Advertisement
Guest User

Anonymous JTSEC #OpSudan Full Recon #12

a guest
Feb 14th, 2019
1,461
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname mocit.gov.sd ISP NICDC
  4. Continent Africa Flag
  5. SD
  6. Country Sudan Country Code SD
  7. Region Unknown Local time 14 Feb 2019 17:44 CAT
  8. City Unknown Postal Code Unknown
  9. IP Address 62.12.105.2 Latitude 15
  10. Longitude 30
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > mocit.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: mocit.gov.sd
  19. Address: 62.12.105.2
  20. >
  21. #######################################################################################################################################
  22. HostIP:62.12.105.2
  23. HostName:mocit.gov.sd
  24.  
  25. Gathered Inet-whois information for 62.12.105.2
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 62.12.96.0 - 62.12.127.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:46:54Z
  61. last-modified: 2019-01-07T10:46:54Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
  77.  
  78.  
  79.  
  80. Gathered Inic-whois information for mocit.gov.sd
  81. ---------------------------------------------------------------------------------------------------------------------------------------
  82. Error: Unable to connect - Invalid Host
  83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  84. close error
  85.  
  86. Gathered Netcraft information for mocit.gov.sd
  87. ---------------------------------------------------------------------------------------------------------------------------------------
  88.  
  89. Retrieving Netcraft.com information for mocit.gov.sd
  90. Netcraft.com Information gathered
  91.  
  92. Gathered Subdomain information for mocit.gov.sd
  93. ---------------------------------------------------------------------------------------------------------------------------------------
  94. Searching Google.com:80...
  95. Searching Altavista.com:80...
  96. Found 0 possible subdomain(s) for host mocit.gov.sd, Searched 0 pages containing 0 results
  97.  
  98. Gathered E-Mail information for mocit.gov.sd
  99. ---------------------------------------------------------------------------------------------------------------------------------------
  100. Searching Google.com:80...
  101. Searching Altavista.com:80...
  102. Found 0 E-Mail(s) for host mocit.gov.sd, Searched 0 pages containing 0 results
  103.  
  104. Gathered TCP Port information for 62.12.105.2
  105. ---------------------------------------------------------------------------------------------------------------------------------------
  106.  
  107. Port State
  108.  
  109. 21/tcp open
  110. 80/tcp open
  111. 110/tcp open
  112. 143/tcp open
  113.  
  114. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
  115. #######################################################################################################################################
  116. [i] Scanning Site: http://mocit.gov.sd
  117.  
  118.  
  119.  
  120. B A S I C I N F O
  121. =======================================================================================================================================
  122.  
  123.  
  124. [+] Site Title: وزارة الثقافة والاعلام والسياحة
  125. [+] IP address: 62.12.105.2
  126. [+] Web Server: Could Not Detect
  127. [+] CMS: WordPress
  128. [+] Cloudflare: Not Detected
  129. [+] Robots File: Could NOT Find robots.txt!
  130.  
  131.  
  132.  
  133.  
  134. G E O I P L O O K U P
  135. =======================================================================================================================================
  136.  
  137. [i] IP Address: 62.12.105.2
  138. [i] Country: Sudan
  139. [i] State:
  140. [i] City:
  141. [i] Latitude: 15.0
  142. [i] Longitude: 30.0
  143.  
  144.  
  145.  
  146.  
  147. H T T P H E A D E R S
  148. =======================================================================================================================================
  149.  
  150.  
  151. [i] HTTP/1.1 302 Found
  152. [i] Date: Thu, 14 Feb 2019 15:39:21 GMT
  153. [i] Content-Type: text/html
  154. [i] Content-Length: 0
  155. [i] X-Powered-By: PHP/5.3.29
  156. [i] Set-Cookie: csrf_cookie_name=338c17f74036158d14db6c42c47ff67b; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  157. [i] Location: http://mocit.gov.sd/index.php/ar/
  158. [i] X-Powered-By: PleskLin
  159. [i] Connection: close
  160. [i] HTTP/1.1 200 OK
  161. [i] Date: Thu, 14 Feb 2019 15:39:22 GMT
  162. [i] Content-Type: text/html
  163. [i] X-Powered-By: PHP/5.3.29
  164. [i] Set-Cookie: csrf_cookie_name=8c58df1bf97fa806ed52ed3eb34212e0; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  165. [i] Set-Cookie: user_lang=ar; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  166. [i] Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22390ad74586c1a5b39a558b8854f90b91%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22176.113.74.35%22%3Bs%3A10%3A%22user_agent%22%3Bb%3A0%3Bs%3A13%3A%22last_activity%22%3Bi%3A1550158761%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D6b7eb7793c71b387f6d616fb6f72320b; expires=Thu, 14-Feb-2019 17:39:21 GMT; path=/
  167. [i] X-Powered-By: PleskLin
  168. [i] Connection: close
  169.  
  170.  
  171.  
  172.  
  173. D N S L O O K U P
  174. =======================================================================================================================================
  175.  
  176. mocit.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  177. mocit.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  178. mocit.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  179. mocit.gov.sd. 21599 IN A 62.12.105.2
  180. mocit.gov.sd. 21599 IN MX 10 f03-web02.nic.gov.sd.
  181. mocit.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  182.  
  183.  
  184.  
  185.  
  186. S U B N E T C A L C U L A T I O N
  187. =======================================================================================================================================
  188.  
  189. Address = 62.12.105.2
  190. Network = 62.12.105.2 / 32
  191. Netmask = 255.255.255.255
  192. Broadcast = not needed on Point-to-Point links
  193. Wildcard Mask = 0.0.0.0
  194. Hosts Bits = 0
  195. Max. Hosts = 1 (2^0 - 0)
  196. Host Range = { 62.12.105.2 - 62.12.105.2 }
  197.  
  198.  
  199.  
  200. N M A P P O R T S C A N
  201. =======================================================================================================================================
  202.  
  203.  
  204. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 16:37 UTC
  205. Nmap scan report for mocit.gov.sd (62.12.105.2)
  206. Host is up (0.18s latency).
  207. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  208. PORT STATE SERVICE
  209. 21/tcp filtered ftp
  210. 22/tcp filtered ssh
  211. 23/tcp filtered telnet
  212. 80/tcp filtered http
  213. 110/tcp filtered pop3
  214. 143/tcp filtered imap
  215. 443/tcp filtered https
  216. 3389/tcp filtered ms-wbt-server
  217.  
  218. Nmap done: 1 IP address (1 host up) scanned in 13.88 seconds
  219. #######################################################################################################################################
  220. [?] Enter the target: example( http://domain.com )
  221. http://mocit.gov.sd/index.php/ar/
  222. [!] IP Address : 62.12.105.2
  223. [!] mocit.gov.sd doesn't seem to use a CMS
  224. [+] Honeypot Probabilty: 0%
  225. ---------------------------------------------------------------------------------------------------------------------------------------
  226. [~] Trying to gather whois information for mocit.gov.sd
  227. [+] Whois information found
  228. [-] Unable to build response, visit https://who.is/whois/mocit.gov.sd
  229. ---------------------------------------------------------------------------------------------------------------------------------------
  230. PORT STATE SERVICE
  231. 21/tcp filtered ftp
  232. 22/tcp filtered ssh
  233. 23/tcp filtered telnet
  234. 80/tcp filtered http
  235. 110/tcp filtered pop3
  236. 143/tcp filtered imap
  237. 443/tcp filtered https
  238. 3389/tcp filtered ms-wbt-server
  239. Nmap done: 1 IP address (1 host up) scanned in 14.16 seconds
  240. ---------------------------------------------------------------------------------------------------------------------------------------
  241.  
  242. [+] DNS Records
  243. ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
  244. ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
  245.  
  246. [+] MX Records
  247. 10 (62.12.105.2) Egypt Egypt
  248.  
  249. [+] Host Records (A)
  250. mocit.gov.sd (62.12.105.2) Egypt Egypt
  251.  
  252. [+] TXT Records
  253. "v=spf1 mx -all"
  254.  
  255. [+] DNS Map: https://dnsdumpster.com/static/map/mocit.gov.sd.png
  256.  
  257. [>] Initiating 3 intel modules
  258. [>] Loading Alpha module (1/3)
  259. [>] Beta module deployed (2/3)
  260. [>] Gamma module initiated (3/3)
  261.  
  262.  
  263. [+] Emails found:
  264. ---------------------------------------------------------------------------------------------------------------------------------------
  265. pixel-1550162262413050-web-@mocit.gov.sd
  266. pixel-15501622632323-web-@mocit.gov.sd
  267.  
  268. [+] Hosts found in search engines:
  269. --------------------------------------------------------------------------------------------------------------------------------------
  270. [-] Resolving hostnames IPs...
  271. 62.12.105.2:www.mocit.gov.sd
  272. [+] Virtual hosts:
  273. ---------------------------------------------------------------------------------------------------------------------------------------
  274. ######################################################################################################################################
  275. Enter Address Website = mocit.gov.sd
  276.  
  277.  
  278.  
  279. Reverse IP With YouGetSignal 'mocit.gov.sd'
  280. ---------------------------------------------------------------------------------------------------------------------------------------
  281.  
  282. [*] IP: 62.12.105.2
  283. [*] Domain: mocit.gov.sd
  284. [*] Total Domains: 6
  285.  
  286. [+] agricmi.gov.sd
  287. [+] eastgezira.gov.sd
  288. [+] mocit.gov.sd
  289. [+] sudan.gov.sd
  290. [+] unionkhr.sd
  291. [+] www.sudan.gov.sd
  292. #######################################################################################################################################
  293. Geo IP Lookup 'mocit.gov.sd'
  294. ---------------------------------------------------------------------------------------------------------------------------------------
  295.  
  296. [+] IP Address: 62.12.105.2
  297. [+] Country: Sudan
  298. [+] State:
  299. [+] City:
  300. [+] Latitude: 15.0
  301. [+] Longitude: 30.0
  302. #######################################################################################################################################
  303. DNS Lookup 'mocit.gov.sd'
  304. ---------------------------------------------------------------------------------------------------------------------------------------
  305.  
  306. [+] mocit.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  307. [+] mocit.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  308. [+] mocit.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  309. [+] mocit.gov.sd. 21599 IN A 62.12.105.2
  310. [+] mocit.gov.sd. 21599 IN MX 10 f03-web02.nic.gov.sd.
  311. [+] mocit.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  312. #######################################################################################################################################
  313. Show HTTP Header 'mocit.gov.sd'
  314. ---------------------------------------------------------------------------------------------------------------------------------------
  315.  
  316. [+] HTTP/1.1 302 Moved Temporarily
  317. [+] Server: nginx
  318. [+] Date: Thu, 14 Feb 2019 15:39:14 GMT
  319. [+] Content-Type: text/html
  320. [+] Connection: keep-alive
  321. [+] X-Powered-By: PHP/5.3.29
  322. [+] Set-Cookie: csrf_cookie_name=76583c8c25944d3f10d80b9a2798d617; expires=Thu, 14-Feb-2019 17:39:14 GMT; path=/
  323. [+] Location: http://mocit.gov.sd/index.php/ar/
  324. [+] X-Powered-By: PleskLin
  325. #######################################################################################################################################Port Scan 'mocit.gov.sd'
  326. ---------------------------------------------------------------------------------------------------------------------------------------
  327.  
  328.  
  329. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 16:37 UTC
  330. Nmap scan report for mocit.gov.sd (62.12.105.2)
  331. Host is up (0.18s latency).
  332. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  333. PORT STATE SERVICE
  334. 21/tcp filtered ftp
  335. 22/tcp filtered ssh
  336. 23/tcp filtered telnet
  337. 80/tcp filtered http
  338. 110/tcp filtered pop3
  339. 143/tcp filtered imap
  340. 443/tcp filtered https
  341. 3389/tcp filtered ms-wbt-server
  342.  
  343. Nmap done: 1 IP address (1 host up) scanned in 14.38 seconds
  344. #######################################################################################################################################
  345. Traceroute 'mocit.gov.sd'
  346. ---------------------------------------------------------------------------------------------------------------------------------------
  347.  
  348. Start: 2019-02-14T16:37:27+0000
  349. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  350. 1.|-- 45.79.12.201 0.0% 3 1.1 1.1 0.8 1.2 0.2
  351. 2.|-- 45.79.12.0 0.0% 3 13.4 12.5 3.7 20.6 8.5
  352. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.3 2.2 1.3 3.9 1.4
  353. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 2.1 2.0 1.9 2.1 0.1
  354. 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 12.0 11.8 11.4 12.1 0.4
  355. 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.4 24.2 23.4 25.0 0.8
  356. 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.7 30.7 30.5 30.8 0.1
  357. 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.3 41.3 41.3 41.4 0.1
  358. 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 45.7 45.7 45.6 45.7 0.0
  359. 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.5 107.7 107.5 107.9 0.2
  360. 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 108.1 108.0 107.9 108.1 0.1
  361. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 108.5 107.9 107.6 108.5 0.5
  362. 13.|-- 185.153.20.70 0.0% 3 185.6 185.9 185.6 186.4 0.4
  363. 14.|-- 185.153.20.82 0.0% 3 185.6 185.8 185.6 185.9 0.1
  364. 15.|-- 185.153.20.94 0.0% 3 185.5 185.5 185.5 185.6 0.0
  365. 16.|-- 185.153.20.153 0.0% 3 230.0 219.6 214.2 230.0 9.0
  366. 17.|-- 212.0.131.109 0.0% 3 227.6 227.4 226.9 227.8 0.4
  367. 18.|-- 196.202.137.249 0.0% 3 219.0 219.3 218.9 220.0 0.6
  368. 19.|-- 196.202.145.94 0.0% 3 219.1 219.3 219.1 219.5 0.2
  369. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  370. #######################################################################################################################################
  371. Ping 'mocit.gov.sd'
  372. ---------------------------------------------------------------------------------------------------------------------------------------
  373.  
  374. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-14 16:37 UTC
  375. SENT (0.0038s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=1] IP [ttl=64 id=6748 iplen=28 ]
  376. SENT (1.0040s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=2] IP [ttl=64 id=6748 iplen=28 ]
  377. SENT (2.0056s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=3] IP [ttl=64 id=6748 iplen=28 ]
  378. SENT (3.0069s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=34398 seq=4] IP [ttl=64 id=6748 iplen=28 ]
  379.  
  380. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  381. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  382. Nping done: 1 IP address pinged in 4.01 seconds
  383. #######################################################################################################################################
  384. ; <<>> DiG 9.11.5-P1-1-Debian <<>> mocit.gov.sd
  385. ;; global options: +cmd
  386. ;; Got answer:
  387. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11094
  388. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  389.  
  390. ;; OPT PSEUDOSECTION:
  391. ; EDNS: version: 0, flags:; udp: 4096
  392. ;; QUESTION SECTION:
  393. ;mocit.gov.sd. IN A
  394.  
  395. ;; ANSWER SECTION:
  396. mocit.gov.sd. 82189 IN A 62.12.105.2
  397.  
  398. ;; Query time: 35 msec
  399. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  400. ;; WHEN: jeu fév 14 11:54:19 EST 2019
  401. ;; MSG SIZE rcvd: 57
  402. #######################################################################################################################################
  403. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace mocit.gov.sd
  404. ;; global options: +cmd
  405. . 80866 IN NS a.root-servers.net.
  406. . 80866 IN NS b.root-servers.net.
  407. . 80866 IN NS d.root-servers.net.
  408. . 80866 IN NS k.root-servers.net.
  409. . 80866 IN NS c.root-servers.net.
  410. . 80866 IN NS f.root-servers.net.
  411. . 80866 IN NS j.root-servers.net.
  412. . 80866 IN NS g.root-servers.net.
  413. . 80866 IN NS m.root-servers.net.
  414. . 80866 IN NS i.root-servers.net.
  415. . 80866 IN NS h.root-servers.net.
  416. . 80866 IN NS e.root-servers.net.
  417. . 80866 IN NS l.root-servers.net.
  418. . 80866 IN RRSIG NS 8 0 518400 20190227050000 20190214040000 16749 . KjRJi44YfIrOlhPKeg7qiGlwP2QsgQmM2rTFegujHBe0cRTA1uH0NEgj FPJX+q10aSbYdSr3FGT2cW1YTRmLmAbNXGwZz84jYBm+Z+Au+Yhr9TRN 4DHs4voHtgr8u/sm5Hx72ghRbXOSK+ffIljYBTSwk4TKkFi1sqYbs7V6 tMz0LjK1rEuWHnPi2Vnrp93/WKdWMQmytU2qvKr9x6/s8TSkWWOKzaEX sOGlz9aFDRpYkreMZvOWKjUJbkzz9BgvKhnT72q0oDdhdrhle1bTM+yV rZ4pgndNM0b3TAdcMiNhNEISL0uQ0b5tUM3Y3rOT9YLlF4gA+p01UD3a cuep6w==
  419. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 33 ms
  420.  
  421. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  422. sd. 172800 IN NS ns1.uaenic.ae.
  423. sd. 172800 IN NS ns2.uaenic.ae.
  424. sd. 172800 IN NS ans1.sis.sd.
  425. sd. 172800 IN NS ans1.canar.sd.
  426. sd. 172800 IN NS ans2.canar.sd.
  427. sd. 172800 IN NS ns-sd.afrinic.net.
  428. sd. 86400 IN NSEC se. NS RRSIG NSEC
  429. sd. 86400 IN RRSIG NSEC 8 1 86400 20190227050000 20190214040000 16749 . p5xCmXr6/UJpXVFgnTVrZf/qZ0bsqHWSMXrkDI4WLDsbzoK/TSBtEgO2 KSA9Is1n0hWTqY3HfWl5R0HypWb+vtX32FbjdPNUpm2FBtpujLQgxvry /nJRvXzYKmy1NPoLesExvMg/3coxIQKAPxmfwm09ddZ5vfvc+NKc5X7D znXBTk+j6KILgL7LvhhJ0/TsikCqL3gPGKH8aW6RId4tcxJV1dmgRR8F FcGkESYs2KJmG6KN/JG5OiJ/rOVUSQCkHjUAMoX1x+qKLAy+dDJkBnyy OkdQ+04CkijYHauuo/VvJjk14/60ChpgDqc//AF+VJgvGPs9tSEQLApC wFQsOg==
  430. ;; Received 699 bytes from 199.7.91.13#53(d.root-servers.net) in 36 ms
  431.  
  432. gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
  433. gov.sd. 14400 IN NS ns1.uaenic.ae.
  434. gov.sd. 14400 IN NS ns2.uaenic.ae.
  435. gov.sd. 14400 IN NS ans1.sis.sd.
  436. gov.sd. 14400 IN NS ans1.canar.sd.
  437. gov.sd. 14400 IN NS ans2.canar.sd.
  438. gov.sd. 14400 IN NS ns-sd.afrinic.net.
  439. ;; Received 268 bytes from 196.216.168.26#53(ns-sd.afrinic.net) in 274 ms
  440.  
  441. mocit.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
  442. mocit.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
  443. ;; Received 113 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 106 ms
  444.  
  445. mocit.gov.sd. 86400 IN A 62.12.105.2
  446. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  447. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  448. ;; Received 129 bytes from 62.12.109.3#53(ns1.ndc.gov.sd) in 206 ms
  449. #######################################################################################################################################
  450. [*] Performing General Enumeration of Domain: mocit.gov.sd
  451. [-] DNSSEC is not configured for mocit.gov.sd
  452. [*] SOA ns0.ndc.gov.sd 62.12.109.2
  453. [*] NS ns1.ndc.gov.sd 62.12.109.3
  454. [*] Bind Version for 62.12.109.3 you guess!
  455. [*] NS ns0.ndc.gov.sd 62.12.109.2
  456. [*] Bind Version for 62.12.109.2 you guess!
  457. [*] MX f03-web02.nic.gov.sd 62.12.105.2
  458. [*] A mocit.gov.sd 62.12.105.2
  459. [*] TXT mocit.gov.sd v=spf1 mx -all
  460. [*] Enumerating SRV Records
  461. [-] No SRV Records Found for mocit.gov.sd
  462. [+] 0 Records Found
  463. #######################################################################################################################################
  464. [*] Processing domain mocit.gov.sd
  465. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  466. [+] Getting nameservers
  467. 62.12.109.3 - ns1.ndc.gov.sd
  468. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  469. mocit.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  470. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  471. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  472. mocit.gov.sd. 86400 IN A 62.12.105.2
  473. mocit.gov.sd. 86400 IN MX 10 f03-web02.nic.gov.sd.
  474. mocit.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  475. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  476. mail.mocit.gov.sd. 86400 IN MX 10 mail.mocit.gov.sd.
  477. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  478. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  479. #######################################################################################################################################
  480. Ip Address Status Type Domain Name Server
  481. ---------- ------ ---- ----------- ------
  482. 62.12.105.2 200 host mail.mocit.gov.sd nginx
  483. 62.12.105.2 200 alias webmail.mocit.gov.sd nginx
  484. 62.12.105.2 200 host mail.mocit.gov.sd nginx
  485. 62.12.105.2 301 host www.mocit.gov.sd nginx
  486. #######################################################################################################################################
  487. [+] Testing domain
  488. www.mocit.gov.sd 62.12.105.2
  489. [+] Dns resolving
  490. Domain name Ip address Name server
  491. mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  492. Found 1 host(s) for mocit.gov.sd
  493. [+] Testing wildcard
  494. Ok, no wildcard found.
  495.  
  496. [+] Scanning for subdomain on mocit.gov.sd
  497. [!] Wordlist not specified. I scannig with my internal wordlist...
  498. Estimated time about 106.32 seconds
  499.  
  500. Subdomain Ip address Name server
  501.  
  502. mail.mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  503. webmail.mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  504. www.mocit.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  505. #######################################################################################################################################
  506. dnsenum VERSION:1.2.4
  507.  
  508. ----- mocit.gov.sd -----
  509.  
  510.  
  511. Host's addresses:
  512. __________________
  513.  
  514. mocit.gov.sd. 82581 IN A 62.12.105.2
  515.  
  516.  
  517. Name Servers:
  518. ______________
  519.  
  520. ns0.ndc.gov.sd. 13744 IN A 62.12.109.2
  521. ns1.ndc.gov.sd. 13744 IN A 62.12.109.3
  522.  
  523.  
  524. Mail (MX) Servers:
  525. ___________________
  526.  
  527. f03-web02.nic.gov.sd. 86400 IN A 62.12.105.2
  528.  
  529.  
  530. Trying Zone Transfers and getting Bind Versions:
  531. _________________________________________________
  532.  
  533.  
  534. Trying Zone Transfer for mocit.gov.sd on ns0.ndc.gov.sd ...
  535. mocit.gov.sd. 86400 IN SOA (
  536. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  537. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  538. mocit.gov.sd. 86400 IN A 62.12.105.2
  539. mocit.gov.sd. 86400 IN MX 10
  540. mocit.gov.sd. 86400 IN TXT "v=spf1
  541. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  542. mail.mocit.gov.sd. 86400 IN MX 10
  543. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  544. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  545.  
  546. Trying Zone Transfer for mocit.gov.sd on ns1.ndc.gov.sd ...
  547. mocit.gov.sd. 86400 IN SOA (
  548. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  549. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  550. mocit.gov.sd. 86400 IN A 62.12.105.2
  551. mocit.gov.sd. 86400 IN MX 10
  552. mocit.gov.sd. 86400 IN TXT "v=spf1
  553. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  554. mail.mocit.gov.sd. 86400 IN MX 10
  555. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  556. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  557. #######################################################################################################################################
  558.  
  559. ____ _ _ _ _ _____
  560. / ___| _ _| |__ | (_)___| |_|___ / _ __
  561. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  562. ___) | |_| | |_) | | \__ \ |_ ___) | |
  563. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  564.  
  565. # Coded By Ahmed Aboul-Ela - @aboul3la
  566.  
  567. [-] Enumerating subdomains now for mocit.gov.sd
  568. [-] verbosity is enabled, will show the subdomains results in realtime
  569. [-] Searching now in Baidu..
  570. [-] Searching now in Yahoo..
  571. [-] Searching now in Google..
  572. [-] Searching now in Bing..
  573. [-] Searching now in Ask..
  574. [-] Searching now in Netcraft..
  575. [-] Searching now in DNSdumpster..
  576. [-] Searching now in Virustotal..
  577. [-] Searching now in ThreatCrowd..
  578. [-] Searching now in SSL Certificates..
  579. [-] Searching now in PassiveDNS..
  580. Virustotal: www.mocit.gov.sd
  581. Virustotal: mail.mocit.gov.sd
  582. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-mocit.gov.sd.txt
  583. [-] Total Unique Subdomains Found: 2
  584. www.mocit.gov.sd
  585. mail.mocit.gov.sd
  586. #######################################################################################################################################
  587. ===============================================
  588. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  589. ===============================================
  590.  
  591.  
  592. Running Source: Ask
  593. Running Source: Archive.is
  594. Running Source: Baidu
  595. Running Source: Bing
  596. Running Source: CertDB
  597. Running Source: CertificateTransparency
  598. Running Source: Certspotter
  599. Running Source: Commoncrawl
  600. Running Source: Crt.sh
  601. Running Source: Dnsdb
  602. Running Source: DNSDumpster
  603. Running Source: DNSTable
  604. Running Source: Dogpile
  605. Running Source: Exalead
  606. Running Source: Findsubdomains
  607. Running Source: Googleter
  608. Running Source: Hackertarget
  609. Running Source: Ipv4Info
  610. Running Source: PTRArchive
  611. Running Source: Sitedossier
  612. Running Source: Threatcrowd
  613. Running Source: ThreatMiner
  614. Running Source: WaybackArchive
  615. Running Source: Yahoo
  616.  
  617. Running enumeration on mocit.gov.sd
  618.  
  619. dnsdb: Unexpected return status 503
  620.  
  621. archiveis: Get http://archive.is/*.mocit.gov.sd: dial tcp 213.183.51.24:80: connect: connection timed out
  622.  
  623.  
  624. Starting Bruteforcing of mocit.gov.sd with 9985 words
  625.  
  626. Total 5 Unique subdomains found for mocit.gov.sd
  627.  
  628. .mocit.gov.sd
  629. mail.mocit.gov.sd
  630. mail.mocit.gov.sd
  631. webmail.mocit.gov.sd
  632. www.mocit.gov.sd
  633. #######################################################################################################################################
  634. [*] Processing domain mocit.gov.sd
  635. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  636. [+] Getting nameservers
  637. 62.12.109.3 - ns1.ndc.gov.sd
  638. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  639. mocit.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  640. mocit.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  641. mocit.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  642. mocit.gov.sd. 86400 IN A 62.12.105.2
  643. mocit.gov.sd. 86400 IN MX 10 f03-web02.nic.gov.sd.
  644. mocit.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  645. mail.mocit.gov.sd. 86400 IN A 62.12.105.2
  646. mail.mocit.gov.sd. 86400 IN MX 10 mail.mocit.gov.sd.
  647. webmail.mocit.gov.sd. 86400 IN CNAME mail.mocit.gov.sd.
  648. www.mocit.gov.sd. 86400 IN A 62.12.105.2
  649. #######################################################################################################################################
  650. [*] Found SPF record:
  651. [*] v=spf1 mx -all
  652. [*] SPF record contains an All item: -all
  653. [*] No DMARC record found. Looking for organizational record
  654. [+] No organizational DMARC record
  655. [+] Spoofing possible for mocit.gov.sd!
  656. #######################################################################################################################################
  657. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:53 EST
  658. Nmap scan report for mocit.gov.sd (62.12.105.2)
  659. Host is up (0.16s latency).
  660. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  661. Not shown: 464 filtered ports, 4 closed ports
  662. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  663. PORT STATE SERVICE
  664. 21/tcp open ftp
  665. 80/tcp open http
  666. 110/tcp open pop3
  667. 143/tcp open imap
  668. 443/tcp open https
  669. 993/tcp open imaps
  670. 995/tcp open pop3s
  671. 8443/tcp open https-alt
  672. #######################################################################################################################################
  673. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:53 EST
  674. Nmap scan report for mocit.gov.sd (62.12.105.2)
  675. Host is up (0.023s latency).
  676. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  677. Not shown: 2 filtered ports
  678. PORT STATE SERVICE
  679. 53/udp open|filtered domain
  680. 67/udp open|filtered dhcps
  681. 68/udp open|filtered dhcpc
  682. 69/udp open|filtered tftp
  683. 88/udp open|filtered kerberos-sec
  684. 123/udp open|filtered ntp
  685. 139/udp open|filtered netbios-ssn
  686. 161/udp open|filtered snmp
  687. 162/udp open|filtered snmptrap
  688. 389/udp open|filtered ldap
  689. 520/udp open|filtered route
  690. 2049/udp open|filtered nfs
  691. #######################################################################################################################################
  692. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:53 EST
  693. Nmap scan report for mocit.gov.sd (62.12.105.2)
  694. Host is up (0.21s latency).
  695. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  696.  
  697. PORT STATE SERVICE VERSION
  698. 21/tcp open tcpwrapped
  699. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  700. Device type: specialized|WAP|general purpose|router
  701. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  702. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  703. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  704. Network Distance: 20 hops
  705.  
  706. TRACEROUTE (using port 21/tcp)
  707. HOP RTT ADDRESS
  708. 1 23.11 ms 10.244.200.1
  709. 2 23.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  710. 3 27.79 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  711. 4 23.19 ms 82.102.29.44
  712. 5 23.61 ms 38.122.42.161
  713. 6 23.66 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  714. 7 92.83 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  715. 8 98.65 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  716. 9 99.88 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  717. 10 99.95 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  718. 11 104.18 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  719. 12 182.94 ms 185.153.20.70
  720. 13 182.95 ms 185.153.20.82
  721. 14 182.67 ms 185.153.20.94
  722. 15 196.46 ms 185.153.20.153
  723. 16 ... 17
  724. 18 212.81 ms 196.202.145.94
  725. 19 ...
  726. 20 206.78 ms f03-web02.nic.gov.sd (62.12.105.2)
  727. #######################################################################################################################################
  728. http://mocit.gov.sd [302 Found] Cookies[csrf_cookie_name], HTTPServer[nginx], IP[62.12.105.2], PHP[5.3.29,], Plesk[Lin], RedirectLocation[http://mocit.gov.sd/index.php/ar/], X-Powered-By[PHP/5.3.29, PleskLin], nginx
  729. http://mocit.gov.sd/index.php/ar/ [200 OK] CodeIgniter-PHP-Framework[ci_session Cookie], Cookies[ci_session,csrf_cookie_name,user_lang], Frame, HTML5, HTTPServer[nginx], IP[62.12.105.2], JQuery[1.6.4], PHP[5.3.29,], Plesk[Lin], Script[text/javascript], Title[وزارة الثقافة والاعلام والسياحة], probably WordPress, X-Powered-By[PHP/5.3.29, PleskLin], YouTube, nginx
  730. #######################################################################################################################################
  731. wig - WebApp Information Gatherer
  732.  
  733.  
  734. Scanning http://mocit.gov.sd...
  735. _________________________________________ SITE INFO _________________________________________
  736. IP Title
  737. 62.12.105.2 وزارة الثقافة والاعلام والسياحة
  738.  
  739. __________________________________________ VERSION __________________________________________
  740. Name Versions Type
  741. WordPress CMS
  742. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  743. 2.4.9
  744. PHP 5.3.29 Platform
  745. nginx Platform
  746.  
  747. ________________________________________ INTERESTING ________________________________________
  748. URL Note Type
  749. /install.php Installation file Interesting
  750. /test.php Test file Interesting
  751.  
  752. ___________________________________________ TOOLS ___________________________________________
  753. Name Link Software
  754. wpscan https://github.com/wpscanteam/wpscan WordPress
  755. CMSmap https://github.com/Dionach/CMSmap WordPress
  756.  
  757. _____________________________________________________________________________________________
  758. Time: 39.2 sec Urls: 477 Fingerprints: 40401
  759. #######################################################################################################################################
  760. HTTP/1.1 302 Moved Temporarily
  761. Server: nginx
  762. Date: Thu, 14 Feb 2019 16:08:15 GMT
  763. Content-Type: text/html
  764. Connection: keep-alive
  765. X-Powered-By: PHP/5.3.29
  766. Set-Cookie: csrf_cookie_name=3415093e41ec9f23ba6e1233b5da84c0; expires=Thu, 14-Feb-2019 18:08:15 GMT; path=/
  767. Location: http://mocit.gov.sd/index.php/ar/
  768. X-Powered-By: PleskLin
  769.  
  770. HTTP/1.1 302 Moved Temporarily
  771. Server: nginx
  772. Date: Thu, 14 Feb 2019 16:08:16 GMT
  773. Content-Type: text/html
  774. Connection: keep-alive
  775. X-Powered-By: PHP/5.3.29
  776. Set-Cookie: csrf_cookie_name=ac8d37ef201fc8221b6bd93244c20002; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  777. Location: http://mocit.gov.sd/index.php/ar/
  778. X-Powered-By: PleskLin
  779.  
  780. HTTP/1.1 200 OK
  781. Server: nginx
  782. Date: Thu, 14 Feb 2019 16:08:16 GMT
  783. Content-Type: text/html
  784. Connection: keep-alive
  785. X-Powered-By: PHP/5.3.29
  786. Set-Cookie: csrf_cookie_name=1d32e0ea8cb6b7a7f4b9ad5c6fb1be0a; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  787. Set-Cookie: user_lang=ar; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  788. Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269755f6fa613543efa203f4c446a6811%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22176.113.74.44%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A11%3A%22curl%2F7.64.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1550160496%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D35c17dd7c3c1c6a25e6e55b37a3d2e54; expires=Thu, 14-Feb-2019 18:08:16 GMT; path=/
  789. X-Powered-By: PleskLin
  790. #######################################################################################################################################
  791. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:06 EST
  792. Nmap scan report for mocit.gov.sd (62.12.105.2)
  793. Host is up (0.21s latency).
  794. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  795.  
  796. PORT STATE SERVICE VERSION
  797. 110/tcp open pop3 Dovecot pop3d
  798. | pop3-brute:
  799. | Accounts: No valid accounts found
  800. |_ Statistics: Performed 185 guesses in 191 seconds, average tps: 0.8
  801. |_pop3-capabilities: APOP UIDL USER RESP-CODES CAPA STLS PIPELINING AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP
  802. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  803. OS fingerprint not ideal because: Timing level 5 (Insane) used
  804. No OS matches for host
  805. Network Distance: 19 hops
  806. Service Info: Host: fo3-web02.nic.gov.sd
  807.  
  808. TRACEROUTE (using port 443/tcp)
  809. HOP RTT ADDRESS
  810. 1 21.62 ms 10.244.200.1
  811. 2 22.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  812. 3 22.02 ms 37.120.128.168
  813. 4 21.79 ms 82.102.29.44
  814. 5 23.21 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  815. 6 22.04 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  816. 7 91.87 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  817. 8 97.48 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  818. 9 98.48 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  819. 10 98.74 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  820. 11 99.84 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  821. 12 178.43 ms 185.153.20.70
  822. 13 178.44 ms 185.153.20.82
  823. 14 178.43 ms 185.153.20.94
  824. 15 192.91 ms 185.153.20.153
  825. 16 ... 17
  826. 18 210.81 ms 196.202.145.94
  827. 19 209.26 ms f03-web02.nic.gov.sd (62.12.105.2)
  828. #######################################################################################################################################
  829. Version: 1.11.12-static
  830. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  831.  
  832. Connected to 62.12.105.2
  833.  
  834. Testing SSL server mocit.gov.sd on port 443 using SNI name mocit.gov.sd
  835.  
  836. TLS Fallback SCSV:
  837. Server supports TLS Fallback SCSV
  838.  
  839. TLS renegotiation:
  840. Secure session renegotiation supported
  841.  
  842. TLS Compression:
  843. Compression disabled
  844.  
  845. Heartbleed:
  846. TLS 1.2 not vulnerable to heartbleed
  847. TLS 1.1 not vulnerable to heartbleed
  848. TLS 1.0 not vulnerable to heartbleed
  849.  
  850. Supported Server Cipher(s):
  851. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  852. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  853. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  854. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  855. Accepted TLSv1.2 256 bits AES256-SHA256
  856. Accepted TLSv1.2 256 bits AES256-SHA
  857. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  858. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  859. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  860. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  861. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  862. Accepted TLSv1.2 128 bits AES128-SHA256
  863. Accepted TLSv1.2 128 bits AES128-SHA
  864. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  865. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  866. Accepted TLSv1.1 256 bits AES256-SHA
  867. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  868. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  869. Accepted TLSv1.1 128 bits AES128-SHA
  870. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  871. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  872. Accepted TLSv1.0 256 bits AES256-SHA
  873. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  874. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  875. Accepted TLSv1.0 128 bits AES128-SHA
  876. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  877.  
  878. SSL Certificate:
  879. Signature Algorithm: sha256WithRSAEncryption
  880. RSA Key Strength: 2048
  881.  
  882. Subject: Plesk
  883. Issuer: Plesk
  884.  
  885. Not valid before: Apr 20 02:40:27 2016 GMT
  886. Not valid after: Apr 20 02:40:27 2017 GMT
  887. #######################################################################################################################################
  888. --------------------------------------------------------
  889. <<<Yasuo discovered following vulnerable applications>>>
  890. --------------------------------------------------------
  891. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  892. | App Name | URL to Application | Potential Exploit | Username | Password |
  893. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  894. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  895. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  896. #######################################################################################################################################
  897. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:47 EST
  898. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  899. Host is up (0.17s latency).
  900. Not shown: 464 filtered ports, 4 closed ports
  901. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  902. PORT STATE SERVICE
  903. 21/tcp open ftp
  904. 80/tcp open http
  905. 110/tcp open pop3
  906. 143/tcp open imap
  907. 443/tcp open https
  908. 993/tcp open imaps
  909. 995/tcp open pop3s
  910. 8443/tcp open https-alt
  911. #######################################################################################################################################
  912. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:48 EST
  913. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  914. Host is up (0.023s latency).
  915. Not shown: 2 filtered ports
  916. PORT STATE SERVICE
  917. 53/udp open|filtered domain
  918. 67/udp open|filtered dhcps
  919. 68/udp open|filtered dhcpc
  920. 69/udp open|filtered tftp
  921. 88/udp open|filtered kerberos-sec
  922. 123/udp open|filtered ntp
  923. 139/udp open|filtered netbios-ssn
  924. 161/udp open|filtered snmp
  925. 162/udp open|filtered snmptrap
  926. 389/udp open|filtered ldap
  927. 520/udp open|filtered route
  928. 2049/udp open|filtered nfs
  929. #######################################################################################################################################
  930. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:48 EST
  931. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  932. Host is up (0.21s latency).
  933.  
  934. PORT STATE SERVICE VERSION
  935. 21/tcp open tcpwrapped
  936. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  937. Device type: specialized|WAP|general purpose|router
  938. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  939. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  940. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  941. Network Distance: 20 hops
  942.  
  943. TRACEROUTE (using port 21/tcp)
  944. HOP RTT ADDRESS
  945. 1 24.45 ms 10.244.200.1
  946. 2 24.92 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  947. 3 31.95 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  948. 4 24.89 ms 82.102.29.44
  949. 5 25.31 ms 38.122.42.161
  950. 6 24.94 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  951. 7 95.68 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  952. 8 100.26 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  953. 9 101.34 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  954. 10 101.73 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  955. 11 98.62 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  956. 12 177.26 ms 185.153.20.70
  957. 13 177.29 ms 185.153.20.82
  958. 14 177.02 ms 185.153.20.94
  959. 15 195.66 ms 185.153.20.153
  960. 16 ... 17
  961. 18 216.11 ms 196.202.145.94
  962. 19 ...
  963. 20 205.41 ms f03-web02.nic.gov.sd (62.12.105.2)
  964. #######################################################################################################################################
  965. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 11:59 EST
  966. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  967. Host is up.
  968.  
  969. PORT STATE SERVICE VERSION
  970. 67/udp open|filtered dhcps
  971. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  972. Too many fingerprints match this host to give specific OS details
  973.  
  974. TRACEROUTE (using proto 1/icmp)
  975. HOP RTT ADDRESS
  976. 1 23.12 ms 10.244.200.1
  977. 2 24.27 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  978. 3 38.80 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  979. 4 24.23 ms 82.102.29.44
  980. 5 24.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  981. 6 24.30 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  982. 7 93.66 ms 154.54.44.165
  983. 8 99.33 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  984. 9 100.35 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  985. 10 100.36 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  986. 11 99.83 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  987. 12 178.44 ms 185.153.20.70
  988. 13 178.49 ms 185.153.20.82
  989. 14 178.46 ms 185.153.20.94
  990. 15 192.23 ms 185.153.20.153
  991. 16 203.36 ms 212.0.131.109
  992. 17 205.31 ms 196.202.137.249
  993. 18 214.59 ms 196.202.145.94
  994. 19 ... 30
  995. #######################################################################################################################################
  996. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:01 EST
  997. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  998. Host is up.
  999.  
  1000. PORT STATE SERVICE VERSION
  1001. 68/udp open|filtered dhcpc
  1002. Too many fingerprints match this host to give specific OS details
  1003.  
  1004. TRACEROUTE (using proto 1/icmp)
  1005. HOP RTT ADDRESS
  1006. 1 23.35 ms 10.244.200.1
  1007. 2 23.78 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1008. 3 39.94 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1009. 4 23.42 ms 82.102.29.44
  1010. 5 25.42 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1011. 6 24.22 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1012. 7 93.39 ms 154.54.44.165
  1013. 8 99.25 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1014. 9 100.21 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1015. 10 100.52 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1016. 11 107.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1017. 12 186.35 ms 185.153.20.70
  1018. 13 186.64 ms 185.153.20.82
  1019. 14 186.31 ms 185.153.20.94
  1020. 15 200.10 ms 185.153.20.153
  1021. 16 208.02 ms 212.0.131.109
  1022. 17 201.44 ms 196.202.137.249
  1023. 18 210.35 ms 196.202.145.94
  1024. 19 ... 30
  1025. #######################################################################################################################################
  1026. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:03 EST
  1027. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1028. Host is up.
  1029.  
  1030. PORT STATE SERVICE VERSION
  1031. 69/udp open|filtered tftp
  1032. Too many fingerprints match this host to give specific OS details
  1033.  
  1034. TRACEROUTE (using proto 1/icmp)
  1035. HOP RTT ADDRESS
  1036. 1 26.41 ms 10.244.200.1
  1037. 2 26.84 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1038. 3 40.24 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1039. 4 28.85 ms 82.102.29.44
  1040. 5 26.88 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1041. 6 26.89 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1042. 7 97.92 ms 154.54.44.165
  1043. 8 103.48 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1044. 9 103.51 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1045. 10 103.56 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1046. 11 98.40 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1047. 12 177.01 ms 185.153.20.70
  1048. 13 177.02 ms 185.153.20.82
  1049. 14 176.96 ms 185.153.20.94
  1050. 15 190.75 ms 185.153.20.153
  1051. 16 208.88 ms 212.0.131.109
  1052. 17 206.14 ms 196.202.137.249
  1053. 18 211.22 ms 196.202.145.94
  1054. 19 ... 30
  1055. #######################################################################################################################################
  1056. wig - WebApp Information Gatherer
  1057.  
  1058.  
  1059. Scanning http://62.12.105.2...
  1060. ________________________________________ SITE INFO _________________________________________
  1061. IP Title
  1062. 62.12.105.2 Domain Default page
  1063.  
  1064. _________________________________________ VERSION __________________________________________
  1065. Name Versions Type
  1066. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  1067. 2.4.9
  1068. nginx Platform
  1069.  
  1070. ____________________________________________________________________________________________
  1071. Time: 1.4 sec Urls: 811 Fingerprints: 40401
  1072. #######################################################################################################################################
  1073. HTTP/1.1 200 OK
  1074. Server: nginx
  1075. Date: Thu, 14 Feb 2019 16:08:25 GMT
  1076. Content-Type: text/html
  1077. Content-Length: 3750
  1078. Connection: keep-alive
  1079. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1080. ETag: "ea6-5649d8e57844b"
  1081. Accept-Ranges: bytes
  1082.  
  1083. HTTP/1.1 200 OK
  1084. Server: nginx
  1085. Date: Thu, 14 Feb 2019 16:08:25 GMT
  1086. Content-Type: text/html
  1087. Content-Length: 3750
  1088. Connection: keep-alive
  1089. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1090. ETag: "ea6-5649d8e57844b"
  1091. Accept-Ranges: bytes
  1092. #######################################################################################################################################
  1093. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:06 EST
  1094. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1095. Host is up (0.21s latency).
  1096.  
  1097. PORT STATE SERVICE VERSION
  1098. 110/tcp open pop3 Dovecot pop3d
  1099. | pop3-brute:
  1100. | Accounts: No valid accounts found
  1101. |_ Statistics: Performed 218 guesses in 196 seconds, average tps: 1.2
  1102. |_pop3-capabilities: APOP STLS RESP-CODES PIPELINING USER UIDL CAPA TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE
  1103. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1104. OS fingerprint not ideal because: Timing level 5 (Insane) used
  1105. No OS matches for host
  1106. Network Distance: 19 hops
  1107. Service Info: Host: fo3-web02.nic.gov.sd
  1108.  
  1109. TRACEROUTE (using port 443/tcp)
  1110. HOP RTT ADDRESS
  1111. 1 22.03 ms 10.244.200.1
  1112. 2 22.56 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1113. 3 26.75 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1114. 4 22.36 ms 82.102.29.44
  1115. 5 22.58 ms 38.122.42.161
  1116. 6 23.02 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  1117. 7 91.84 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  1118. 8 99.05 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1119. 9 99.08 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1120. 10 99.11 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1121. 11 99.99 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1122. 12 178.49 ms 185.153.20.70
  1123. 13 178.49 ms 185.153.20.82
  1124. 14 178.46 ms 185.153.20.94
  1125. 15 193.09 ms 185.153.20.153
  1126. 16 ... 17
  1127. 18 211.39 ms 196.202.145.94
  1128. 19 206.57 ms f03-web02.nic.gov.sd (62.12.105.2)
  1129. #######################################################################################################################################
  1130. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:10 EST
  1131. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1132. Host is up.
  1133.  
  1134. PORT STATE SERVICE VERSION
  1135. 123/udp open|filtered ntp
  1136. Too many fingerprints match this host to give specific OS details
  1137.  
  1138. TRACEROUTE (using proto 1/icmp)
  1139. HOP RTT ADDRESS
  1140. 1 21.95 ms 10.244.200.1
  1141. 2 22.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1142. 3 36.50 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1143. 4 22.02 ms 82.102.29.44
  1144. 5 22.41 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1145. 6 22.38 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1146. 7 91.78 ms 154.54.44.165
  1147. 8 97.73 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1148. 9 98.92 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1149. 10 98.62 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1150. 11 99.65 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1151. 12 178.50 ms 185.153.20.70
  1152. 13 178.50 ms 185.153.20.82
  1153. 14 178.46 ms 185.153.20.94
  1154. 15 191.62 ms 185.153.20.153
  1155. 16 213.56 ms 212.0.131.109
  1156. 17 201.82 ms 196.202.137.249
  1157. 18 210.81 ms 196.202.145.94
  1158. 19 ... 30
  1159. #######################################################################################################################################
  1160. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:12 EST
  1161. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1162. Host is up (0.20s latency).
  1163.  
  1164. PORT STATE SERVICE VERSION
  1165. 161/tcp filtered snmp
  1166. 161/udp open|filtered snmp
  1167. Too many fingerprints match this host to give specific OS details
  1168.  
  1169. TRACEROUTE (using proto 1/icmp)
  1170. HOP RTT ADDRESS
  1171. 1 22.84 ms 10.244.200.1
  1172. 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1173. 3 44.46 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1174. 4 23.05 ms 82.102.29.44
  1175. 5 23.49 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1176. 6 23.27 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1177. 7 93.02 ms 154.54.44.165
  1178. 8 98.72 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1179. 9 100.12 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1180. 10 100.17 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1181. 11 99.48 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1182. 12 178.15 ms 185.153.20.70
  1183. 13 178.15 ms 185.153.20.82
  1184. 14 177.87 ms 185.153.20.94
  1185. 15 191.68 ms 185.153.20.153
  1186. 16 203.26 ms 212.0.131.109
  1187. 17 203.45 ms 196.202.137.249
  1188. 18 212.58 ms 196.202.145.94
  1189. 19 ... 30
  1190. #######################################################################################################################################
  1191. Version: 1.11.12-static
  1192. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1193.  
  1194. Connected to 62.12.105.2
  1195.  
  1196. Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
  1197.  
  1198. TLS Fallback SCSV:
  1199. Server supports TLS Fallback SCSV
  1200.  
  1201. TLS renegotiation:
  1202. Secure session renegotiation supported
  1203.  
  1204. TLS Compression:
  1205. Compression disabled
  1206.  
  1207. Heartbleed:
  1208. TLS 1.2 not vulnerable to heartbleed
  1209. TLS 1.1 not vulnerable to heartbleed
  1210. TLS 1.0 not vulnerable to heartbleed
  1211.  
  1212. Supported Server Cipher(s):
  1213. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1214. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1215. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1216. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1217. Accepted TLSv1.2 256 bits AES256-SHA256
  1218. Accepted TLSv1.2 256 bits AES256-SHA
  1219. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1220. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1221. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1222. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1223. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1224. Accepted TLSv1.2 128 bits AES128-SHA256
  1225. Accepted TLSv1.2 128 bits AES128-SHA
  1226. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1227. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1228. Accepted TLSv1.1 256 bits AES256-SHA
  1229. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1230. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1231. Accepted TLSv1.1 128 bits AES128-SHA
  1232. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1233. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1234. Accepted TLSv1.0 256 bits AES256-SHA
  1235. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1236. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1237. Accepted TLSv1.0 128 bits AES128-SHA
  1238. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1239.  
  1240. SSL Certificate:
  1241. Signature Algorithm: sha256WithRSAEncryption
  1242. RSA Key Strength: 2048
  1243.  
  1244. Subject: Plesk
  1245. Issuer: Plesk
  1246.  
  1247. Not valid before: Apr 20 02:40:27 2016 GMT
  1248. Not valid after: Apr 20 02:40:27 2017 GMT
  1249. ######################################################################################################################################
  1250. --------------------------------------------------------
  1251. <<<Yasuo discovered following vulnerable applications>>>
  1252. --------------------------------------------------------
  1253. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1254. | App Name | URL to Application | Potential Exploit | Username | Password |
  1255. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1256. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  1257. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1258. #######################################################################################################################################
  1259. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:20 EST
  1260. NSE: Loaded 148 scripts for scanning.
  1261. NSE: Script Pre-scanning.
  1262. NSE: Starting runlevel 1 (of 2) scan.
  1263. Initiating NSE at 12:20
  1264. Completed NSE at 12:20, 0.00s elapsed
  1265. NSE: Starting runlevel 2 (of 2) scan.
  1266. Initiating NSE at 12:20
  1267. Completed NSE at 12:20, 0.00s elapsed
  1268. Initiating Ping Scan at 12:20
  1269. Scanning 62.12.105.2 [4 ports]
  1270. Completed Ping Scan at 12:20, 0.24s elapsed (1 total hosts)
  1271. Initiating Parallel DNS resolution of 1 host. at 12:20
  1272. Completed Parallel DNS resolution of 1 host. at 12:20, 0.02s elapsed
  1273. Initiating Connect Scan at 12:20
  1274. Scanning f03-web02.nic.gov.sd (62.12.105.2) [1000 ports]
  1275. Discovered open port 143/tcp on 62.12.105.2
  1276. Discovered open port 993/tcp on 62.12.105.2
  1277. Discovered open port 995/tcp on 62.12.105.2
  1278. Discovered open port 110/tcp on 62.12.105.2
  1279. Discovered open port 21/tcp on 62.12.105.2
  1280. Discovered open port 80/tcp on 62.12.105.2
  1281. Discovered open port 443/tcp on 62.12.105.2
  1282. Discovered open port 8443/tcp on 62.12.105.2
  1283. Completed Connect Scan at 12:20, 14.11s elapsed (1000 total ports)
  1284. Initiating Service scan at 12:20
  1285. Scanning 8 services on f03-web02.nic.gov.sd (62.12.105.2)
  1286. Completed Service scan at 12:20, 14.41s elapsed (8 services on 1 host)
  1287. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1288. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1289. WARNING: OS didn't match until try #2
  1290. Initiating Traceroute at 12:20
  1291. Completed Traceroute at 12:20, 6.16s elapsed
  1292. Initiating Parallel DNS resolution of 18 hosts. at 12:20
  1293. Completed Parallel DNS resolution of 18 hosts. at 12:21, 16.51s elapsed
  1294. NSE: Script scanning 62.12.105.2.
  1295. NSE: Starting runlevel 1 (of 2) scan.
  1296. Initiating NSE at 12:21
  1297. NSE Timing: About 98.90% done; ETC: 12:21 (0:00:00 remaining)
  1298. NSE Timing: About 99.08% done; ETC: 12:22 (0:00:01 remaining)
  1299. NSE Timing: About 99.17% done; ETC: 12:22 (0:00:01 remaining)
  1300. NSE Timing: About 99.54% done; ETC: 12:23 (0:00:01 remaining)
  1301. Completed NSE at 12:23, 139.17s elapsed
  1302. NSE: Starting runlevel 2 (of 2) scan.
  1303. Initiating NSE at 12:23
  1304. Completed NSE at 12:23, 0.45s elapsed
  1305. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1306. Host is up, received syn-ack ttl 44 (0.15s latency).
  1307. Scanned at 2019-02-14 12:20:12 EST for 198s
  1308. Not shown: 988 filtered ports
  1309. Reason: 987 no-responses and 1 host-unreach
  1310. PORT STATE SERVICE REASON VERSION
  1311. 21/tcp open tcpwrapped syn-ack
  1312. 25/tcp closed smtp conn-refused
  1313. 80/tcp open http syn-ack nginx
  1314. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
  1315. | http-methods:
  1316. |_ Supported Methods: GET HEAD POST OPTIONS
  1317. |_http-server-header: nginx
  1318. |_http-title: Domain Default page
  1319. 110/tcp open pop3 syn-ack Dovecot pop3d
  1320. |_pop3-capabilities: UIDL USER APOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP AUTH-RESP-CODE STLS RESP-CODES PIPELINING CAPA
  1321. |_ssl-date: TLS randomness does not represent time
  1322. 113/tcp closed ident conn-refused
  1323. 139/tcp closed netbios-ssn conn-refused
  1324. 143/tcp open imap syn-ack Dovecot imapd
  1325. |_imap-capabilities: post-login AUTH=CRAM-MD5A0001 STARTTLS LITERAL+ IMAP4rev1 SASL-IR OK Pre-login AUTH=PLAIN listed have ID AUTH=LOGIN AUTH=DIGEST-MD5 more IDLE capabilities LOGIN-REFERRALS ENABLE
  1326. 443/tcp open ssl/http syn-ack nginx
  1327. | http-methods:
  1328. |_ Supported Methods: GET HEAD POST OPTIONS
  1329. |_http-server-header: nginx
  1330. |_http-title: Domain Default page
  1331. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
  1332. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
  1333. | Public Key type: rsa
  1334. | Public Key bits: 2048
  1335. | Signature Algorithm: sha256WithRSAEncryption
  1336. | Not valid before: 2016-04-20T02:40:27
  1337. | Not valid after: 2017-04-20T02:40:27
  1338. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1339. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1340. | -----BEGIN CERTIFICATE-----
  1341. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1342. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1343. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1344. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1345. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1346. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1347. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1348. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1349. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1350. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1351. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1352. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1353. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1354. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1355. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1356. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1357. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1358. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1359. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1360. |_-----END CERTIFICATE-----
  1361. |_ssl-date: TLS randomness does not represent time
  1362. | tls-alpn:
  1363. |_ http/1.1
  1364. | tls-nextprotoneg:
  1365. |_ http/1.1
  1366. 445/tcp closed microsoft-ds conn-refused
  1367. 993/tcp open ssl/imaps? syn-ack
  1368. |_ssl-date: TLS randomness does not represent time
  1369. 995/tcp open ssl/pop3s? syn-ack
  1370. |_ssl-date: TLS randomness does not represent time
  1371. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
  1372. | http-methods:
  1373. |_ Supported Methods: GET HEAD POST OPTIONS
  1374. |_http-server-header: sw-cp-server
  1375. |_http-title: Plesk Onyx 17.5.3
  1376. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
  1377. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
  1378. | Public Key type: rsa
  1379. | Public Key bits: 2048
  1380. | Signature Algorithm: sha256WithRSAEncryption
  1381. | Not valid before: 2016-04-20T02:40:27
  1382. | Not valid after: 2017-04-20T02:40:27
  1383. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1384. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1385. | -----BEGIN CERTIFICATE-----
  1386. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1387. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1388. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1389. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1390. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1391. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1392. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1393. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1394. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1395. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1396. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1397. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1398. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1399. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1400. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1401. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1402. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1403. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1404. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1405. |_-----END CERTIFICATE-----
  1406. |_ssl-date: TLS randomness does not represent time
  1407. | tls-nextprotoneg:
  1408. |_ http/1.1
  1409. Device type: general purpose
  1410. Running: Linux 2.6.X
  1411. OS CPE: cpe:/o:linux:linux_kernel:2.6
  1412. OS details: Linux 2.6.18 - 2.6.22
  1413. TCP/IP fingerprint:
  1414. OS:SCAN(V=7.70%E=4%D=2/14%OT=80%CT=25%CU=%PV=N%G=N%TM=5C65A412%P=x86_64-pc-
  1415. OS:linux-gnu)SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=Z%TS=A)SEQ(CI=Z)OPS(O1=M4B3ST
  1416. OS:11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4
  1417. OS:B3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%
  1418. OS:TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=A
  1419. OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD
  1420. OS:=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
  1421.  
  1422. Service Info: Host: fo3-web02.nic.gov.sd
  1423.  
  1424. TRACEROUTE (using proto 1/icmp)
  1425. HOP RTT ADDRESS
  1426. 1 26.30 ms 10.244.200.1
  1427. 2 53.08 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1428. 3 39.06 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1429. 4 26.50 ms 82.102.29.44
  1430. 5 27.12 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1431. 6 26.71 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1432. 7 96.33 ms 154.54.44.165
  1433. 8 102.00 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1434. 9 103.36 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1435. 10 103.44 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1436. 11 99.27 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1437. 12 177.88 ms 185.153.20.70
  1438. 13 179.65 ms 185.153.20.82
  1439. 14 177.90 ms 185.153.20.94
  1440. 15 203.23 ms 185.153.20.153
  1441. 16 206.77 ms 212.0.131.109
  1442. 17 200.98 ms 196.202.137.249
  1443. 18 212.37 ms 196.202.145.94
  1444. 19 ... 30
  1445.  
  1446. NSE: Script Post-scanning.
  1447. NSE: Starting runlevel 1 (of 2) scan.
  1448. Initiating NSE at 12:23
  1449. Completed NSE at 12:23, 0.00s elapsed
  1450. NSE: Starting runlevel 2 (of 2) scan.
  1451. Initiating NSE at 12:23
  1452. Completed NSE at 12:23, 0.00s elapsed
  1453. Read data files from: /usr/bin/../share/nmap
  1454. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1455. Nmap done: 1 IP address (1 host up) scanned in 199.27 seconds
  1456. Raw packets sent: 142 (10.432KB) | Rcvd: 50 (3.905KB)
  1457. #######################################################################################################################################
  1458. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 12:23 EST
  1459. NSE: Loaded 148 scripts for scanning.
  1460. NSE: Script Pre-scanning.
  1461. Initiating NSE at 12:23
  1462. Completed NSE at 12:23, 0.00s elapsed
  1463. Initiating NSE at 12:23
  1464. Completed NSE at 12:23, 0.00s elapsed
  1465. Initiating Parallel DNS resolution of 1 host. at 12:23
  1466. Completed Parallel DNS resolution of 1 host. at 12:23, 0.02s elapsed
  1467. Initiating UDP Scan at 12:23
  1468. Scanning f03-web02.nic.gov.sd (62.12.105.2) [14 ports]
  1469. Completed UDP Scan at 12:23, 1.24s elapsed (14 total ports)
  1470. Initiating Service scan at 12:23
  1471. Scanning 12 services on f03-web02.nic.gov.sd (62.12.105.2)
  1472. Service scan Timing: About 8.33% done; ETC: 12:43 (0:17:58 remaining)
  1473. Completed Service scan at 12:25, 102.59s elapsed (12 services on 1 host)
  1474. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1475. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1476. Initiating Traceroute at 12:25
  1477. Completed Traceroute at 12:25, 7.07s elapsed
  1478. Initiating Parallel DNS resolution of 1 host. at 12:25
  1479. Completed Parallel DNS resolution of 1 host. at 12:25, 0.03s elapsed
  1480. NSE: Script scanning 62.12.105.2.
  1481. Initiating NSE at 12:25
  1482. Completed NSE at 12:25, 20.31s elapsed
  1483. Initiating NSE at 12:25
  1484. Completed NSE at 12:25, 1.03s elapsed
  1485. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1486. Host is up (0.023s latency).
  1487.  
  1488. PORT STATE SERVICE VERSION
  1489. 53/udp open|filtered domain
  1490. 67/udp open|filtered dhcps
  1491. 68/udp open|filtered dhcpc
  1492. 69/udp open|filtered tftp
  1493. 88/udp open|filtered kerberos-sec
  1494. 123/udp open|filtered ntp
  1495. 137/udp filtered netbios-ns
  1496. 138/udp filtered netbios-dgm
  1497. 139/udp open|filtered netbios-ssn
  1498. 161/udp open|filtered snmp
  1499. 162/udp open|filtered snmptrap
  1500. 389/udp open|filtered ldap
  1501. 520/udp open|filtered route
  1502. 2049/udp open|filtered nfs
  1503. Too many fingerprints match this host to give specific OS details
  1504.  
  1505. TRACEROUTE (using port 137/udp)
  1506. HOP RTT ADDRESS
  1507. 1 22.69 ms 10.244.200.1
  1508. 2 ... 3
  1509. 4 23.28 ms 10.244.200.1
  1510. 5 26.82 ms 10.244.200.1
  1511. 6 26.81 ms 10.244.200.1
  1512. 7 26.80 ms 10.244.200.1
  1513. 8 26.79 ms 10.244.200.1
  1514. 9 26.78 ms 10.244.200.1
  1515. 10 26.79 ms 10.244.200.1
  1516. 11 ... 18
  1517. 19 22.20 ms 10.244.200.1
  1518. 20 22.83 ms 10.244.200.1
  1519. 21 21.92 ms 10.244.200.1
  1520. 22 ... 29
  1521. 30 21.18 ms 10.244.200.1
  1522.  
  1523. NSE: Script Post-scanning.
  1524. Initiating NSE at 12:25
  1525. Completed NSE at 12:25, 0.00s elapsed
  1526. Initiating NSE at 12:25
  1527. Completed NSE at 12:25, 0.00s elapsed
  1528. Read data files from: /usr/bin/../share/nmap
  1529. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1530. Nmap done: 1 IP address (1 host up) scanned in 135.43 seconds
  1531. Raw packets sent: 147 (13.614KB) | Rcvd: 29 (3.062KB)
  1532. #######################################################################################################################################
  1533. [+] URL: http://mocit.gov.sd/
  1534. [+] Effective URL: http://mocit.gov.sd/index.php/ar/
  1535. [+] Started: Thu Feb 14 11:04:56 2019
  1536.  
  1537. Interesting Finding(s):
  1538.  
  1539. [+] http://mocit.gov.sd/index.php/ar/
  1540. | Interesting Entry: X-Powered-By: PHP/5.3.29, PleskLin
  1541. | Found By: Headers (Passive Detection)
  1542. | Confidence: 100%
  1543.  
  1544. Fingerprinting the version - Time: 00:00:31 <=========> (350 / 350) 100.00% Time: 00:00:31
  1545. [+] WordPress version 3.9.1 identified (Insecure, released on 2014-05-08).
  1546. | Detected By: Plugin And Theme Query Parameter In Homepage (Passive Detection)
  1547. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/lofslidera560.css?ver=3.9.1
  1548. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/scrollbara560.css?ver=3.9.1
  1549. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/stylea560.css?ver=3.9.1
  1550. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/weather-font/weathera560.css?ver=3.9.1
  1551. |
  1552. | [!] 66 vulnerabilities identified:
  1553. |
  1554. | [!] Title: WordPress 3.9 & 3.9.1 Unlikely Code Execution
  1555. | Fixed in: 3.9.2
  1556. | References:
  1557. | - https://wpvulndb.com/vulnerabilities/7527
  1558. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5203
  1559. | - https://core.trac.wordpress.org/changeset/29389
  1560. |
  1561. | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  1562. | Fixed in: 3.9.2
  1563. | References:
  1564. | - https://wpvulndb.com/vulnerabilities/7528
  1565. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  1566. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  1567. | - https://core.trac.wordpress.org/changeset/29384
  1568. | - https://core.trac.wordpress.org/changeset/29408
  1569. |
  1570. | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  1571. | Fixed in: 3.9.2
  1572. | References:
  1573. | - https://wpvulndb.com/vulnerabilities/7529
  1574. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  1575. | - https://core.trac.wordpress.org/changeset/29398
  1576. |
  1577. | [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
  1578. | Fixed in: 3.9.2
  1579. | References:
  1580. | - https://wpvulndb.com/vulnerabilities/7530
  1581. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
  1582. | - https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
  1583. | - http://getid3.sourceforge.net/
  1584. | - http://wordpress.org/news/2014/08/wordpress-3-9-2/
  1585. | - http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
  1586. | - https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
  1587. |
  1588. | [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  1589. | Fixed in: 4.0
  1590. | References:
  1591. | - https://wpvulndb.com/vulnerabilities/7531
  1592. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  1593. | - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  1594. | - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-to-get-full-compromise-on-wordpress-sites/
  1595. |
  1596. | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  1597. | Fixed in: 4.0
  1598. | References:
  1599. | - https://wpvulndb.com/vulnerabilities/7680
  1600. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  1601. | - http://klikki.fi/adv/wordpress.html
  1602. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  1603. | - http://klikki.fi/adv/wordpress_update.html
  1604. |
  1605. | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  1606. | Fixed in: 4.0.1
  1607. | References:
  1608. | - https://wpvulndb.com/vulnerabilities/7681
  1609. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  1610. | - https://www.exploit-db.com/exploits/35413/
  1611. | - https://www.exploit-db.com/exploits/35414/
  1612. | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  1613. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  1614. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  1615. |
  1616. | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  1617. | Fixed in: 4.0.1
  1618. | References:
  1619. | - https://wpvulndb.com/vulnerabilities/7696
  1620. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  1621. | - http://www.securityfocus.com/bid/71234/
  1622. | - https://core.trac.wordpress.org/changeset/30444
  1623. |
  1624. | [!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
  1625. | Fixed in: 4.0.1
  1626. | References:
  1627. | - https://wpvulndb.com/vulnerabilities/7697
  1628. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032
  1629. | - https://core.trac.wordpress.org/changeset/30422
  1630. |
  1631. | [!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  1632. | Fixed in: 4.1.2
  1633. | References:
  1634. | - https://wpvulndb.com/vulnerabilities/7929
  1635. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  1636. | - https://wordpress.org/news/2015/04/wordpress-4-1-2/
  1637. | - https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
  1638. |
  1639. | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  1640. | Fixed in: 3.9.7
  1641. | References:
  1642. | - https://wpvulndb.com/vulnerabilities/8111
  1643. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  1644. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  1645. | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
  1646. | - https://twitter.com/klikkioy/status/624264122570526720
  1647. | - https://klikki.fi/adv/wordpress3.html
  1648. |
  1649. | [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  1650. | Fixed in: 3.9.8
  1651. | References:
  1652. | - https://wpvulndb.com/vulnerabilities/8126
  1653. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  1654. | - https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  1655. |
  1656. | [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  1657. | Fixed in: 3.9.8
  1658. | References:
  1659. | - https://wpvulndb.com/vulnerabilities/8130
  1660. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  1661. | - https://core.trac.wordpress.org/changeset/33536
  1662. |
  1663. | [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  1664. | Fixed in: 3.9.8
  1665. | References:
  1666. | - https://wpvulndb.com/vulnerabilities/8131
  1667. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  1668. | - https://core.trac.wordpress.org/changeset/33529
  1669. |
  1670. | [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  1671. | Fixed in: 3.9.8
  1672. | References:
  1673. | - https://wpvulndb.com/vulnerabilities/8132
  1674. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  1675. | - https://core.trac.wordpress.org/changeset/33541
  1676. |
  1677. | [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  1678. | Fixed in: 3.9.8
  1679. | References:
  1680. | - https://wpvulndb.com/vulnerabilities/8133
  1681. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  1682. | - https://core.trac.wordpress.org/changeset/33549
  1683. | - https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  1684. |
  1685. | [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  1686. | Fixed in: 3.9.9
  1687. | References:
  1688. | - https://wpvulndb.com/vulnerabilities/8186
  1689. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  1690. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  1691. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  1692. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  1693. |
  1694. | [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  1695. | Fixed in: 3.9.9
  1696. | References:
  1697. | - https://wpvulndb.com/vulnerabilities/8187
  1698. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  1699. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  1700. | - https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  1701. |
  1702. | [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  1703. | Fixed in: 3.9.9
  1704. | References:
  1705. | - https://wpvulndb.com/vulnerabilities/8188
  1706. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  1707. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  1708. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  1709. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  1710. |
  1711. | [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  1712. | Fixed in: 3.9.10
  1713. | References:
  1714. | - https://wpvulndb.com/vulnerabilities/8358
  1715. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  1716. | - https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  1717. | - https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  1718. |
  1719. | [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  1720. | Fixed in: 3.9.11
  1721. | References:
  1722. | - https://wpvulndb.com/vulnerabilities/8376
  1723. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  1724. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  1725. | - https://core.trac.wordpress.org/changeset/36435
  1726. | - https://hackerone.com/reports/110801
  1727. |
  1728. | [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  1729. | Fixed in: 3.9.11
  1730. | References:
  1731. | - https://wpvulndb.com/vulnerabilities/8377
  1732. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  1733. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  1734. | - https://core.trac.wordpress.org/changeset/36444
  1735. |
  1736. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  1737. | Fixed in: 4.5
  1738. | References:
  1739. | - https://wpvulndb.com/vulnerabilities/8473
  1740. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  1741. | - https://codex.wordpress.org/Version_4.5
  1742. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  1743. |
  1744. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  1745. | Fixed in: 4.5
  1746. | References:
  1747. | - https://wpvulndb.com/vulnerabilities/8474
  1748. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  1749. | - https://codex.wordpress.org/Version_4.5
  1750. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  1751. |
  1752. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  1753. | Fixed in: 4.5
  1754. | References:
  1755. | - https://wpvulndb.com/vulnerabilities/8475
  1756. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  1757. | - https://codex.wordpress.org/Version_4.5
  1758. |
  1759. | [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  1760. | Fixed in: 3.9.12
  1761. | References:
  1762. | - https://wpvulndb.com/vulnerabilities/8489
  1763. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  1764. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  1765. | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  1766. | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  1767. |
  1768. | [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  1769. | Fixed in: 3.9.13
  1770. | References:
  1771. | - https://wpvulndb.com/vulnerabilities/8519
  1772. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  1773. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  1774. | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  1775. | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  1776. |
  1777. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  1778. | Fixed in: 3.9.13
  1779. | References:
  1780. | - https://wpvulndb.com/vulnerabilities/8520
  1781. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  1782. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  1783. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  1784. |
  1785. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  1786. | Fixed in: 3.9.14
  1787. | References:
  1788. | - https://wpvulndb.com/vulnerabilities/8615
  1789. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  1790. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  1791. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  1792. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  1793. | - http://seclists.org/fulldisclosure/2016/Sep/6
  1794. |
  1795. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  1796. | Fixed in: 3.9.14
  1797. | References:
  1798. | - https://wpvulndb.com/vulnerabilities/8616
  1799. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  1800. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  1801. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  1802. |
  1803. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  1804. | Fixed in: 3.9.15
  1805. | References:
  1806. | - https://wpvulndb.com/vulnerabilities/8716
  1807. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  1808. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  1809. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1810. |
  1811. | [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  1812. | Fixed in: 3.9.15
  1813. | References:
  1814. | - https://wpvulndb.com/vulnerabilities/8718
  1815. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  1816. | - https://www.mehmetince.net/low-severity-wordpress/
  1817. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1818. | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  1819. |
  1820. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  1821. | Fixed in: 3.9.15
  1822. | References:
  1823. | - https://wpvulndb.com/vulnerabilities/8719
  1824. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  1825. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  1826. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1827. |
  1828. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  1829. | Fixed in: 3.9.15
  1830. | References:
  1831. | - https://wpvulndb.com/vulnerabilities/8720
  1832. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  1833. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  1834. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1835. |
  1836. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  1837. | Fixed in: 3.9.15
  1838. | References:
  1839. | - https://wpvulndb.com/vulnerabilities/8721
  1840. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  1841. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  1842. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  1843. |
  1844. | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  1845. | Fixed in: 3.9.16
  1846. | References:
  1847. | - https://wpvulndb.com/vulnerabilities/8730
  1848. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  1849. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  1850. | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  1851. |
  1852. | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  1853. | Fixed in: 3.9.17
  1854. | References:
  1855. | - https://wpvulndb.com/vulnerabilities/8765
  1856. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  1857. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  1858. | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  1859. | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  1860. | - http://seclists.org/oss-sec/2017/q1/563
  1861. |
  1862. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  1863. | Fixed in: 3.9.17
  1864. | References:
  1865. | - https://wpvulndb.com/vulnerabilities/8766
  1866. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  1867. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  1868. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  1869. |
  1870. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  1871. | References:
  1872. | - https://wpvulndb.com/vulnerabilities/8807
  1873. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  1874. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  1875. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  1876. | - https://core.trac.wordpress.org/ticket/25239
  1877. |
  1878. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  1879. | Fixed in: 3.9.19
  1880. | References:
  1881. | - https://wpvulndb.com/vulnerabilities/8815
  1882. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  1883. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  1884. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1885. |
  1886. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  1887. | Fixed in: 3.9.19
  1888. | References:
  1889. | - https://wpvulndb.com/vulnerabilities/8816
  1890. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  1891. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1892. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  1893. |
  1894. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  1895. | Fixed in: 3.9.19
  1896. | References:
  1897. | - https://wpvulndb.com/vulnerabilities/8817
  1898. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  1899. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1900. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  1901. |
  1902. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  1903. | Fixed in: 3.9.19
  1904. | References:
  1905. | - https://wpvulndb.com/vulnerabilities/8818
  1906. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  1907. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1908. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  1909. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  1910. |
  1911. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  1912. | Fixed in: 3.9.19
  1913. | References:
  1914. | - https://wpvulndb.com/vulnerabilities/8819
  1915. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  1916. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1917. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  1918. | - https://hackerone.com/reports/203515
  1919. | - https://hackerone.com/reports/203515
  1920. |
  1921. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  1922. | Fixed in: 3.9.19
  1923. | References:
  1924. | - https://wpvulndb.com/vulnerabilities/8820
  1925. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  1926. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  1927. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  1928. |
  1929. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  1930. | Fixed in: 3.9.20
  1931. | References:
  1932. | - https://wpvulndb.com/vulnerabilities/8905
  1933. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1934. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  1935. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  1936. |
  1937. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  1938. | Fixed in: 4.7.5
  1939. | References:
  1940. | - https://wpvulndb.com/vulnerabilities/8906
  1941. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  1942. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1943. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  1944. | - https://wpvulndb.com/vulnerabilities/8905
  1945. |
  1946. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  1947. | Fixed in: 3.9.20
  1948. | References:
  1949. | - https://wpvulndb.com/vulnerabilities/8910
  1950. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  1951. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1952. | - https://core.trac.wordpress.org/changeset/41398
  1953. |
  1954. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  1955. | Fixed in: 3.9.20
  1956. | References:
  1957. | - https://wpvulndb.com/vulnerabilities/8911
  1958. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  1959. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  1960. | - https://core.trac.wordpress.org/changeset/41457
  1961. |
  1962. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  1963. | Fixed in: 3.9.21
  1964. | References:
  1965. | - https://wpvulndb.com/vulnerabilities/8941
  1966. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  1967. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  1968. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  1969. | - https://twitter.com/ircmaxell/status/923662170092638208
  1970. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  1971. |
  1972. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  1973. | Fixed in: 3.9.22
  1974. | References:
  1975. | - https://wpvulndb.com/vulnerabilities/8966
  1976. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  1977. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  1978. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  1979. |
  1980. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  1981. | Fixed in: 3.9.22
  1982. | References:
  1983. | - https://wpvulndb.com/vulnerabilities/8967
  1984. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  1985. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  1986. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  1987. |
  1988. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  1989. | Fixed in: 3.9.22
  1990. | References:
  1991. | - https://wpvulndb.com/vulnerabilities/8969
  1992. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  1993. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  1994. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  1995. |
  1996. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  1997. | Fixed in: 3.9.23
  1998. | References:
  1999. | - https://wpvulndb.com/vulnerabilities/9006
  2000. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  2001. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  2002. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  2003. | - https://core.trac.wordpress.org/ticket/42720
  2004. |
  2005. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  2006. | References:
  2007. | - https://wpvulndb.com/vulnerabilities/9021
  2008. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  2009. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  2010. | - https://github.com/quitten/doser.py
  2011. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  2012. |
  2013. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  2014. | Fixed in: 3.9.24
  2015. | References:
  2016. | - https://wpvulndb.com/vulnerabilities/9053
  2017. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  2018. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2019. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  2020. |
  2021. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  2022. | Fixed in: 3.9.24
  2023. | References:
  2024. | - https://wpvulndb.com/vulnerabilities/9054
  2025. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  2026. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2027. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  2028. |
  2029. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  2030. | Fixed in: 3.9.24
  2031. | References:
  2032. | - https://wpvulndb.com/vulnerabilities/9055
  2033. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  2034. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2035. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  2036. |
  2037. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  2038. | Fixed in: 3.9.25
  2039. | References:
  2040. | - https://wpvulndb.com/vulnerabilities/9100
  2041. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  2042. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  2043. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  2044. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  2045. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  2046. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  2047. |
  2048. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  2049. | Fixed in: 3.9.26
  2050. | References:
  2051. | - https://wpvulndb.com/vulnerabilities/9169
  2052. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  2053. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2054. |
  2055. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  2056. | Fixed in: 3.9.26
  2057. | References:
  2058. | - https://wpvulndb.com/vulnerabilities/9170
  2059. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  2060. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2061. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  2062. |
  2063. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  2064. | Fixed in: 3.9.26
  2065. | References:
  2066. | - https://wpvulndb.com/vulnerabilities/9171
  2067. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  2068. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2069. |
  2070. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  2071. | Fixed in: 3.9.26
  2072. | References:
  2073. | - https://wpvulndb.com/vulnerabilities/9172
  2074. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  2075. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2076. |
  2077. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  2078. | Fixed in: 3.9.26
  2079. | References:
  2080. | - https://wpvulndb.com/vulnerabilities/9173
  2081. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  2082. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2083. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  2084. |
  2085. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  2086. | Fixed in: 3.9.26
  2087. | References:
  2088. | - https://wpvulndb.com/vulnerabilities/9174
  2089. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  2090. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2091. |
  2092. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  2093. | Fixed in: 3.9.26
  2094. | References:
  2095. | - https://wpvulndb.com/vulnerabilities/9175
  2096. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  2097. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2098. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  2099.  
  2100. [+] WordPress theme in use: asssd
  2101. | Location: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/
  2102. | Style URL: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/style.css
  2103. |
  2104. | Detected By: Urls In Homepage (Passive Detection)
  2105. |
  2106. | The version could not be determined.
  2107.  
  2108. [+] Enumerating Users (via Passive and Aggressive Methods)
  2109. Brute Forcing Author IDs - Time: 00:00:05 <============> (10 / 10) 100.00% Time: 00:00:05
  2110.  
  2111. [i] No Users Found.
  2112.  
  2113. [+] Finished: Thu Feb 14 11:05:54 2019
  2114. [+] Requests Done: 408
  2115. [+] Cached Requests: 9
  2116. [+] Data Sent: 259.038 KB
  2117. [+] Data Received: 1.077 MB
  2118. [+] Memory used: 15.758 MB
  2119. [+] Elapsed time: 00:00:57
  2120. #######################################################################################################################################
  2121. [+] URL: http://mocit.gov.sd/
  2122. [+] Effective URL: http://mocit.gov.sd/index.php/ar/
  2123. [+] Started: Thu Feb 14 10:50:16 2019
  2124.  
  2125. Interesting Finding(s):
  2126.  
  2127. [+] http://mocit.gov.sd/index.php/ar/
  2128. | Interesting Entry: X-Powered-By: PHP/5.3.29, PleskLin
  2129. | Found By: Headers (Passive Detection)
  2130. | Confidence: 100%
  2131.  
  2132. Fingerprinting the version - Time: 00:00:30 <=========> (350 / 350) 100.00% Time: 00:00:30
  2133. [+] WordPress version 3.9.1 identified (Insecure, released on 2014-05-08).
  2134. | Detected By: Plugin And Theme Query Parameter In Homepage (Passive Detection)
  2135. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/lofslidera560.css?ver=3.9.1
  2136. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/scrollbara560.css?ver=3.9.1
  2137. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/stylea560.css?ver=3.9.1
  2138. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/weather-font/weathera560.css?ver=3.9.1
  2139. |
  2140. | [!] 66 vulnerabilities identified:
  2141. |
  2142. | [!] Title: WordPress 3.9 & 3.9.1 Unlikely Code Execution
  2143. | Fixed in: 3.9.2
  2144. | References:
  2145. | - https://wpvulndb.com/vulnerabilities/7527
  2146. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5203
  2147. | - https://core.trac.wordpress.org/changeset/29389
  2148. |
  2149. | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  2150. | Fixed in: 3.9.2
  2151. | References:
  2152. | - https://wpvulndb.com/vulnerabilities/7528
  2153. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  2154. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  2155. | - https://core.trac.wordpress.org/changeset/29384
  2156. | - https://core.trac.wordpress.org/changeset/29408
  2157. |
  2158. | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  2159. | Fixed in: 3.9.2
  2160. | References:
  2161. | - https://wpvulndb.com/vulnerabilities/7529
  2162. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  2163. | - https://core.trac.wordpress.org/changeset/29398
  2164. |
  2165. | [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
  2166. | Fixed in: 3.9.2
  2167. | References:
  2168. | - https://wpvulndb.com/vulnerabilities/7530
  2169. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
  2170. | - https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
  2171. | - http://getid3.sourceforge.net/
  2172. | - http://wordpress.org/news/2014/08/wordpress-3-9-2/
  2173. | - http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
  2174. | - https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
  2175. |
  2176. | [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  2177. | Fixed in: 4.0
  2178. | References:
  2179. | - https://wpvulndb.com/vulnerabilities/7531
  2180. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  2181. | - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  2182. | - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-to-get-full-compromise-on-wordpress-sites/
  2183. |
  2184. | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2185. | Fixed in: 4.0
  2186. | References:
  2187. | - https://wpvulndb.com/vulnerabilities/7680
  2188. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  2189. | - http://klikki.fi/adv/wordpress.html
  2190. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2191. | - http://klikki.fi/adv/wordpress_update.html
  2192. |
  2193. | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  2194. | Fixed in: 4.0.1
  2195. | References:
  2196. | - https://wpvulndb.com/vulnerabilities/7681
  2197. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  2198. | - https://www.exploit-db.com/exploits/35413/
  2199. | - https://www.exploit-db.com/exploits/35414/
  2200. | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  2201. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2202. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  2203. |
  2204. | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  2205. | Fixed in: 4.0.1
  2206. | References:
  2207. | - https://wpvulndb.com/vulnerabilities/7696
  2208. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  2209. | - http://www.securityfocus.com/bid/71234/
  2210. | - https://core.trac.wordpress.org/changeset/30444
  2211. |
  2212. | [!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
  2213. | Fixed in: 4.0.1
  2214. | References:
  2215. | - https://wpvulndb.com/vulnerabilities/7697
  2216. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032
  2217. | - https://core.trac.wordpress.org/changeset/30422
  2218. |
  2219. | [!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2220. | Fixed in: 4.1.2
  2221. | References:
  2222. | - https://wpvulndb.com/vulnerabilities/7929
  2223. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  2224. | - https://wordpress.org/news/2015/04/wordpress-4-1-2/
  2225. | - https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
  2226. |
  2227. | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  2228. | Fixed in: 3.9.7
  2229. | References:
  2230. | - https://wpvulndb.com/vulnerabilities/8111
  2231. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  2232. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  2233. | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
  2234. | - https://twitter.com/klikkioy/status/624264122570526720
  2235. | - https://klikki.fi/adv/wordpress3.html
  2236. |
  2237. | [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  2238. | Fixed in: 3.9.8
  2239. | References:
  2240. | - https://wpvulndb.com/vulnerabilities/8126
  2241. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  2242. | - https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  2243. |
  2244. | [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  2245. | Fixed in: 3.9.8
  2246. | References:
  2247. | - https://wpvulndb.com/vulnerabilities/8130
  2248. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  2249. | - https://core.trac.wordpress.org/changeset/33536
  2250. |
  2251. | [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  2252. | Fixed in: 3.9.8
  2253. | References:
  2254. | - https://wpvulndb.com/vulnerabilities/8131
  2255. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  2256. | - https://core.trac.wordpress.org/changeset/33529
  2257. |
  2258. | [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  2259. | Fixed in: 3.9.8
  2260. | References:
  2261. | - https://wpvulndb.com/vulnerabilities/8132
  2262. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  2263. | - https://core.trac.wordpress.org/changeset/33541
  2264. |
  2265. | [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  2266. | Fixed in: 3.9.8
  2267. | References:
  2268. | - https://wpvulndb.com/vulnerabilities/8133
  2269. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  2270. | - https://core.trac.wordpress.org/changeset/33549
  2271. | - https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  2272. |
  2273. | [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  2274. | Fixed in: 3.9.9
  2275. | References:
  2276. | - https://wpvulndb.com/vulnerabilities/8186
  2277. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  2278. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2279. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2280. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2281. |
  2282. | [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  2283. | Fixed in: 3.9.9
  2284. | References:
  2285. | - https://wpvulndb.com/vulnerabilities/8187
  2286. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  2287. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2288. | - https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  2289. |
  2290. | [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  2291. | Fixed in: 3.9.9
  2292. | References:
  2293. | - https://wpvulndb.com/vulnerabilities/8188
  2294. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  2295. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2296. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2297. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2298. |
  2299. | [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  2300. | Fixed in: 3.9.10
  2301. | References:
  2302. | - https://wpvulndb.com/vulnerabilities/8358
  2303. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  2304. | - https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  2305. | - https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  2306. |
  2307. | [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  2308. | Fixed in: 3.9.11
  2309. | References:
  2310. | - https://wpvulndb.com/vulnerabilities/8376
  2311. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  2312. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2313. | - https://core.trac.wordpress.org/changeset/36435
  2314. | - https://hackerone.com/reports/110801
  2315. |
  2316. | [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  2317. | Fixed in: 3.9.11
  2318. | References:
  2319. | - https://wpvulndb.com/vulnerabilities/8377
  2320. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  2321. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2322. | - https://core.trac.wordpress.org/changeset/36444
  2323. |
  2324. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  2325. | Fixed in: 4.5
  2326. | References:
  2327. | - https://wpvulndb.com/vulnerabilities/8473
  2328. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  2329. | - https://codex.wordpress.org/Version_4.5
  2330. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  2331. |
  2332. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  2333. | Fixed in: 4.5
  2334. | References:
  2335. | - https://wpvulndb.com/vulnerabilities/8474
  2336. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  2337. | - https://codex.wordpress.org/Version_4.5
  2338. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  2339. |
  2340. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  2341. | Fixed in: 4.5
  2342. | References:
  2343. | - https://wpvulndb.com/vulnerabilities/8475
  2344. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  2345. | - https://codex.wordpress.org/Version_4.5
  2346. |
  2347. | [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  2348. | Fixed in: 3.9.12
  2349. | References:
  2350. | - https://wpvulndb.com/vulnerabilities/8489
  2351. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  2352. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  2353. | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  2354. | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  2355. |
  2356. | [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  2357. | Fixed in: 3.9.13
  2358. | References:
  2359. | - https://wpvulndb.com/vulnerabilities/8519
  2360. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  2361. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2362. | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  2363. | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  2364. |
  2365. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  2366. | Fixed in: 3.9.13
  2367. | References:
  2368. | - https://wpvulndb.com/vulnerabilities/8520
  2369. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  2370. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2371. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  2372. |
  2373. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  2374. | Fixed in: 3.9.14
  2375. | References:
  2376. | - https://wpvulndb.com/vulnerabilities/8615
  2377. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  2378. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2379. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  2380. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  2381. | - http://seclists.org/fulldisclosure/2016/Sep/6
  2382. |
  2383. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  2384. | Fixed in: 3.9.14
  2385. | References:
  2386. | - https://wpvulndb.com/vulnerabilities/8616
  2387. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  2388. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2389. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  2390. |
  2391. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  2392. | Fixed in: 3.9.15
  2393. | References:
  2394. | - https://wpvulndb.com/vulnerabilities/8716
  2395. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  2396. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  2397. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2398. |
  2399. | [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  2400. | Fixed in: 3.9.15
  2401. | References:
  2402. | - https://wpvulndb.com/vulnerabilities/8718
  2403. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  2404. | - https://www.mehmetince.net/low-severity-wordpress/
  2405. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2406. | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  2407. |
  2408. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  2409. | Fixed in: 3.9.15
  2410. | References:
  2411. | - https://wpvulndb.com/vulnerabilities/8719
  2412. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  2413. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  2414. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2415. |
  2416. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  2417. | Fixed in: 3.9.15
  2418. | References:
  2419. | - https://wpvulndb.com/vulnerabilities/8720
  2420. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  2421. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  2422. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2423. |
  2424. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  2425. | Fixed in: 3.9.15
  2426. | References:
  2427. | - https://wpvulndb.com/vulnerabilities/8721
  2428. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  2429. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  2430. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2431. |
  2432. | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  2433. | Fixed in: 3.9.16
  2434. | References:
  2435. | - https://wpvulndb.com/vulnerabilities/8730
  2436. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  2437. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  2438. | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  2439. |
  2440. | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  2441. | Fixed in: 3.9.17
  2442. | References:
  2443. | - https://wpvulndb.com/vulnerabilities/8765
  2444. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  2445. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  2446. | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  2447. | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  2448. | - http://seclists.org/oss-sec/2017/q1/563
  2449. |
  2450. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  2451. | Fixed in: 3.9.17
  2452. | References:
  2453. | - https://wpvulndb.com/vulnerabilities/8766
  2454. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  2455. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  2456. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  2457. |
  2458. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  2459. | References:
  2460. | - https://wpvulndb.com/vulnerabilities/8807
  2461. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  2462. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  2463. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  2464. | - https://core.trac.wordpress.org/ticket/25239
  2465. |
  2466. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  2467. | Fixed in: 3.9.19
  2468. | References:
  2469. | - https://wpvulndb.com/vulnerabilities/8815
  2470. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  2471. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  2472. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2473. |
  2474. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  2475. | Fixed in: 3.9.19
  2476. | References:
  2477. | - https://wpvulndb.com/vulnerabilities/8816
  2478. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  2479. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2480. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  2481. |
  2482. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  2483. | Fixed in: 3.9.19
  2484. | References:
  2485. | - https://wpvulndb.com/vulnerabilities/8817
  2486. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  2487. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2488. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  2489. |
  2490. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  2491. | Fixed in: 3.9.19
  2492. | References:
  2493. | - https://wpvulndb.com/vulnerabilities/8818
  2494. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  2495. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2496. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  2497. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  2498. |
  2499. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  2500. | Fixed in: 3.9.19
  2501. | References:
  2502. | - https://wpvulndb.com/vulnerabilities/8819
  2503. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  2504. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2505. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  2506. | - https://hackerone.com/reports/203515
  2507. | - https://hackerone.com/reports/203515
  2508. |
  2509. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  2510. | Fixed in: 3.9.19
  2511. | References:
  2512. | - https://wpvulndb.com/vulnerabilities/8820
  2513. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  2514. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  2515. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  2516. |
  2517. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  2518. | Fixed in: 3.9.20
  2519. | References:
  2520. | - https://wpvulndb.com/vulnerabilities/8905
  2521. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2522. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  2523. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  2524. |
  2525. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  2526. | Fixed in: 4.7.5
  2527. | References:
  2528. | - https://wpvulndb.com/vulnerabilities/8906
  2529. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  2530. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2531. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  2532. | - https://wpvulndb.com/vulnerabilities/8905
  2533. |
  2534. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  2535. | Fixed in: 3.9.20
  2536. | References:
  2537. | - https://wpvulndb.com/vulnerabilities/8910
  2538. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  2539. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2540. | - https://core.trac.wordpress.org/changeset/41398
  2541. |
  2542. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  2543. | Fixed in: 3.9.20
  2544. | References:
  2545. | - https://wpvulndb.com/vulnerabilities/8911
  2546. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  2547. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  2548. | - https://core.trac.wordpress.org/changeset/41457
  2549. |
  2550. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  2551. | Fixed in: 3.9.21
  2552. | References:
  2553. | - https://wpvulndb.com/vulnerabilities/8941
  2554. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  2555. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  2556. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  2557. | - https://twitter.com/ircmaxell/status/923662170092638208
  2558. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  2559. |
  2560. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  2561. | Fixed in: 3.9.22
  2562. | References:
  2563. | - https://wpvulndb.com/vulnerabilities/8966
  2564. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  2565. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  2566. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  2567. |
  2568. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  2569. | Fixed in: 3.9.22
  2570. | References:
  2571. | - https://wpvulndb.com/vulnerabilities/8967
  2572. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  2573. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  2574. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  2575. |
  2576. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  2577. | Fixed in: 3.9.22
  2578. | References:
  2579. | - https://wpvulndb.com/vulnerabilities/8969
  2580. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  2581. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  2582. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  2583. |
  2584. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  2585. | Fixed in: 3.9.23
  2586. | References:
  2587. | - https://wpvulndb.com/vulnerabilities/9006
  2588. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  2589. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  2590. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  2591. | - https://core.trac.wordpress.org/ticket/42720
  2592. |
  2593. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  2594. | References:
  2595. | - https://wpvulndb.com/vulnerabilities/9021
  2596. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  2597. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  2598. | - https://github.com/quitten/doser.py
  2599. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  2600. |
  2601. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  2602. | Fixed in: 3.9.24
  2603. | References:
  2604. | - https://wpvulndb.com/vulnerabilities/9053
  2605. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  2606. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2607. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  2608. |
  2609. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  2610. | Fixed in: 3.9.24
  2611. | References:
  2612. | - https://wpvulndb.com/vulnerabilities/9054
  2613. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  2614. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2615. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  2616. |
  2617. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  2618. | Fixed in: 3.9.24
  2619. | References:
  2620. | - https://wpvulndb.com/vulnerabilities/9055
  2621. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  2622. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  2623. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  2624. |
  2625. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  2626. | Fixed in: 3.9.25
  2627. | References:
  2628. | - https://wpvulndb.com/vulnerabilities/9100
  2629. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  2630. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  2631. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  2632. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  2633. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  2634. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  2635. |
  2636. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  2637. | Fixed in: 3.9.26
  2638. | References:
  2639. | - https://wpvulndb.com/vulnerabilities/9169
  2640. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  2641. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2642. |
  2643. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  2644. | Fixed in: 3.9.26
  2645. | References:
  2646. | - https://wpvulndb.com/vulnerabilities/9170
  2647. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  2648. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2649. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  2650. |
  2651. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  2652. | Fixed in: 3.9.26
  2653. | References:
  2654. | - https://wpvulndb.com/vulnerabilities/9171
  2655. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  2656. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2657. |
  2658. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  2659. | Fixed in: 3.9.26
  2660. | References:
  2661. | - https://wpvulndb.com/vulnerabilities/9172
  2662. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  2663. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2664. |
  2665. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  2666. | Fixed in: 3.9.26
  2667. | References:
  2668. | - https://wpvulndb.com/vulnerabilities/9173
  2669. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  2670. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2671. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  2672. |
  2673. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  2674. | Fixed in: 3.9.26
  2675. | References:
  2676. | - https://wpvulndb.com/vulnerabilities/9174
  2677. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  2678. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2679. |
  2680. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  2681. | Fixed in: 3.9.26
  2682. | References:
  2683. | - https://wpvulndb.com/vulnerabilities/9175
  2684. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  2685. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  2686. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  2687.  
  2688. [+] WordPress theme in use: asssd
  2689. | Location: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/
  2690. | Style URL: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/style.css
  2691. |
  2692. | Detected By: Urls In Homepage (Passive Detection)
  2693. |
  2694. | The version could not be determined.
  2695.  
  2696. [+] Enumerating All Plugins (via Passive Methods)
  2697.  
  2698. [i] No plugins Found.
  2699.  
  2700. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
  2701. Checking Config Backups - Time: 00:00:02 <=============> (21 / 21) 100.00% Time: 00:00:02
  2702.  
  2703. [i] No Config Backups Found.
  2704.  
  2705. [+] Finished: Thu Feb 14 10:51:10 2019
  2706. [+] Requests Done: 416
  2707. [+] Cached Requests: 5
  2708. [+] Data Sent: 257.474 KB
  2709. [+] Data Received: 596.052 KB
  2710. [+] Memory used: 77.254 MB
  2711. [+] Elapsed time: 00:00:53
  2712. #######################################################################################################################################
  2713. [+] URL: http://mocit.gov.sd/
  2714. [+] Effective URL: http://mocit.gov.sd/index.php/ar/
  2715. [+] Started: Thu Feb 14 10:52:48 2019
  2716.  
  2717. Interesting Finding(s):
  2718.  
  2719. [+] http://mocit.gov.sd/index.php/ar/
  2720. | Interesting Entry: X-Powered-By: PHP/5.3.29, PleskLin
  2721. | Found By: Headers (Passive Detection)
  2722. | Confidence: 100%
  2723.  
  2724. Fingerprinting the version - Time: 00:00:00 <> (350 / 350) 100.00% Time: 00:00:00
  2725. [+] WordPress version 3.9.1 identified (Insecure, released on 2014-05-08).
  2726. | Detected By: Plugin And Theme Query Parameter In Homepage (Passive Detection)
  2727. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/lofslidera560.css?ver=3.9.1
  2728. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/scrollbara560.css?ver=3.9.1
  2729. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/stylea560.css?ver=3.9.1
  2730. | - http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/css/weather-font/weathera560.css?ver=3.9.1
  2731. |
  2732. | [!] 66 vulnerabilities identified:
  2733. |
  2734. | [!] Title: WordPress 3.9 & 3.9.1 Unlikely Code Execution
  2735. | Fixed in: 3.9.2
  2736. | References:
  2737. | - https://wpvulndb.com/vulnerabilities/7527
  2738. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5203
  2739. | - https://core.trac.wordpress.org/changeset/29389
  2740. |
  2741. | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  2742. | Fixed in: 3.9.2
  2743. | References:
  2744. | - https://wpvulndb.com/vulnerabilities/7528
  2745. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  2746. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  2747. | - https://core.trac.wordpress.org/changeset/29384
  2748. | - https://core.trac.wordpress.org/changeset/29408
  2749. |
  2750. | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  2751. | Fixed in: 3.9.2
  2752. | References:
  2753. | - https://wpvulndb.com/vulnerabilities/7529
  2754. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  2755. | - https://core.trac.wordpress.org/changeset/29398
  2756. |
  2757. | [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
  2758. | Fixed in: 3.9.2
  2759. | References:
  2760. | - https://wpvulndb.com/vulnerabilities/7530
  2761. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
  2762. | - https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
  2763. | - http://getid3.sourceforge.net/
  2764. | - http://wordpress.org/news/2014/08/wordpress-3-9-2/
  2765. | - http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
  2766. | - https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
  2767. |
  2768. | [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
  2769. | Fixed in: 4.0
  2770. | References:
  2771. | - https://wpvulndb.com/vulnerabilities/7531
  2772. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
  2773. | - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
  2774. | - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-to-get-full-compromise-on-wordpress-sites/
  2775. |
  2776. | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2777. | Fixed in: 4.0
  2778. | References:
  2779. | - https://wpvulndb.com/vulnerabilities/7680
  2780. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  2781. | - http://klikki.fi/adv/wordpress.html
  2782. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2783. | - http://klikki.fi/adv/wordpress_update.html
  2784. |
  2785. | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  2786. | Fixed in: 4.0.1
  2787. | References:
  2788. | - https://wpvulndb.com/vulnerabilities/7681
  2789. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  2790. | - https://www.exploit-db.com/exploits/35413/
  2791. | - https://www.exploit-db.com/exploits/35414/
  2792. | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  2793. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  2794. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  2795. |
  2796. | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  2797. | Fixed in: 4.0.1
  2798. | References:
  2799. | - https://wpvulndb.com/vulnerabilities/7696
  2800. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  2801. | - http://www.securityfocus.com/bid/71234/
  2802. | - https://core.trac.wordpress.org/changeset/30444
  2803. |
  2804. | [!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
  2805. | Fixed in: 4.0.1
  2806. | References:
  2807. | - https://wpvulndb.com/vulnerabilities/7697
  2808. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032
  2809. | - https://core.trac.wordpress.org/changeset/30422
  2810. |
  2811. | [!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  2812. | Fixed in: 4.1.2
  2813. | References:
  2814. | - https://wpvulndb.com/vulnerabilities/7929
  2815. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  2816. | - https://wordpress.org/news/2015/04/wordpress-4-1-2/
  2817. | - https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
  2818. |
  2819. | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  2820. | Fixed in: 3.9.7
  2821. | References:
  2822. | - https://wpvulndb.com/vulnerabilities/8111
  2823. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  2824. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  2825. | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
  2826. | - https://twitter.com/klikkioy/status/624264122570526720
  2827. | - https://klikki.fi/adv/wordpress3.html
  2828. |
  2829. | [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  2830. | Fixed in: 3.9.8
  2831. | References:
  2832. | - https://wpvulndb.com/vulnerabilities/8126
  2833. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  2834. | - https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  2835. |
  2836. | [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  2837. | Fixed in: 3.9.8
  2838. | References:
  2839. | - https://wpvulndb.com/vulnerabilities/8130
  2840. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  2841. | - https://core.trac.wordpress.org/changeset/33536
  2842. |
  2843. | [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  2844. | Fixed in: 3.9.8
  2845. | References:
  2846. | - https://wpvulndb.com/vulnerabilities/8131
  2847. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  2848. | - https://core.trac.wordpress.org/changeset/33529
  2849. |
  2850. | [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  2851. | Fixed in: 3.9.8
  2852. | References:
  2853. | - https://wpvulndb.com/vulnerabilities/8132
  2854. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  2855. | - https://core.trac.wordpress.org/changeset/33541
  2856. |
  2857. | [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  2858. | Fixed in: 3.9.8
  2859. | References:
  2860. | - https://wpvulndb.com/vulnerabilities/8133
  2861. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  2862. | - https://core.trac.wordpress.org/changeset/33549
  2863. | - https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  2864. |
  2865. | [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  2866. | Fixed in: 3.9.9
  2867. | References:
  2868. | - https://wpvulndb.com/vulnerabilities/8186
  2869. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  2870. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2871. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2872. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2873. |
  2874. | [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  2875. | Fixed in: 3.9.9
  2876. | References:
  2877. | - https://wpvulndb.com/vulnerabilities/8187
  2878. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  2879. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2880. | - https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  2881. |
  2882. | [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  2883. | Fixed in: 3.9.9
  2884. | References:
  2885. | - https://wpvulndb.com/vulnerabilities/8188
  2886. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  2887. | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
  2888. | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  2889. | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  2890. |
  2891. | [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  2892. | Fixed in: 3.9.10
  2893. | References:
  2894. | - https://wpvulndb.com/vulnerabilities/8358
  2895. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  2896. | - https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  2897. | - https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  2898. |
  2899. | [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  2900. | Fixed in: 3.9.11
  2901. | References:
  2902. | - https://wpvulndb.com/vulnerabilities/8376
  2903. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  2904. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2905. | - https://core.trac.wordpress.org/changeset/36435
  2906. | - https://hackerone.com/reports/110801
  2907. |
  2908. | [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  2909. | Fixed in: 3.9.11
  2910. | References:
  2911. | - https://wpvulndb.com/vulnerabilities/8377
  2912. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  2913. | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  2914. | - https://core.trac.wordpress.org/changeset/36444
  2915. |
  2916. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  2917. | Fixed in: 4.5
  2918. | References:
  2919. | - https://wpvulndb.com/vulnerabilities/8473
  2920. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  2921. | - https://codex.wordpress.org/Version_4.5
  2922. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  2923. |
  2924. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  2925. | Fixed in: 4.5
  2926. | References:
  2927. | - https://wpvulndb.com/vulnerabilities/8474
  2928. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  2929. | - https://codex.wordpress.org/Version_4.5
  2930. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  2931. |
  2932. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  2933. | Fixed in: 4.5
  2934. | References:
  2935. | - https://wpvulndb.com/vulnerabilities/8475
  2936. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  2937. | - https://codex.wordpress.org/Version_4.5
  2938. |
  2939. | [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  2940. | Fixed in: 3.9.12
  2941. | References:
  2942. | - https://wpvulndb.com/vulnerabilities/8489
  2943. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  2944. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  2945. | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  2946. | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  2947. |
  2948. | [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  2949. | Fixed in: 3.9.13
  2950. | References:
  2951. | - https://wpvulndb.com/vulnerabilities/8519
  2952. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  2953. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2954. | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  2955. | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  2956. |
  2957. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  2958. | Fixed in: 3.9.13
  2959. | References:
  2960. | - https://wpvulndb.com/vulnerabilities/8520
  2961. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  2962. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  2963. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  2964. |
  2965. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  2966. | Fixed in: 3.9.14
  2967. | References:
  2968. | - https://wpvulndb.com/vulnerabilities/8615
  2969. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  2970. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2971. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  2972. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  2973. | - http://seclists.org/fulldisclosure/2016/Sep/6
  2974. |
  2975. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  2976. | Fixed in: 3.9.14
  2977. | References:
  2978. | - https://wpvulndb.com/vulnerabilities/8616
  2979. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  2980. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  2981. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  2982. |
  2983. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  2984. | Fixed in: 3.9.15
  2985. | References:
  2986. | - https://wpvulndb.com/vulnerabilities/8716
  2987. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  2988. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  2989. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2990. |
  2991. | [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  2992. | Fixed in: 3.9.15
  2993. | References:
  2994. | - https://wpvulndb.com/vulnerabilities/8718
  2995. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  2996. | - https://www.mehmetince.net/low-severity-wordpress/
  2997. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  2998. | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  2999. |
  3000. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  3001. | Fixed in: 3.9.15
  3002. | References:
  3003. | - https://wpvulndb.com/vulnerabilities/8719
  3004. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  3005. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  3006. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  3007. |
  3008. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  3009. | Fixed in: 3.9.15
  3010. | References:
  3011. | - https://wpvulndb.com/vulnerabilities/8720
  3012. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  3013. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  3014. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  3015. |
  3016. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  3017. | Fixed in: 3.9.15
  3018. | References:
  3019. | - https://wpvulndb.com/vulnerabilities/8721
  3020. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  3021. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  3022. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  3023. |
  3024. | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  3025. | Fixed in: 3.9.16
  3026. | References:
  3027. | - https://wpvulndb.com/vulnerabilities/8730
  3028. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  3029. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  3030. | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  3031. |
  3032. | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  3033. | Fixed in: 3.9.17
  3034. | References:
  3035. | - https://wpvulndb.com/vulnerabilities/8765
  3036. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  3037. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  3038. | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  3039. | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  3040. | - http://seclists.org/oss-sec/2017/q1/563
  3041. |
  3042. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  3043. | Fixed in: 3.9.17
  3044. | References:
  3045. | - https://wpvulndb.com/vulnerabilities/8766
  3046. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  3047. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  3048. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  3049. |
  3050. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  3051. | References:
  3052. | - https://wpvulndb.com/vulnerabilities/8807
  3053. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  3054. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  3055. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  3056. | - https://core.trac.wordpress.org/ticket/25239
  3057. |
  3058. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  3059. | Fixed in: 3.9.19
  3060. | References:
  3061. | - https://wpvulndb.com/vulnerabilities/8815
  3062. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  3063. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  3064. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3065. |
  3066. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  3067. | Fixed in: 3.9.19
  3068. | References:
  3069. | - https://wpvulndb.com/vulnerabilities/8816
  3070. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  3071. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3072. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  3073. |
  3074. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  3075. | Fixed in: 3.9.19
  3076. | References:
  3077. | - https://wpvulndb.com/vulnerabilities/8817
  3078. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  3079. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3080. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  3081. |
  3082. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  3083. | Fixed in: 3.9.19
  3084. | References:
  3085. | - https://wpvulndb.com/vulnerabilities/8818
  3086. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  3087. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3088. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  3089. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  3090. |
  3091. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  3092. | Fixed in: 3.9.19
  3093. | References:
  3094. | - https://wpvulndb.com/vulnerabilities/8819
  3095. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  3096. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3097. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  3098. | - https://hackerone.com/reports/203515
  3099. | - https://hackerone.com/reports/203515
  3100. |
  3101. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  3102. | Fixed in: 3.9.19
  3103. | References:
  3104. | - https://wpvulndb.com/vulnerabilities/8820
  3105. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  3106. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  3107. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  3108. |
  3109. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  3110. | Fixed in: 3.9.20
  3111. | References:
  3112. | - https://wpvulndb.com/vulnerabilities/8905
  3113. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3114. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  3115. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  3116. |
  3117. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  3118. | Fixed in: 4.7.5
  3119. | References:
  3120. | - https://wpvulndb.com/vulnerabilities/8906
  3121. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  3122. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3123. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  3124. | - https://wpvulndb.com/vulnerabilities/8905
  3125. |
  3126. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  3127. | Fixed in: 3.9.20
  3128. | References:
  3129. | - https://wpvulndb.com/vulnerabilities/8910
  3130. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  3131. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3132. | - https://core.trac.wordpress.org/changeset/41398
  3133. |
  3134. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  3135. | Fixed in: 3.9.20
  3136. | References:
  3137. | - https://wpvulndb.com/vulnerabilities/8911
  3138. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  3139. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  3140. | - https://core.trac.wordpress.org/changeset/41457
  3141. |
  3142. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  3143. | Fixed in: 3.9.21
  3144. | References:
  3145. | - https://wpvulndb.com/vulnerabilities/8941
  3146. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  3147. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  3148. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  3149. | - https://twitter.com/ircmaxell/status/923662170092638208
  3150. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  3151. |
  3152. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  3153. | Fixed in: 3.9.22
  3154. | References:
  3155. | - https://wpvulndb.com/vulnerabilities/8966
  3156. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  3157. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  3158. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  3159. |
  3160. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  3161. | Fixed in: 3.9.22
  3162. | References:
  3163. | - https://wpvulndb.com/vulnerabilities/8967
  3164. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  3165. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  3166. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  3167. |
  3168. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  3169. | Fixed in: 3.9.22
  3170. | References:
  3171. | - https://wpvulndb.com/vulnerabilities/8969
  3172. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  3173. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  3174. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  3175. |
  3176. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  3177. | Fixed in: 3.9.23
  3178. | References:
  3179. | - https://wpvulndb.com/vulnerabilities/9006
  3180. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  3181. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  3182. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  3183. | - https://core.trac.wordpress.org/ticket/42720
  3184. |
  3185. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  3186. | References:
  3187. | - https://wpvulndb.com/vulnerabilities/9021
  3188. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  3189. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  3190. | - https://github.com/quitten/doser.py
  3191. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  3192. |
  3193. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  3194. | Fixed in: 3.9.24
  3195. | References:
  3196. | - https://wpvulndb.com/vulnerabilities/9053
  3197. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  3198. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  3199. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  3200. |
  3201. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  3202. | Fixed in: 3.9.24
  3203. | References:
  3204. | - https://wpvulndb.com/vulnerabilities/9054
  3205. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  3206. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  3207. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  3208. |
  3209. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  3210. | Fixed in: 3.9.24
  3211. | References:
  3212. | - https://wpvulndb.com/vulnerabilities/9055
  3213. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  3214. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  3215. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  3216. |
  3217. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  3218. | Fixed in: 3.9.25
  3219. | References:
  3220. | - https://wpvulndb.com/vulnerabilities/9100
  3221. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  3222. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  3223. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  3224. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  3225. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  3226. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  3227. |
  3228. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  3229. | Fixed in: 3.9.26
  3230. | References:
  3231. | - https://wpvulndb.com/vulnerabilities/9169
  3232. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  3233. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3234. |
  3235. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  3236. | Fixed in: 3.9.26
  3237. | References:
  3238. | - https://wpvulndb.com/vulnerabilities/9170
  3239. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  3240. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3241. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  3242. |
  3243. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  3244. | Fixed in: 3.9.26
  3245. | References:
  3246. | - https://wpvulndb.com/vulnerabilities/9171
  3247. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  3248. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3249. |
  3250. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  3251. | Fixed in: 3.9.26
  3252. | References:
  3253. | - https://wpvulndb.com/vulnerabilities/9172
  3254. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  3255. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3256. |
  3257. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  3258. | Fixed in: 3.9.26
  3259. | References:
  3260. | - https://wpvulndb.com/vulnerabilities/9173
  3261. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  3262. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3263. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  3264. |
  3265. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  3266. | Fixed in: 3.9.26
  3267. | References:
  3268. | - https://wpvulndb.com/vulnerabilities/9174
  3269. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  3270. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3271. |
  3272. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  3273. | Fixed in: 3.9.26
  3274. | References:
  3275. | - https://wpvulndb.com/vulnerabilities/9175
  3276. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  3277. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  3278. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  3279.  
  3280. [+] WordPress theme in use: asssd
  3281. | Location: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/
  3282. | Style URL: http://mocit.gov.sd/resources/files/ar/wp-content/themes/asssd/style.css
  3283. |
  3284. | Detected By: Urls In Homepage (Passive Detection)
  3285. |
  3286. | The version could not be determined.
  3287.  
  3288. [+] Enumerating Users (via Passive and Aggressive Methods)
  3289. Brute Forcing Author IDs - Time: 00:00:04 <==> (10 / 10) 100.00% Time: 00:00:04
  3290.  
  3291. [i] No Users Found.
  3292.  
  3293. [+] Finished: Thu Feb 14 10:52:56 2019
  3294. [+] Requests Done: 14
  3295. [+] Cached Requests: 403
  3296. [+] Data Sent: 13.673 KB
  3297. [+] Data Received: 533.083 KB
  3298. [+] Memory used: 11.672 MB
  3299. [+] Elapsed time: 00:00:07
  3300. #######################################################################################################################################
  3301. [-] Date & Time: 14/02/2019 10:50:18
  3302. [I] Threads: 5
  3303. [-] Target: http://mocit.gov.sd/index.php/ar (62.12.105.2)
  3304. [M] Website Not in HTTPS: http://mocit.gov.sd/index.php/ar
  3305. [I] X-Powered-By: PHP/5.3.29
  3306. [L] X-Frame-Options: Not Enforced
  3307. [I] Strict-Transport-Security: Not Enforced
  3308. [I] X-Content-Security-Policy: Not Enforced
  3309. [I] X-Content-Type-Options: Not Enforced
  3310. [L] No Robots.txt Found
  3311. [I] CMS Detection: WordPress
  3312. [I] Wordpress Theme: asssd
  3313. [M] XML-RPC services are enabled
  3314. [I] Autocomplete Off Not Found: http://mocit.gov.sd/index.php/ar/wp-login.php
  3315. [-] Default WordPress Files:
  3316. [-] Searching Wordpress Plugins ...
  3317. [I] adrotate
  3318. [M] EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
  3319. [M] EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
  3320. [M] EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
  3321. [I] ads-box
  3322. [M] EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
  3323. [I] firestats
  3324. [M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
  3325. [M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
  3326. [M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
  3327. [I] simple-ads-manager
  3328. [M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
  3329. [M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
  3330. [M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
  3331. [M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
  3332. [I] wp-bannerize
  3333. [M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
  3334. [M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
  3335. [M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
  3336. [I] Checking for Directory Listing Enabled ...
  3337. [-] Date & Time: 14/02/2019 10:54:48
  3338. [-] Completed in: 0:04:30
  3339. #######################################################################################################################################
  3340. Anonymous JTSEC #OpSudan Full Recon #12
Advertisement
RAW Paste Data Copied
Advertisement