Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- The following leak is brought to you by Paw Security & .....
- _____ ______ __ __ ______ ________ __ __ __ ______
- /_____/\ /_____/\ /__/\/__/\ /_____/\ /_______/\ /_//_//_/\ /_____/\
- \:::_ \ \\:::_ \ \\ \ \: \ \__\:::_ \ \\::: _ \ \\:\\:\\:\ \ \:::__\/
- \:\ \ \ \\:(_) \ \\::\_\::\/_/\\:(_) \ \\::(_) \ \\:\\:\\:\ \ /: /
- \:\ \ \ \\: ___\/ \_::: __\/ \: ___\/ \:: __ \ \\:\\:\\:\ \ /::/___
- \:\_\ \ \\ \ \ \::\ \ \ \ \ \:.\ \ \ \\:\\:\\:\ \/_:/____/\
- \_____\/ \_\/ \__\/ \_\/ \__\/\__\/ \_______\/\_______\/
- #Op4Pawz & Paw Security; Knocking down one cage at a time.
- #EmptyTheCages
- ########--------#########------##########-----######################-------------##################------######
- [[-] Target: http://www.cameronparkzoo.com
- [M] Website Not in HTTPS: http://www.cameronparkzoo.com
- [I] Server: Apache
- [L] Robots.txt Found: http://www.cameronparkzoo.com/robots.txt
- [I] CMS Detection: Wordpress
- [I] Wordpress Version: 4.0
- [I] Wordpress Theme: cpz
- [-] Searching Vulnerable Theme from ExploitDB website ...
- [-] Enumerating Wordpress Usernames via "Author" ...
- [-] Valid Usernames found:
- [I] Forgotten Password Allows Username Enumeration: http://www.cameronparkzoo.com/wp-login.php?action=lostpassword
- [M] Website vulnerable to XML-RPC Brute Force Vulnerability
- [-] Default WordPress Files:
- [I] http://www.cameronparkzoo.com/readme.html
- [I] http://www.cameronparkzoo.com/license.txt
- [I] http://www.cameronparkzoo.com/xmlrpc.php
- [I] http://www.cameronparkzoo.com/wp-includes/images/crystal/license.txt
- [I] http://www.cameronparkzoo.com/wp-includes/images/crystal/license.txt
- [I] http://www.cameronparkzoo.com/wp-includes/js/plupload/license.txt
- [I] http://www.cameronparkzoo.com/wp-includes/js/tinymce/license.txt
- [I] http://www.cameronparkzoo.com/wp-includes/js/swfupload/license.txt
- [I] http://www.cameronparkzoo.com/wp-includes/ID3/license.txt
- [I] http://www.cameronparkzoo.com/wp-includes/ID3/readme.txt
- [I] http://www.cameronparkzoo.com/wp-includes/ID3/license.commercial.txt
- [I] http://www.cameronparkzoo.com/wp-content/themes/twentythirteen/fonts/COPYING.txt
- [I] http://www.cameronparkzoo.com/wp-content/themes/twentythirteen/fonts/LICENSE.txt
- ########--------#########------##########-----######################-------------##################------######
- [-] Searching Wordpress Plugins ...
- [-] Searching Vulnerable Plugins from ExploitDB website ...
- [I] Calendar
- [M] EDB-ID: 35073
- [M] EDB-ID: 27399 Date: 2013-08-07 Verified: No Title: Wordpress Booking Calendar 4.1.4 - CSRF Vulnerability
- [M] EDB-ID: 25723 Date: 2013-05-26 Verified: Yes Title: Wordpress Spider Event Calendar Plugin 1.3.0 - Multiple Vulnerabilities
- [M] EDB-ID: 21715 Date: 2012-10-03 Verified: Yes Title: Wordpress Plugin spider calendar Multiple Vulnerabilities
- [M] EDB-ID: 10929 Date: 2010-01-02 Verified: Yes Title: Wordpress Events Plugin SQL Injection Vulnerability
- ########--------#########------##########-----######################-------------##################------######
- [-] Searching Vulnerable Theme from ExploitDB website ...
- [-] Searching Wordpress TimThumbs ...
- ########--------#########------##########-----######################-------------##################------######
- [M] http://www.cameronparkzoo.com//wp-content/themes/magazinum/scripts/timthumb.php
- [M] Timthumbs Potentially Vulnerable to File Upload: http://www.exploit-db.com/wordpress-timthumb-exploitation
- [I] Checking for Directory Listing Enabled ...
- [L] http://www.cameronparkzoo.com/wp-includes/
- ########--------#########------##########-----######################-------------##################------######
- We are PawSecurity.
- Leaders of many, followers of none.
- Your #1 Animal Hacktivst Team.
- @PawSecReturns - @ChezIsMe - @Non_Sec
- root@pawsec:~# Out.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement