API tools faq
paste
Advertisement
Guest User

WPscan Anti-Corruption Unit of Haiti

a guest
Nov 23rd, 2018
143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.64 KB | None | 0 0
raw download clone embed print report
  1. wpscan --url http://ulcc.gouv.ht/
  2. _______________________________________________________________
  3. __ _______ _____
  4. \ \ / / __ \ / ____|
  5. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
  6. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  7. \ /\ / | | ____) | (__| (_| | | | |
  8. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  9.  
  10. WordPress Security Scanner by the WPScan Team
  11. Version 3.3.2
  12. Sponsored by Sucuri - https://sucuri.net
  13. @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
  14. _______________________________________________________________
  15.  
  16. [+] URL: http://ulcc.gouv.ht/
  17. [+] Started: Fri Nov 23 20:21:11 2018
  18.  
  19. Interesting Finding(s):
  20.  
  21. [+] http://ulcc.gouv.ht/
  22. | Interesting Entry: Server: nginx/1.14.0
  23. | Found By: Headers (Passive Detection)
  24. | Confidence: 100%
  25.  
  26. [+] http://ulcc.gouv.ht/xmlrpc.php
  27. | Found By: Headers (Passive Detection)
  28. | Confidence: 100%
  29. | Confirmed By:
  30. | - Link Tag (Passive Detection), 30% confidence
  31. | - Direct Access (Aggressive Detection), 100% confidence
  32. | References:
  33. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  34. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
  35. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  36. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  37. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  38.  
  39. [+] http://ulcc.gouv.ht/readme.html
  40. | Found By: Direct Access (Aggressive Detection)
  41. | Confidence: 100%
  42.  
  43. [+] Upload directory has listing enabled: http://ulcc.gouv.ht/wp-content/uploads/
  44. | Found By: Direct Access (Aggressive Detection)
  45. | Confidence: 100%
  46.  
  47. [+] WordPress version 3.1.2 identified (Released on 2011-04-26).
  48. | Detected By: Rss Generator (Passive Detection)
  49. | - http://ulcc.gouv.ht/?feed=rss2, <generator>http://wordpress.org/?v=3.1.2</generator>
  50. | - http://ulcc.gouv.ht/?feed=comments-rss2, <generator>http://wordpress.org/?v=3.1.2</generator>
  51. | - http://ulcc.gouv.ht/?feed=rss2&page_id=4, <generator>http://wordpress.org/?v=3.1.2</generator>
  52. |
  53. | [!] 38 vulnerabilities identified:
  54. |
  55. | [!] Title: Wordpress <= 3.1.2 Clickjacking
  56. | References:
  57. | - https://wpvulndb.com/vulnerabilities/6002
  58. | - http://seclists.org/fulldisclosure/2011/Sep/219
  59. | - http://www.securityfocus.com/bid/49730/
  60. |
  61. | [!] Title: WordPress 2.5 - 3.3.1 XSS in swfupload
  62. | Fixed in: 3.3.2
  63. | References:
  64. | - https://wpvulndb.com/vulnerabilities/5999
  65. | - http://seclists.org/fulldisclosure/2012/Nov/51
  66. |
  67. | [!] Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
  68. | Fixed in: 3.5.1
  69. | References:
  70. | - https://wpvulndb.com/vulnerabilities/5988
  71. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
  72. | - https://github.com/FireFart/WordpressPingbackPortScanner
  73. |
  74. | [!] Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
  75. | References:
  76. | - https://wpvulndb.com/vulnerabilities/5989
  77. | - http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
  78. |
  79. | [!] Title: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
  80. | Fixed in: 3.3.3
  81. | References:
  82. | - https://wpvulndb.com/vulnerabilities/5994
  83. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6633
  84. |
  85. | [!] Title: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
  86. | Fixed in: 3.3.3
  87. | References:
  88. | - https://wpvulndb.com/vulnerabilities/5995
  89. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6634
  90. |
  91. | [!] Title: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
  92. | Fixed in: 3.3.3
  93. | References:
  94. | - https://wpvulndb.com/vulnerabilities/5996
  95. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6635
  96. |
  97. | [!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
  98. | Fixed in: 3.6.1
  99. | References:
  100. | - https://wpvulndb.com/vulnerabilities/5970
  101. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
  102. | - https://secunia.com/advisories/54803/
  103. | - https://www.exploit-db.com/exploits/28958/
  104. | - http://packetstormsecurity.com/files/123589/
  105. | - http://core.trac.wordpress.org/changeset/25323
  106. | - http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
  107. |
  108. | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  109. | Fixed in: 3.9.2
  110. | References:
  111. | - https://wpvulndb.com/vulnerabilities/7528
  112. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  113. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  114. | - https://core.trac.wordpress.org/changeset/29384
  115. | - https://core.trac.wordpress.org/changeset/29408
  116. |
  117. | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  118. | Fixed in: 3.9.2
  119. | References:
  120. | - https://wpvulndb.com/vulnerabilities/7529
  121. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  122. | - https://core.trac.wordpress.org/changeset/29398
  123. |
  124. | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  125. | Fixed in: 4.0
  126. | References:
  127. | - https://wpvulndb.com/vulnerabilities/7680
  128. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  129. | - http://klikki.fi/adv/wordpress.html
  130. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  131. | - http://klikki.fi/adv/wordpress_update.html
  132. |
  133. | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  134. | Fixed in: 4.0.1
  135. | References:
  136. | - https://wpvulndb.com/vulnerabilities/7681
  137. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  138. | - https://www.exploit-db.com/exploits/35413/
  139. | - https://www.exploit-db.com/exploits/35414/
  140. | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  141. | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
  142. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  143. |
  144. | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  145. | Fixed in: 4.0.1
  146. | References:
  147. | - https://wpvulndb.com/vulnerabilities/7696
  148. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  149. | - http://www.securityfocus.com/bid/71234/
  150. | - https://core.trac.wordpress.org/changeset/30444
  151. |
  152. | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  153. | Fixed in: 4.2.3
  154. | References:
  155. | - https://wpvulndb.com/vulnerabilities/8111
  156. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  157. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  158. | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
  159. | - https://twitter.com/klikkioy/status/624264122570526720
  160. | - https://klikki.fi/adv/wordpress3.html
  161. |
  162. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  163. | Fixed in: 4.5
  164. | References:
  165. | - https://wpvulndb.com/vulnerabilities/8473
  166. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  167. | - https://codex.wordpress.org/Version_4.5
  168. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  169. |
  170. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  171. | Fixed in: 4.5
  172. | References:
  173. | - https://wpvulndb.com/vulnerabilities/8474
  174. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  175. | - https://codex.wordpress.org/Version_4.5
  176. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  177. |
  178. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  179. | Fixed in: 4.5
  180. | References:
  181. | - https://wpvulndb.com/vulnerabilities/8475
  182. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  183. | - https://codex.wordpress.org/Version_4.5
  184. |
  185. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  186. | Fixed in: 4.5.3
  187. | References:
  188. | - https://wpvulndb.com/vulnerabilities/8520
  189. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  190. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  191. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  192. |
  193. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  194. | Fixed in: 4.6.1
  195. | References:
  196. | - https://wpvulndb.com/vulnerabilities/8615
  197. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  198. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  199. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  200. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  201. | - http://seclists.org/fulldisclosure/2016/Sep/6
  202. |
  203. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  204. | Fixed in: 4.6.1
  205. | References:
  206. | - https://wpvulndb.com/vulnerabilities/8616
  207. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  208. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  209. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  210. |
  211. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  212. | Fixed in: 4.7.1
  213. | References:
  214. | - https://wpvulndb.com/vulnerabilities/8716
  215. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  216. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  217. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  218. |
  219. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  220. | Fixed in: 4.7.1
  221. | References:
  222. | - https://wpvulndb.com/vulnerabilities/8719
  223. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  224. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  225. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  226. |
  227. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  228. | Fixed in: 4.7.1
  229. | References:
  230. | - https://wpvulndb.com/vulnerabilities/8720
  231. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  232. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  233. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  234. |
  235. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  236. | Fixed in: 4.7.1
  237. | References:
  238. | - https://wpvulndb.com/vulnerabilities/8721
  239. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  240. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  241. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  242. |
  243. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  244. | Fixed in: 4.7.3
  245. | References:
  246. | - https://wpvulndb.com/vulnerabilities/8766
  247. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  248. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  249. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  250. |
  251. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  252. | References:
  253. | - https://wpvulndb.com/vulnerabilities/8807
  254. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  255. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  256. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  257. | - https://core.trac.wordpress.org/ticket/25239
  258. |
  259. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  260. | Fixed in: 4.7.5
  261. | References:
  262. | - https://wpvulndb.com/vulnerabilities/8815
  263. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  264. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  265. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  266. |
  267. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  268. | Fixed in: 4.7.5
  269. | References:
  270. | - https://wpvulndb.com/vulnerabilities/8816
  271. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  272. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  273. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  274. |
  275. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  276. | Fixed in: 4.7.5
  277. | References:
  278. | - https://wpvulndb.com/vulnerabilities/8818
  279. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  280. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  281. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  282. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  283. |
  284. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  285. | Fixed in: 4.8.2
  286. | References:
  287. | - https://wpvulndb.com/vulnerabilities/8905
  288. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  289. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  290. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  291. |
  292. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  293. | Fixed in: 4.7.5
  294. | References:
  295. | - https://wpvulndb.com/vulnerabilities/8906
  296. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  297. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  298. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  299. | - https://wpvulndb.com/vulnerabilities/8905
  300. |
  301. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  302. | Fixed in: 4.8.2
  303. | References:
  304. | - https://wpvulndb.com/vulnerabilities/8910
  305. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  306. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  307. | - https://core.trac.wordpress.org/changeset/41398
  308. |
  309. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  310. | Fixed in: 4.8.2
  311. | References:
  312. | - https://wpvulndb.com/vulnerabilities/8911
  313. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  314. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  315. | - https://core.trac.wordpress.org/changeset/41457
  316. |
  317. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  318. | Fixed in: 4.8.3
  319. | References:
  320. | - https://wpvulndb.com/vulnerabilities/8941
  321. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  322. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  323. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  324. | - https://twitter.com/ircmaxell/status/923662170092638208
  325. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  326. |
  327. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  328. | Fixed in: 4.9.1
  329. | References:
  330. | - https://wpvulndb.com/vulnerabilities/8966
  331. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  332. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  333. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  334. |
  335. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  336. | Fixed in: 4.9.1
  337. | References:
  338. | - https://wpvulndb.com/vulnerabilities/8967
  339. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  340. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  341. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  342. |
  343. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  344. | References:
  345. | - https://wpvulndb.com/vulnerabilities/9021
  346. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  347. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  348. | - https://github.com/quitten/doser.py
  349. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  350. |
  351. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  352. | References:
  353. | - https://wpvulndb.com/vulnerabilities/9100
  354. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  355. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  356. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  357. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  358. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  359. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  360.  
  361. [+] WordPress theme in use: ulcc
  362. | Location: http://ulcc.gouv.ht/wp-content/themes/ulcc/
  363. | Style URL: http://ulcc.gouv.ht/wp-content/themes/ulcc/style.css
  364. | Style Name: Twenty Ten
  365. | Style URI: http://wordpress.org/
  366. | Description: The 2010 theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a ...
  367. | Author: the WordPress team
  368. |
  369. | Detected By: Css Style (Passive Detection)
  370. | Confirmed By: Urls In Homepage (Passive Detection)
  371. |
  372. | Version: 1.2 (80% confidence)
  373. | Detected By: Style (Passive Detection)
  374. | - http://ulcc.gouv.ht/wp-content/themes/ulcc/style.css, Match: 'Version: 1.2'
  375.  
  376. [+] Enumerating All Plugins
  377. [+] Checking Plugin Versions
  378.  
  379. [i] Plugin(s) Identified:
  380.  
  381. [+] contact-form-7
  382. | Location: http://ulcc.gouv.ht/wp-content/plugins/contact-form-7/
  383. | Latest Version: 5.0.5
  384. | Last Updated: 2018-10-29T23:58:00.000Z
  385. |
  386. | Detected By: Urls In Homepage (Passive Detection)
  387. |
  388. | [!] 3 vulnerabilities identified:
  389. |
  390. | [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass
  391. | Fixed in: 3.7.2
  392. | References:
  393. | - https://wpvulndb.com/vulnerabilities/7020
  394. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
  395. | - http://www.securityfocus.com/bid/66381/
  396. |
  397. | [!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
  398. | Fixed in: 3.5.3
  399. | References:
  400. | - https://wpvulndb.com/vulnerabilities/7022
  401. | - http://packetstormsecurity.com/files/124154/
  402. |
  403. | [!] Title: Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
  404. | Fixed in: 5.0.4
  405. | References:
  406. | - https://wpvulndb.com/vulnerabilities/9127
  407. | - https://contactform7.com/2018/09/04/contact-form-7-504/
  408. | - https://plugins.trac.wordpress.org/changeset/1935726/contact-form-7
  409. | - https://plugins.trac.wordpress.org/changeset/1934594/contact-form-7
  410. | - https://plugins.trac.wordpress.org/changeset/1934343/contact-form-7
  411. | - https://plugins.trac.wordpress.org/changeset/1934327/contact-form-7
  412. |
  413. | The version could not be determined.
  414.  
  415. [+] cool-video-gallery
  416. | Location: http://ulcc.gouv.ht/wp-content/plugins/cool-video-gallery/
  417. | Latest Version: 2.3
  418. | Last Updated: 2016-04-27T01:16:00.000Z
  419. |
  420. | Detected By: Urls In Homepage (Passive Detection)
  421. |
  422. | [!] 9 vulnerabilities identified:
  423. |
  424. | [!] Title: Cool Video Gallery 1.8 - admin/gallery-details.php Multiple Actions CSRF
  425. | Fixed in: 1.9
  426. | Reference: https://wpvulndb.com/vulnerabilities/7237
  427. |
  428. | [!] Title: Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF
  429. | Fixed in: 1.9
  430. | Reference: https://wpvulndb.com/vulnerabilities/7238
  431. |
  432. | [!] Title: Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF
  433. | Fixed in: 1.9
  434. | Reference: https://wpvulndb.com/vulnerabilities/7239
  435. |
  436. | [!] Title: Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF
  437. | Fixed in: 1.9
  438. | Reference: https://wpvulndb.com/vulnerabilities/7240
  439. |
  440. | [!] Title: Cool Video Gallery 1.8 - admin/player-settings.php Player Settings Manipulation CSRF
  441. | Fixed in: 1.9
  442. | Reference: https://wpvulndb.com/vulnerabilities/7241
  443. |
  444. | [!] Title: Cool Video Gallery 1.8 - admin/plugin-uninstall.php Plugin Uninstallation CSRF
  445. | Fixed in: 1.9
  446. | Reference: https://wpvulndb.com/vulnerabilities/7242
  447. |
  448. | [!] Title: Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF
  449. | Fixed in: 1.9
  450. | Reference: https://wpvulndb.com/vulnerabilities/7243
  451. |
  452. | [!] Title: Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF
  453. | Fixed in: 1.9
  454. | Reference: https://wpvulndb.com/vulnerabilities/7244
  455. |
  456. | [!] Title: Cool Video Gallery <= 1.9 - Authenticated Comm& Injection
  457. | Fixed in: 2.0
  458. | References:
  459. | - https://wpvulndb.com/vulnerabilities/8348
  460. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7527
  461. | - http://www.vapidlabs.com/advisory.php?v=158
  462. | - http://www.openwall.com/lists/oss-security/2015/12/02/9
  463. | - https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
  464. | - http://seclists.org/bugtraq/2015/Dec/27
  465. | - https://plugins.trac.wordpress.org/changeset/1368619/cool-video-gallery
  466. |
  467. | The version could not be determined.
  468.  
  469. [+] document-links-widget
  470. | Location: http://ulcc.gouv.ht/wp-content/plugins/document-links-widget/
  471. | Latest Version: 2.0.2
  472. | Last Updated: 2011-03-07T04:39:00.000Z
  473. |
  474. | Detected By: Urls In Homepage (Passive Detection)
  475. |
  476. | The version could not be determined.
  477.  
  478. [+] events-manager
  479. | Location: http://ulcc.gouv.ht/wp-content/plugins/events-manager/
  480. | Latest Version: 5.9.5
  481. | Last Updated: 2018-08-07T19:10:00.000Z
  482. |
  483. | Detected By: Urls In Homepage (Passive Detection)
  484. |
  485. | [!] 5 vulnerabilities identified:
  486. |
  487. | [!] Title: Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities
  488. | Fixed in: 5.5.2
  489. | References:
  490. | - https://wpvulndb.com/vulnerabilities/6648
  491. | - https://secunia.com/advisories/55182/
  492. |
  493. | [!] Title: Events Manager 5.3.8 - Multiple Cross-Site Scripting (XSS)
  494. | Fixed in: 5.3.9
  495. | References:
  496. | - https://wpvulndb.com/vulnerabilities/6649
  497. | - https://secunia.com/advisories/53478/
  498. | - http://www.securityfocus.com/bid/60078/
  499. |
  500. | [!] Title: Events Manager 5.3.5 - Multiple Cross-Site Scripting (XSS)
  501. | Fixed in: 5.3.6
  502. | References:
  503. | - https://wpvulndb.com/vulnerabilities/6652
  504. | - https://secunia.com/advisories/52475/
  505. |
  506. | [!] Title: Events Manager 5.3.3 - Multiple Cross-Site Scripting (XSS)
  507. | Fixed in: 5.3.4
  508. | References:
  509. | - https://wpvulndb.com/vulnerabilities/6655
  510. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1407
  511. | - https://secunia.com/advisories/51869/
  512. | - http://packetstormsecurity.com/files/120688/
  513. | - http://www.securityfocus.com/bid/57477/
  514. |
  515. | [!] Title: Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS
  516. | Fixed in: 5.8.1.2
  517. | References:
  518. | - https://wpvulndb.com/vulnerabilities/9047
  519. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9020
  520. | - https://www.gubello.me/blog/events-manager-authenticated-stored-xss/
  521. |
  522. | The version could not be determined.
  523.  
  524. [+] nextcellent-gallery-nextgen-legacy
  525. | Location: http://ulcc.gouv.ht/wp-content/plugins/nextcellent-gallery-nextgen-legacy/
  526. | Last Updated: 2017-10-16T09:19:00.000Z
  527. | [!] The version is out of date, the latest version is 1.9.35
  528. |
  529. | Detected By: Comment (Passive Detection)
  530. |
  531. | [!] 1 vulnerability identified:
  532. |
  533. | [!] Title: NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness
  534. | Fixed in: 1.9.18
  535. | References:
  536. | - https://wpvulndb.com/vulnerabilities/7222
  537. | - http://www.securityfocus.com/bid/67085/
  538. |
  539. | Version: 1.9.0 (60% confidence)
  540. | Detected By: Comment (Passive Detection)
  541. | - http://ulcc.gouv.ht/, Match: '<meta name="NextGEN" version="1.9.0"'
  542.  
  543. [+] nextgen-gallery
  544. | Location: http://ulcc.gouv.ht/wp-content/plugins/nextgen-gallery/
  545. | Last Updated: 2018-10-24T14:43:00.000Z
  546. | [!] The version is out of date, the latest version is 3.0.16
  547. |
  548. | Detected By: Urls In Homepage (Passive Detection)
  549. | Confirmed By: Comment (Passive Detection)
  550. |
  551. | [!] 13 vulnerabilities identified:
  552. |
  553. | [!] Title: NextGEN Gallery <= 2.0.63 - Arbitrary File Upload
  554. | Fixed in: 2.0.66
  555. | References:
  556. | - https://wpvulndb.com/vulnerabilities/6449
  557. | - http://packetstormsecurity.com/files/127340/
  558. |
  559. | [!] Title: NextGEN Gallery 2.0.0 - Directory Traversal
  560. | Fixed in: 2.0.7
  561. | References:
  562. | - https://wpvulndb.com/vulnerabilities/6450
  563. | - http://seclists.org/fulldisclosure/2014/Feb/171
  564. | - https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/
  565. |
  566. | [!] Title: NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)
  567. | Fixed in: 1.9.8
  568. | References:
  569. | - https://wpvulndb.com/vulnerabilities/6451
  570. | - https://secunia.com/advisories/51271/
  571. | - http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
  572. | - http://www.securityfocus.com/bid/60433/
  573. |
  574. | [!] Title: NextGEN Gallery 1.9.12 - Arbitrary File Upload
  575. | Fixed in: 1.9.13
  576. | References:
  577. | - https://wpvulndb.com/vulnerabilities/6453
  578. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3684
  579. | - http://wordpress.org/plugins/nextgen-gallery/changelog/
  580. |
  581. | [!] Title: NextGEN Gallery 1.9.11 - Full Path Disclosure
  582. | Fixed in: 2.0.0
  583. | References:
  584. | - https://wpvulndb.com/vulnerabilities/6454
  585. | - https://secunia.com/advisories/52137/
  586. |
  587. | [!] Title: NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS
  588. | Fixed in: 2.0.0
  589. | Reference: https://wpvulndb.com/vulnerabilities/6455
  590. |
  591. | [!] Title: NextGEN Gallery <= 1.9.0 - Multiple Cross-Site Scripting (XSS)
  592. | Fixed in: 1.9.1
  593. | References:
  594. | - https://wpvulndb.com/vulnerabilities/6456
  595. | - https://secunia.com/advisories/47588/
  596. |
  597. | [!] Title: NextGEN Gallery <= 2.0.77 - CSRF & Arbitrary File Upload
  598. | Fixed in: 2.0.77.3
  599. | References:
  600. | - https://wpvulndb.com/vulnerabilities/7865
  601. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1784
  602. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1785
  603. | - https://www.nettitude.co.uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress/
  604. |
  605. | [!] Title: NextGEN Gallery <= 2.1.7 - Authenticated Path Traversal
  606. | Fixed in: 2.1.9
  607. | References:
  608. | - https://wpvulndb.com/vulnerabilities/8165
  609. | - http://permalink.gmane.org/gmane.comp.security.oss.general/17650
  610. | - https://github.com/espreto/wpsploit/blob/master/documentation/auxiliary/wp_nextgen_gallery_dir_read.md
  611. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read
  612. |
  613. | [!] Title: NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI)
  614. | Fixed in: 2.1.57
  615. | References:
  616. | - https://wpvulndb.com/vulnerabilities/8664
  617. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6565
  618. | - http://www.kb.cert.org/vuls/id/346175
  619. | - https://plugins.trac.wordpress.org/changeset/1533907/nextgen-gallery
  620. |
  621. | [!] Title: NextGEN Gallery <= 2.1.77 - Unauthenticated SQL Injection
  622. | Fixed in: 2.1.79
  623. | References:
  624. | - https://wpvulndb.com/vulnerabilities/8741
  625. | - https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
  626. | - https://plugins.trac.wordpress.org/changeset/1602275/nextgen-gallery
  627. |
  628. | [!] Title: NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured
  629. | Fixed in: 2.2.50
  630. | References:
  631. | - https://wpvulndb.com/vulnerabilities/9033
  632. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7586
  633. |
  634. | [!] Title: NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
  635. | Fixed in: 2.2.45
  636. | References:
  637. | - https://wpvulndb.com/vulnerabilities/9079
  638. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000172
  639. | - https://fortiguard.com/zeroday/FG-VD-17-215
  640. | - https://plugins.trac.wordpress.org/changeset/1822089/nextgen-gallery
  641. |
  642. | Version: 1.9.0 (60% confidence)
  643. | Detected By: Comment (Passive Detection)
  644. | - http://ulcc.gouv.ht/, Match: '<meta name="NextGEN" version="1.9.0"'
  645.  
  646. [+] theme-my-login
  647. | Location: http://ulcc.gouv.ht/wp-content/plugins/theme-my-login/
  648. | Latest Version: 7.0.11
  649. | Last Updated: 2018-09-19T18:34:00.000Z
  650. |
  651. | Detected By: Urls In Homepage (Passive Detection)
  652. |
  653. | [!] 1 vulnerability identified:
  654. |
  655. | [!] Title: Theme My Login 6.3.9 - Local File Inclusion
  656. | Fixed in: 6.3.10
  657. | References:
  658. | - https://wpvulndb.com/vulnerabilities/6043
  659. | - http://packetstormsecurity.com/files/127302/
  660. | - http://seclists.org/fulldisclosure/2014/Jun/172
  661. | - http://www.securityfocus.com/bid/68254/
  662. | - https://security.dxw.com/advisories/lfi-in-theme-my-login/
  663. |
  664. | The version could not be determined.
  665.  
  666. [+] user-access-manager
  667. | Location: http://ulcc.gouv.ht/wp-content/plugins/user-access-manager/
  668. | Latest Version: 2.1.11
  669. | Last Updated: 2018-03-17T06:58:00.000Z
  670. |
  671. | Detected By: Urls In Homepage (Passive Detection)
  672. |
  673. | [!] 1 vulnerability identified:
  674. |
  675. | [!] Title: User Access Manager <= 2.0.8 - Authenticated Reflected Cross-Site Scripting (XSS)
  676. | Fixed in: 2.0.9
  677. | References:
  678. | - https://wpvulndb.com/vulnerabilities/8814
  679. | - http://www.defensecode.com/advisories/DC-2017-01-021_WordPress_User_Access_Manager_Plugin_Advisory.pdf
  680. | - http://seclists.org/bugtraq/2017/May/31
  681. |
  682. | The version could not be determined.
  683.  
  684. [+] wp-members
  685. | Location: http://ulcc.gouv.ht/wp-content/plugins/wp-members/
  686. | Latest Version: 3.2.4.2
  687. | Last Updated: 2018-10-05T00:51:00.000Z
  688. |
  689. | Detected By: Urls In Homepage (Passive Detection)
  690. |
  691. | [!] 3 vulnerabilities identified:
  692. |
  693. | [!] Title: WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS
  694. | Fixed in: 2.8.10
  695. | References:
  696. | - https://wpvulndb.com/vulnerabilities/7079
  697. | - https://secunia.com/advisories/56271/
  698. | - http://packetstormsecurity.com/files/124720/
  699. | - http://www.securityfocus.com/bid/64713/
  700. |
  701. | [!] Title: WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS
  702. | Fixed in: 2.8.10
  703. | References:
  704. | - https://wpvulndb.com/vulnerabilities/7080
  705. | - https://secunia.com/advisories/56271/
  706. | - http://packetstormsecurity.com/files/124720/
  707. | - http://www.securityfocus.com/bid/64713/
  708. |
  709. | [!] Title: WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS)
  710. | Fixed in: 3.1.8
  711. | References:
  712. | - https://wpvulndb.com/vulnerabilities/8858
  713. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2222
  714. | - https://jvn.jp/en/jp/JVN51355647/index.html
  715. | - https://plugins.trac.wordpress.org/changeset/1667369/#file12
  716. |
  717. | The version could not be determined.
  718.  
  719. [+] Enumerating Config Backups
  720. Checking Config Backups - Time: 00:00:01 <=================================================================================================================> (21 / 21) 100.00% Time: 00:00:01
  721.  
  722. [i] No Config Backups Found.
  723.  
  724. [+] Finished: Fri Nov 23 20:21:43 2018
  725. [+] Requests Done: 103
  726. [+] Memory used: 81.215 MB
  727. [+] Elapsed time: 00:00:32
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!