Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- +] URL: http://gebe-montagebau.de/wp/
- [+] Started: Mon Nov 18 23:25:20 2019
- Interesting Finding(s):
- [+] http://gebe-montagebau.de/wp/
- | Interesting Entry: Server: Apache
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] http://gebe-montagebau.de/wp/xmlrpc.php
- | Found By: Link Tag (Passive Detection)
- | Confidence: 100%
- | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] http://gebe-montagebau.de/wp/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] http://gebe-montagebau.de/wp/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 4.8.1 identified (Insecure, released on 2017-08-02).
- | Detected By: Rss Generator (Passive Detection)
- | - http://gebe-montagebau.de/wp/?feed=rss2, <generator>https://wordpress.org/?v=4.8.1</generator>
- | - http://gebe-montagebau.de/wp/?feed=comments-rss2, <generator>https://wordpress.org/?v=4.8.1</generator>
- |
- | [!] 34 vulnerabilities identified:
- |
- | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8905
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- |
- | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8910
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41398
- |
- | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8911
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41457
- |
- | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8912
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41397
- |
- | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8913
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41448
- |
- | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8914
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41395
- | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- |
- | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- | References:
- | - https://wpvulndb.com/vulnerabilities/8807
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- | - https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- | - https://core.trac.wordpress.org/ticket/25239
- |
- | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- | Fixed in: 4.8.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8941
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- | - https://twitter.com/ircmaxell/status/923662170092638208
- | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- |
- | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8966
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- |
- | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8967
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- |
- | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8968
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
- |
- | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8969
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- |
- | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
- | Fixed in: 4.8.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9006
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9263
- | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
- | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/ticket/42720
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- | Fixed in: 4.8.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/9053
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- |
- | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- | Fixed in: 4.8.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/9054
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- |
- | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- | Fixed in: 4.8.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/9055
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | Fixed in: 4.8.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated File Delete
- | Fixed in: 4.8.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/9169
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
- | Fixed in: 4.8.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/9170
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- |
- | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
- | Fixed in: 4.8.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/9171
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 4.8.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/9172
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- | Fixed in: 4.8.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/9173
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- |
- | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- | Fixed in: 4.8.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/9174
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- | Fixed in: 4.8.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/9175
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
- |
- | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
- | Fixed in: 5.0.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/9222
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
- | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
- | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 4.8.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- |
- | [!] Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
- | Fixed in: 4.8.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9867
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222
- | - https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
- | - https://hackerone.com/reports/339483
- |
- | [!] Title: WordPress <= 5.2.3 - Stored XSS in Customizer
- | Fixed in: 4.8.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9908
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
- | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- |
- | [!] Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
- | Fixed in: 4.8.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9909
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
- | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- | - https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
- | - https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
- |
- | [!] Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
- | Fixed in: 4.8.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9910
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
- | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- |
- | [!] Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
- | Fixed in: 4.8.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9911
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
- | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- | - https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
- | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- |
- | [!] Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
- | Fixed in: 4.8.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9912
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
- | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- | - https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
- | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- |
- | [!] Title: WordPress <= 5.2.3 - Admin Referrer Validation
- | Fixed in: 4.8.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9913
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
- | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- | - https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
- | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- [+] WordPress theme in use: spacious
- | Location: http://gebe-montagebau.de/wp/wp-content/themes/spacious/
- | Last Updated: 2019-08-27T00:00:00.000Z
- | Readme: http://gebe-montagebau.de/wp/wp-content/themes/spacious/readme.txt
- | [!] The version is out of date, the latest version is 1.6.6
- | Style URL: http://gebe-montagebau.de/wp/wp-content/themes/spacious/style.css?ver=4.8.1
- | Style Name: Spacious
- | Style URI: https://themegrill.com/themes/spacious
- | Description: Spacious is an incredibly spacious multipurpose responsive theme coded & designed with a lot of care...
- | Author: ThemeGrill
- | Author URI: https://themegrill.com
- |
- | Detected By: Css Style (Passive Detection)
- |
- | Version: 1.4.7 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - http://gebe-montagebau.de/wp/wp-content/themes/spacious/style.css?ver=4.8.1, Match: 'Version: 1.4.7'
- [+] Enumerating All Plugins (via Passive Methods)
- [+] Checking Plugin Versions (via Passive and Aggressive Methods)
- [i] Plugin(s) Identified:
- [+] gallery-by-supsystic
- | Location: http://gebe-montagebau.de/wp/wp-content/plugins/gallery-by-supsystic/
- | Last Updated: 2019-10-09T17:56:00.000Z
- | [!] The version is out of date, the latest version is 1.14.1
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.10.8 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://gebe-montagebau.de/wp/wp-content/plugins/gallery-by-supsystic/readme.txt
- [+] uk-cookie-consent
- | Location: http://gebe-montagebau.de/wp/wp-content/plugins/uk-cookie-consent/
- | Last Updated: 2019-10-31T13:38:00.000Z
- | [!] The version is out of date, the latest version is 2.3.15
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: UK Cookie Consent <= 2.3.9 - Authenticated Stored Cross-Site Scripting (XSS)
- | Fixed in: 2.3.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9068
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10310
- | - https://plugins.trac.wordpress.org/changeset/1863058/uk-cookie-consent
- |
- | Version: 2.3.9 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://gebe-montagebau.de/wp/wp-content/plugins/uk-cookie-consent/readme.txt
- [+] Enumerating Config Backups (via Passive and Aggressive Methods)
- Checking Config Backups - Time: 00:00:00 <================================================> (21 / 21) 100.00% Time: 00:00:00
- [i] No Config Backups Found.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement