Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

[SCAN] Partai Perindo

Berandal666 Dec 24th, 2017 436 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. ________  __      __.____         _________________   ____ ___  _____  ________    
  2. \_____  \/  \    /  \    |       /   _____/\_____  \ |    |   \/  _  \ \______ \  
  3.  /   |   \   \/\/   /    |       \_____  \  /  / \  \|    |   /  /_\  \ |    |  \  
  4. /    |    \        /|    |___    /        \/   \_/.  \    |  /    |    \|   -`   \
  5. \_______  /\__/\  / |_______ \  /_______  /\_____\ \_/______/\____|__  /_______  /
  6.         \/      \/          \/          \/        \__>               \/        \/  
  7. /---------------------------------------------------------------------------------------
  8. More info:
  9. Find me on twitter: @id_berandal
  10. berandal1337@gmail.com
  11. /---------------------------------------------------------------------------------------
  12. ~ \ We Are / ~
  13. Artefvcker | Arrownonymous | Berandal | Blck0Wl? | Clutzsec | GoC_X | k4luga | KxK_PrajurID
  14. ShoursCout | WoNg_Nd35O | Yonkou4 | 0wLCulun | "Samael" | ./ARMVXO | 19T4N
  15. /---------------------------------------------------------------------------------------
  16. OwlSquad:~ berandal-pc$ wpscan -u https://partaiperindo.com/ --enumerate u
  17. _______________________________________________________________
  18.         __          _______   _____                  
  19.         \ \        / /  __ \ / ____|                
  20.          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
  21.           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
  22.            \  /\  /  | |     ____) | (__| (_| | | | |
  23.             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  24.  
  25.         WordPress Security Scanner by the WPScan Team
  26.                        Version 2.9.3
  27.           Sponsored by Sucuri - https://sucuri.net
  28.    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  29. _______________________________________________________________
  30.  
  31. [+] URL: https://partaiperindo.com/
  32. [+] Started: Mon Dec 25 04:05:52 2017
  33.  
  34. [+] Interesting header: SERVER: nginx
  35. [+] Interesting header: X-POWERED-BY: PHP/5.5.9-1ubuntu4.21
  36. [+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
  37.  
  38. [+] WordPress version 4.0 (Released on 2014-09-04) identified from advanced fingerprinting, meta generator, links opml, stylesheets numbers
  39. [!] 50 vulnerabilities identified from the version number
  40.  
  41. [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  42.     Reference: https://wpvulndb.com/vulnerabilities/7681
  43.     Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  44.     Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  45.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  46.     Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  47.     Reference: https://www.exploit-db.com/exploits/35413/
  48.     Reference: https://www.exploit-db.com/exploits/35414/
  49. [i] Fixed in: 4.0.1
  50.  
  51. [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  52.     Reference: https://wpvulndb.com/vulnerabilities/7696
  53.     Reference: http://www.securityfocus.com/bid/71234/
  54.     Reference: https://core.trac.wordpress.org/changeset/30444
  55.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  56. [i] Fixed in: 4.0.1
  57.  
  58. [!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
  59.     Reference: https://wpvulndb.com/vulnerabilities/7697
  60.     Reference: https://core.trac.wordpress.org/changeset/30422
  61.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032
  62. [i] Fixed in: 4.0.1
  63.  
  64. [!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
  65.     Reference: https://wpvulndb.com/vulnerabilities/7929
  66.     Reference: https://wordpress.org/news/2015/04/wordpress-4-1-2/
  67.     Reference: https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
  68.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  69. [i] Fixed in: 4.1.2
  70.  
  71. [!] Title: WordPress 3.9-4.1.1 - Same-Origin Method Execution
  72.     Reference: https://wpvulndb.com/vulnerabilities/7933
  73.     Reference: https://wordpress.org/news/2015/04/wordpress-4-1-2/
  74.     Reference: http://zoczus.blogspot.fr/2015/04/plupload-same-origin-method-execution.html
  75.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3439
  76. [i] Fixed in: 4.1.2
  77.  
  78. [!] Title: WordPress <= 4.0 - CSRF in wp-login.php Password Reset
  79.     Reference: https://wpvulndb.com/vulnerabilities/7691
  80.     Reference: https://core.trac.wordpress.org/changeset/30418
  81.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033
  82. [i] Fixed in: 4.0.1
  83.  
  84. [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  85.     Reference: https://wpvulndb.com/vulnerabilities/8111
  86.     Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
  87.     Reference: https://twitter.com/klikkioy/status/624264122570526720
  88.     Reference: https://klikki.fi/adv/wordpress3.html
  89.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  90.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  91. [i] Fixed in: 4.0.6
  92.  
  93. [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  94.     Reference: https://wpvulndb.com/vulnerabilities/8126
  95.     Reference: https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  96.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  97. [i] Fixed in: 4.0.7
  98.  
  99. [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  100.     Reference: https://wpvulndb.com/vulnerabilities/8130
  101.     Reference: https://core.trac.wordpress.org/changeset/33536
  102.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  103. [i] Fixed in: 4.0.7
  104.  
  105. [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  106.     Reference: https://wpvulndb.com/vulnerabilities/8131
  107.     Reference: https://core.trac.wordpress.org/changeset/33529
  108.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  109. [i] Fixed in: 4.0.7
  110.  
  111. [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  112.     Reference: https://wpvulndb.com/vulnerabilities/8132
  113.     Reference: https://core.trac.wordpress.org/changeset/33541
  114.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  115. [i] Fixed in: 4.0.7
  116.  
  117. [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  118.     Reference: https://wpvulndb.com/vulnerabilities/8133
  119.     Reference: https://core.trac.wordpress.org/changeset/33549
  120.     Reference: https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  121.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  122. [i] Fixed in: 4.0.7
  123.  
  124. [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  125.     Reference: https://wpvulndb.com/vulnerabilities/8186
  126.     Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
  127.     Reference: http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  128.     Reference: http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  129.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  130. [i] Fixed in: 4.0.8
  131.  
  132. [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  133.     Reference: https://wpvulndb.com/vulnerabilities/8187
  134.     Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
  135.     Reference: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  136.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  137. [i] Fixed in: 4.0.8
  138.  
  139. [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  140.     Reference: https://wpvulndb.com/vulnerabilities/8188
  141.     Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
  142.     Reference: http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  143.     Reference: http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  144.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  145. [i] Fixed in: 4.0.8
  146.  
  147. [!] Title: WordPress  3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  148.     Reference: https://wpvulndb.com/vulnerabilities/8358
  149.     Reference: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  150.     Reference: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  151.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  152. [i] Fixed in: 4.0.9
  153.  
  154. [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  155.     Reference: https://wpvulndb.com/vulnerabilities/8376
  156.     Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  157.     Reference: https://core.trac.wordpress.org/changeset/36435
  158.     Reference: https://hackerone.com/reports/110801
  159.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  160. [i] Fixed in: 4.0.10
  161.  
  162. [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  163.     Reference: https://wpvulndb.com/vulnerabilities/8377
  164.     Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  165.     Reference: https://core.trac.wordpress.org/changeset/36444
  166.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  167. [i] Fixed in: 4.0.10
  168.  
  169. [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  170.     Reference: https://wpvulndb.com/vulnerabilities/8473
  171.     Reference: https://codex.wordpress.org/Version_4.5
  172.     Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  173.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  174. [i] Fixed in: 4.5
  175.  
  176. [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  177.     Reference: https://wpvulndb.com/vulnerabilities/8474
  178.     Reference: https://codex.wordpress.org/Version_4.5
  179.     Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  180.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  181. [i] Fixed in: 4.5
  182.  
  183. [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  184.     Reference: https://wpvulndb.com/vulnerabilities/8475
  185.     Reference: https://codex.wordpress.org/Version_4.5
  186.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  187. [i] Fixed in: 4.5
  188.  
  189. [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  190.     Reference: https://wpvulndb.com/vulnerabilities/8489
  191.     Reference: https://wordpress.org/news/2016/05/wordpress-4-5-2/
  192.     Reference: https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  193.     Reference: https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  194.     Reference: http://avlidienbrunn.com/wp_some_loader.php
  195.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  196. [i] Fixed in: 4.0.11
  197.  
  198. [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  199.     Reference: https://wpvulndb.com/vulnerabilities/8519
  200.     Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  201.     Reference: https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  202.     Reference: https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  203.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  204. [i] Fixed in: 4.0.12
  205.  
  206. [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  207.     Reference: https://wpvulndb.com/vulnerabilities/8520
  208.     Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  209.     Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  210.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  211. [i] Fixed in: 4.0.12
  212.  
  213. [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  214.     Reference: https://wpvulndb.com/vulnerabilities/8615
  215.     Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  216.     Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  217.     Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  218.     Reference: http://seclists.org/fulldisclosure/2016/Sep/6
  219.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  220. [i] Fixed in: 4.0.13
  221.  
  222. [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  223.     Reference: https://wpvulndb.com/vulnerabilities/8616
  224.     Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  225.     Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  226.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  227. [i] Fixed in: 4.0.13
  228.  
  229. [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  230.     Reference: https://wpvulndb.com/vulnerabilities/8716
  231.     Reference: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  232.     Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  233.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  234. [i] Fixed in: 4.0.14
  235.  
  236. [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  237.     Reference: https://wpvulndb.com/vulnerabilities/8718
  238.     Reference: https://www.mehmetince.net/low-severity-wordpress/
  239.     Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  240.     Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  241.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  242. [i] Fixed in: 4.0.14
  243.  
  244. [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  245.     Reference: https://wpvulndb.com/vulnerabilities/8719
  246.     Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  247.     Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  248.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  249. [i] Fixed in: 4.0.14
  250.  
  251. [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  252.     Reference: https://wpvulndb.com/vulnerabilities/8720
  253.     Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  254.     Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  255.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  256. [i] Fixed in: 4.0.14
  257.  
  258. [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  259.     Reference: https://wpvulndb.com/vulnerabilities/8721
  260.     Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  261.     Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  262.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  263. [i] Fixed in: 4.0.14
  264.  
  265. [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  266.     Reference: https://wpvulndb.com/vulnerabilities/8730
  267.     Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  268.     Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  269.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  270. [i] Fixed in: 4.0.15
  271.  
  272. [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  273.     Reference: https://wpvulndb.com/vulnerabilities/8765
  274.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  275.     Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  276.     Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  277.     Reference: http://seclists.org/oss-sec/2017/q1/563
  278.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  279. [i] Fixed in: 4.0.16
  280.  
  281. [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  282.     Reference: https://wpvulndb.com/vulnerabilities/8766
  283.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  284.     Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  285.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  286. [i] Fixed in: 4.0.16
  287.  
  288. [!] Title: WordPress  4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
  289.     Reference: https://wpvulndb.com/vulnerabilities/8768
  290.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  291.     Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
  292.     Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
  293.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
  294. [i] Fixed in: 4.0.16
  295.  
  296. [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  297.     Reference: https://wpvulndb.com/vulnerabilities/8807
  298.     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  299.     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  300.     Reference: https://core.trac.wordpress.org/ticket/25239
  301.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  302.  
  303. [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  304.     Reference: https://wpvulndb.com/vulnerabilities/8815
  305.     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  306.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  307.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  308. [i] Fixed in: 4.0.18
  309.  
  310. [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  311.     Reference: https://wpvulndb.com/vulnerabilities/8816
  312.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  313.     Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  314.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  315. [i] Fixed in: 4.0.18
  316.  
  317. [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  318.     Reference: https://wpvulndb.com/vulnerabilities/8817
  319.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  320.     Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  321.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  322. [i] Fixed in: 4.0.18
  323.  
  324. [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  325.     Reference: https://wpvulndb.com/vulnerabilities/8818
  326.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  327.     Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  328.     Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  329.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  330. [i] Fixed in: 4.0.18
  331.  
  332. [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  333.     Reference: https://wpvulndb.com/vulnerabilities/8819
  334.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  335.     Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  336.     Reference: https://hackerone.com/reports/203515
  337.     Reference: https://hackerone.com/reports/203515
  338.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  339. [i] Fixed in: 4.0.18
  340.  
  341. [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  342.     Reference: https://wpvulndb.com/vulnerabilities/8820
  343.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  344.     Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  345.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  346. [i] Fixed in: 4.0.18
  347.  
  348. [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  349.     Reference: https://wpvulndb.com/vulnerabilities/8905
  350.     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  351.     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  352.     Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  353. [i] Fixed in: 4.0.19
  354.  
  355. [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  356.     Reference: https://wpvulndb.com/vulnerabilities/8906
  357.     Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  358.     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  359.     Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  360.     Reference: https://wpvulndb.com/vulnerabilities/8905
  361. [i] Fixed in: 4.7.5
  362.  
  363. [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  364.     Reference: https://wpvulndb.com/vulnerabilities/8910
  365.     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  366.     Reference: https://core.trac.wordpress.org/changeset/41398
  367.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  368. [i] Fixed in: 4.0.19
  369.  
  370. [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  371.     Reference: https://wpvulndb.com/vulnerabilities/8911
  372.     Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  373.     Reference: https://core.trac.wordpress.org/changeset/41457
  374.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  375. [i] Fixed in: 4.0.19
  376.  
  377. [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  378.     Reference: https://wpvulndb.com/vulnerabilities/8941
  379.     Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  380.     Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  381.     Reference: https://twitter.com/ircmaxell/status/923662170092638208
  382.     Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  383.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  384. [i] Fixed in: 4.0.20
  385.  
  386. [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  387.     Reference: https://wpvulndb.com/vulnerabilities/8966
  388.     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  389.     Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  390.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  391. [i] Fixed in: 4.0.21
  392.  
  393. [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  394.     Reference: https://wpvulndb.com/vulnerabilities/8967
  395.     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  396.     Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  397.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  398. [i] Fixed in: 4.0.21
  399.  
  400. [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  401.     Reference: https://wpvulndb.com/vulnerabilities/8969
  402.     Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  403.     Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  404.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  405. [i] Fixed in: 4.0.21
  406.  
  407. [+] WordPress theme in use: starkers - v4.0
  408.  
  409. [+] Name: starkers - v4.0
  410.  |  Location: https://partaiperindo.com/wp-content/themes/starkers/
  411.  |  Readme: https://partaiperindo.com/wp-content/themes/starkers/README.txt
  412.  |  Style URL: https://partaiperindo.com/wp-content/themes/starkers/style.css
  413.  |  Theme Name: Starkers
  414.  |  Theme URI: http://viewportindustries.com/products/starkers
  415.  |  Description: The totally nude Wordpress theme!
  416.  |  Author: Elliot Jay Stocks & Keir Whitaker
  417.  |  Author URI: http://viewportindustries.com
  418.  
  419. [+] Enumerating plugins from passive detection ...
  420.  | 11 plugins found:
  421.  
  422. [+] Name: add-to-any - v1.7.22
  423.  |  Latest version: 1.7.22 (up to date)
  424.  |  Last updated: 2017-11-22T02:26:00.000Z
  425.  |  Location: https://partaiperindo.com/wp-content/plugins/add-to-any/
  426.  |  Readme: https://partaiperindo.com/wp-content/plugins/add-to-any/README.txt
  427.  
  428. [+] Name: easy-facebook-likebox - v2.1.0
  429.  |  Last updated: 2017-12-21T09:07:00.000Z
  430.  |  Location: https://partaiperindo.com/wp-content/plugins/easy-facebook-likebox/
  431.  |  Readme: https://partaiperindo.com/wp-content/plugins/easy-facebook-likebox/README.txt
  432. [!] The version is out of date, the latest version is 4.3.5
  433.  
  434. [+] Name: ezflippr - v1.1.14
  435.  |  Last updated: 2017-11-21T15:11:00.000Z
  436.  |  Location: https://partaiperindo.com/wp-content/plugins/ezflippr/
  437.  |  Readme: https://partaiperindo.com/wp-content/plugins/ezflippr/readme.txt
  438. [!] The version is out of date, the latest version is 1.1.37
  439.  
  440. [+] Name: form-maker
  441.  |  Latest version: 1.12.9
  442.  |  Last updated: 2017-12-22T13:06:00.000Z
  443.  |  Location: https://partaiperindo.com/wp-content/plugins/form-maker/
  444.  
  445. [!] We could not determine a version so all vulnerabilities are printed out
  446.  
  447. [!] Title: Form Maker 1.6.4 - front_end_form_maker.php Unspecified XSS
  448.     Reference: https://wpvulndb.com/vulnerabilities/7170
  449. [i] Fixed in: 1.6.6
  450.  
  451. [+] Name: instagram-feed - v1.3.7
  452.  |  Last updated: 2017-11-28T04:34:00.000Z
  453.  |  Location: https://partaiperindo.com/wp-content/plugins/instagram-feed/
  454.  |  Readme: https://partaiperindo.com/wp-content/plugins/instagram-feed/README.txt
  455. [!] The version is out of date, the latest version is 1.5.1
  456.  
  457. [!] Title: Instagram Feed <= 1.4.6.2 - Authenticated Cross-Site Scripting (XSS) &  CSRF
  458.     Reference: https://wpvulndb.com/vulnerabilities/8674
  459.     Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_instagram_feed_plugin_via_csrf.html
  460.     Reference: http://seclists.org/fulldisclosure/2016/Nov/115
  461.     Reference: https://plugins.trac.wordpress.org/changeset/1464504/instagram-feed
  462. [i] Fixed in: 1.4.7
  463.  
  464. [+] Name: instagram-slider-widget - v1.3.3
  465.  |  Last updated: 2017-02-16T22:25:00.000Z
  466.  |  Location: https://partaiperindo.com/wp-content/plugins/instagram-slider-widget/
  467.  |  Readme: https://partaiperindo.com/wp-content/plugins/instagram-slider-widget/readme.txt
  468. [!] The version is out of date, the latest version is 1.4.0
  469.  
  470. [+] Name: latest-posts - v1.4
  471.  |  Latest version: 1.4 (up to date)
  472.  |  Last updated: 2017-11-16T05:06:00.000Z
  473.  |  Location: https://partaiperindo.com/wp-content/plugins/latest-posts/
  474.  |  Readme: https://partaiperindo.com/wp-content/plugins/latest-posts/readme.txt
  475.  
  476. [+] Name: photo-gallery
  477.  |  Latest version: 1.3.67
  478.  |  Last updated: 2017-12-22T14:18:00.000Z
  479.  |  Location: https://partaiperindo.com/wp-content/plugins/photo-gallery/
  480.  
  481. [!] We could not determine a version so all vulnerabilities are printed out
  482.  
  483. [!] Title: Photo-Gallery <= 1.2.41 - UploadHandler.php File Upload CSRF
  484.     Reference: https://wpvulndb.com/vulnerabilities/7225
  485.     Reference: http://packetstormsecurity.com/files/126521/
  486.     Reference: https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable
  487. [i] Fixed in: 1.2.42
  488.  
  489. [!] Title: Photo Gallery <= 1.2.7 - Unauthenticated SQL injection
  490.     Reference: https://wpvulndb.com/vulnerabilities/7751
  491.     Reference: http://seclists.org/fulldisclosure/2015/Jan/36
  492.     Reference: http://packetstormsecurity.com/files/129927/
  493.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1055
  494. [i] Fixed in: 1.2.8
  495.  
  496. [!] Title: Photo Gallery <= 1.2.5 - Unrestricted File Upload
  497.     Reference: https://wpvulndb.com/vulnerabilities/7769
  498.     Reference: http://security.szurek.pl/photo-gallery-125-unrestricted-file-upload.html
  499.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9312
  500. [i] Fixed in: 1.2.6
  501.  
  502. [!] Title: Photo Gallery <= 1.2.8 - Blind SQL Injection
  503.     Reference: https://wpvulndb.com/vulnerabilities/7771
  504.     Reference: http://seclists.org/bugtraq/2015/Jan/141
  505.     Reference: http://packetstormsecurity.com/files/130148/
  506.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1393
  507. [i] Fixed in: 1.2.11
  508.  
  509. [!] Title: Photo Gallery 1.1.30 - Cross Site Scripting
  510.     Reference: https://wpvulndb.com/vulnerabilities/7776
  511.     Reference: http://packetstormsecurity.com/files/128518/
  512.     Reference: https://www.htbridge.com/advisory/HTB23232
  513.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6315
  514.     Reference: https://secunia.com/advisories/61649/
  515. [i] Fixed in: 1.1.31
  516.  
  517. [!] Title: Photo Gallery <= 1.2.11 - Cross-Site Scripting (XSS)
  518.     Reference: https://wpvulndb.com/vulnerabilities/7860
  519.     Reference: http://fortiguard.com/encyclopedia/vulnerability/40268
  520.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2324
  521. [i] Fixed in: 1.2.13
  522.  
  523. [!] Title: Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection
  524.     Reference: https://wpvulndb.com/vulnerabilities/8804
  525.     Reference: http://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf
  526. [i] Fixed in: 1.3.36
  527.  
  528. [!] Title: Photo Gallery by WD <= 1.3.42 - Authenticated Path Traversal
  529.     Reference: https://wpvulndb.com/vulnerabilities/8849
  530.     Reference: https://security.dxw.com/advisories/path-traversal-in-photo-gallery-may-allow-admins-to-read-most-files-on-the-filesystem/
  531.     Reference: https://plugins.trac.wordpress.org/changeset/1667128/photo-gallery
  532. [i] Fixed in: 1.3.43
  533.  
  534. [!] Title: Photo Gallery by WD <= 1.3.50 - Authenticated SQL Injection
  535.     Reference: https://wpvulndb.com/vulnerabilities/8893
  536.     Reference: https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL
  537.     Reference: https://plugins.trac.wordpress.org/changeset/1712095/photo-gallery
  538.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12977
  539. [i] Fixed in: 1.3.51
  540.  
  541. [+] Name: simple-social-share - v1.0
  542.  |  Last updated: 2016-01-16T18:18:00.000Z
  543.  |  Location: https://partaiperindo.com/wp-content/plugins/simple-social-share/
  544.  |  Readme: https://partaiperindo.com/wp-content/plugins/simple-social-share/readme.txt
  545. [!] The version is out of date, the latest version is 3.0
  546.  
  547. [+] Name: wonderplugin-slider-lite - v6.2
  548.  |  Latest version: 6.2 (up to date)
  549.  |  Last updated: 2017-09-06T11:38:00.000Z
  550.  |  Location: https://partaiperindo.com/wp-content/plugins/wonderplugin-slider-lite/
  551.  |  Readme: https://partaiperindo.com/wp-content/plugins/wonderplugin-slider-lite/readme.txt
  552.  
  553. [+] Name: wppdf - v4.3
  554.  |  Latest version: 1.0.0 (up to date)
  555.  |  Last updated: 2015-12-10T09:33:00.000Z
  556.  |  Location: https://partaiperindo.com/wp-content/plugins/wppdf/
  557.  |  Readme: https://partaiperindo.com/wp-content/plugins/wppdf/readme.txt
  558.  
  559. [+] Enumerating usernames ...
  560. [+] Identified the following 10 user/s:
  561.     +----+-------------+------+
  562.     | Id | Login       | Name |
  563.     +----+-------------+------+
  564.     | 1  | perindo     |      |
  565.     | 2  | perindowp   |      |
  566.     | 3  | andjarf     |      |
  567.     | 4  | 1petugas    |      |
  568.     | 5  | 2petugas    |      |
  569.     | 6  | toyib       |      |
  570.     | 7  | dhani       |      |
  571.     | 8  | sueb        |      |
  572.     | 9  | arifrahman  |      |
  573.     | 10 | arifrahman2 |      |
  574.     +----+-------------+------+
  575.  
  576. [+] Finished: Mon Dec 25 04:06:25 2017
  577. [+] Requests Done: 116
  578. [+] Memory used: 171.293 MB
  579. [+] Elapsed time: 00:00:32
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top