adrotate
  3316. [M] EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
  3317. [M] EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
  3318. [M] EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
  3319. [I] ads-box
  3320. [M] EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
  3321. [I] firestats
  3322. [M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
  3323. [M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
  3324. [M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
  3325. [I] simple-ads-manager
  3326. [M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
  3327. [M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
  3328. [M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
  3329. [M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
  3330. [I] wp-bannerize
  3331. [M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
  3332. [M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
  3333. [M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
  3334. [I] Checking for Directory Listing Enabled ...
  3335. [-] Date & Time: 14/02/2019 10:54:48
  3336. [-] Completed in: 0:04:30
  3337. #######################################################################################################################################
  3338. Anonymous JTSEC #OpSudan Full Recon #12
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement