daily pastebin goal
2%
SHARE
TWEET

[!] _ [!]

Berandal666 Sep 3rd, 2017 66 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ___________             __        _____.___.            ._.
  2. \_   _____/_ __   ____ |  | __    \__  |   | ____  __ __| |
  3.  |    __)|  |  \_/ ___\|  |/ /     /   |   |/  _ \|  |  \ |
  4.  |     \ |  |  /\  \___|    <      \____   (  <_> )  |  /\|
  5.  \___  / |____/  \___  >__|_ \     / ______|\____/|____/ __
  6.      \/              \/     \/     \/                    \/
  7. ----------------------------------------------------------------------------------------------------------------------------
  8. [+] URL: http://www.garudamedia.id/
  9. [+] Started: Fri Sep  1 17:08:53 2017
  10.  
  11. [+] robots.txt available under: 'http://www.garudamedia.id/robots.txt'
  12. [+] Interesting entry from robots.txt: http://www.garudamedia.id/wp-admin/admin-ajax.php
  13. [!] The WordPress 'http://www.garudamedia.id/readme.html' file exists exposing aversion number
  14. [+] Interesting header: CF-RAY: 397925df056f3dd1-MXP
  15. [+] Interesting header: LINK: <http://www.garudamedia.id/wp-json/>; rel="https://api.w.org/", <http://www.garudamedia.id/>; rel=shortlink
  16. [+] Interesting header: SERVER: cloudflare-nginx
  17. [!] Registration is enabled: http://www.garudamedia.id/wp-login.php?action=register
  18. [+] XML-RPC Interface available under: http://www.garudamedia.id/xmlrpc.php
  19. [!] Upload directory has directory listing enabled: http://www.garudamedia.id/wp-content/uploads/
  20. [!] Includes directory has directory listing enabled: http://www.garudamedia.id/wp-includes/
  21.  
  22. [+] WordPress version 4.7.5 (Released on 2017-05-16) identified from meta generator, links opml
  23. [!] 1 vulnerability identified from the version number
  24.  
  25. [!] Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset
  26.     Reference: https://wpvulndb.com/vulnerabilities/8807
  27.     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  28.     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  29.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  30.  
  31. [+] WordPress theme in use: sydney - v1.35
  32.  
  33. [+] Name: sydney - v1.35
  34.  |  Last updated: 2017-08-04T00:00:00.000Z
  35.  |  Location: http://www.garudamedia.id/wp-content/themes/sydney/
  36.  |  Readme: http://www.garudamedia.id/wp-content/themes/sydney/readme.txt
  37.  |  Changelog: http://www.garudamedia.id/wp-content/themes/sydney/changelog.txt
  38. [!] The version is out of date, the latest version is 1.41
  39.  |  Style URL: http://www.garudamedia.id/wp-content/themes/sydney/style.css
  40.  |  Theme Name: Sydney
  41.  |  Theme URI: http://athemes.com/theme/sydney
  42.  |  Description: Sydney is a powerful business theme that provides a fast way for companies or freelancers to crea...
  43.  |  Author: aThemes
  44.  |  Author URI: http://athemes.com
  45.  
  46. [+] Enumerating plugins from passive detection ...
  47.  | 2 plugins found:
  48.  
  49. [+] Name: siteorigin-panels - v2.5.3
  50.  |  Last updated: 2017-08-24T09:06:00.000Z
  51.  |  Location: http://www.garudamedia.id/wp-content/plugins/siteorigin-panels/
  52.  |  Readme: http://www.garudamedia.id/wp-content/plugins/siteorigin-panels/readme.txt
  53. [!] The version is out of date, the latest version is 2.5.11
  54. [!] Directory listing is enabled: http://www.garudamedia.id/wp-content/plugins/siteorigin-panels/
  55.  
  56. [+] Name: so-widgets-bundle - v1.8.1
  57.  |  Last updated: 2017-08-31T08:27:00.000Z
  58.  |  Location: http://www.garudamedia.id/wp-content/plugins/so-widgets-bundle/
  59.  |  Readme: http://www.garudamedia.id/wp-content/plugins/so-widgets-bundle/readme.txt
  60. [!] The version is out of date, the latest version is 1.9.9
  61. [!] Directory listing is enabled: http://www.garudamedia.id/wp-content/plugins/so-widgets-bundle/
  62.  
  63. [+] Enumerating usernames ...
  64. [+] Identified the following 10 user/s:
  65.     +----+------------------------+-------------------------+
  66.     | Id | Login                  | Name                    |
  67.     +----+------------------------+-------------------------+
  68.     | 1  | admin                  | admin                   |
  69.     | 2  | admin-2                | Mr. Bie                 |
  70.     | 3  | andik                  | andik                   |
  71.     | 4  | aktzf65frai6s8as4g-com | aktzf65fr@ai6s8as4g.com |
  72.     | 5  | joeykc242005           | joeykc242005            |
  73.     | 6  | ejgood1990             | ejgood1990              |
  74.     | 7  | samanthalotspeich1996  | samanthalotspeich1996   |
  75.     | 8  | searchcz1997           | searchcz1997            |
  76.     | 9  | jenclark24281976       | jenclark24281976        |
  77.     | 10 | lavonneb482010         | lavonneb482010          |
  78.     +----+------------------------+-------------------------+
  79. [!] Default first WordPress username 'admin' is still used
  80.  
  81. [+] Finished: Fri Sep  1 17:09:08 2017
  82. [+] Requests Done: 105
  83. [+] Memory used: 49.836 MB
  84. [+] Elapsed time: 00:00:14
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top