API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 16th, 2019
211
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 36.00 KB | None | 0 0
raw download clone embed print report
  1. [+] URL: http://www.transitonacional.gob.ni/
  2. [+] Started: Wed Jan 16 07:08:30 2019
  3.  
  4. Interesting Finding(s):
  5.  
  6. [+] http://www.transitonacional.gob.ni/
  7. | Interesting Entries:
  8. | - Server: nginx/1.14.1
  9. | - X-Powered-By: PHP/5.2.17
  10. | - X-Acc-Exp: 600
  11. | - X-Proxy-Cache: EXPIRED www.transitonacional.gob.ni
  12. | Found By: Headers (Passive Detection)
  13. | Confidence: 100%
  14.  
  15. [+] http://www.transitonacional.gob.ni/robots.txt
  16. | Interesting Entries:
  17. | - /wp-admin/
  18. | - /wp-admin/admin-ajax.php
  19. | Found By: Robots Txt (Aggressive Detection)
  20. | Confidence: 100%
  21.  
  22. [+] http://www.transitonacional.gob.ni/xmlrpc.php
  23. | Found By: Link Tag (Passive Detection)
  24. | Confidence: 100%
  25. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
  26. | References:
  27. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  28. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
  29. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  30. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  31. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  32.  
  33. [+] http://www.transitonacional.gob.ni/readme.html
  34. | Found By: Direct Access (Aggressive Detection)
  35. | Confidence: 100%
  36.  
  37. [+] Upload directory has listing enabled: http://www.transitonacional.gob.ni/wp-content/uploads/
  38. | Found By: Direct Access (Aggressive Detection)
  39. | Confidence: 100%
  40.  
  41. [+] WordPress version 4.4.2 identified.
  42. | Detected By: Emoji Settings (Passive Detection)
  43. | - http://www.transitonacional.gob.ni/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=4.4.2'
  44. | Confirmed By: Plugin And Theme Query Parameter In Homepage (Passive Detection)
  45. | - http://www.transitonacional.gob.ni/wp-content/plugins/easy-collapse-accordion/css/bootstrap-accordion.min.css?ver=4.4.2
  46. | - http://www.transitonacional.gob.ni/wp-content/themes/newsmag/css/flexslider.css?ver=4.4.2
  47. | - http://www.transitonacional.gob.ni/wp-content/themes/newsmag/css/prettyPhoto.css?ver=4.4.2
  48. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/js/transito_grafico.js?ver=4.4.2
  49. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/amcharts_3.4.10.free/amcharts.js?ver=4.4.2
  50. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/amcharts_3.4.10.free/serial.js?ver=4.4.2
  51. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/amcharts_3.4.10.free/pie.js?ver=4.4.2
  52. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/amcharts_3.4.10.free/exporting/amexport.js?ver=4.4.2
  53. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/amcharts_3.4.10.free/exporting/rgbcolor.js?ver=4.4.2
  54. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/amcharts_3.4.10.free/exporting/canvg.js?ver=4.4.2
  55. | - http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/amcharts_3.4.10.free/exporting/filesaver.js?ver=4.4.2
  56. | - http://www.transitonacional.gob.ni/wp-content/plugins/itro-popup/scripts/itro-scripts.js?ver=4.4.2
  57. | - http://www.transitonacional.gob.ni/wp-content/themes/newsmag/js/modernizr.min.js?ver=4.4.2
  58. | - http://www.transitonacional.gob.ni/wp-content/themes/newsmag/js/customscript.js?ver=4.4.2
  59. | - http://www.transitonacional.gob.ni/wp-content/themes/newsmag/js/jquery.flexslider-min.js?ver=4.4.2
  60. | - http://www.transitonacional.gob.ni/wp-content/themes/newsmag/js/jquery.prettyPhoto.js?ver=4.4.2
  61. | - http://www.transitonacional.gob.ni/wp-content/plugins/meteor-slides/js/jquery.cycle.all.js?ver=4.4.2
  62. | - http://www.transitonacional.gob.ni/wp-content/plugins/meteor-slides/js/jquery.metadata.v2.js?ver=4.4.2
  63. | - http://www.transitonacional.gob.ni/wp-content/plugins/meteor-slides/js/jquery.touchwipe.1.1.1.js?ver=4.4.2
  64. | - http://www.transitonacional.gob.ni/wp-content/plugins/meteor-slides/js/slideshow.js?ver=4.4.2
  65. |
  66. | [!] 54 vulnerabilities identified:
  67. |
  68. | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  69. | Fixed in: 4.5
  70. | References:
  71. | - https://wpvulndb.com/vulnerabilities/8473
  72. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  73. | - https://codex.wordpress.org/Version_4.5
  74. | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  75. |
  76. | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  77. | Fixed in: 4.5
  78. | References:
  79. | - https://wpvulndb.com/vulnerabilities/8474
  80. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  81. | - https://codex.wordpress.org/Version_4.5
  82. | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  83. |
  84. | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  85. | Fixed in: 4.5
  86. | References:
  87. | - https://wpvulndb.com/vulnerabilities/8475
  88. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  89. | - https://codex.wordpress.org/Version_4.5
  90. |
  91. | [!] Title: WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
  92. | Fixed in: 4.5.2
  93. | References:
  94. | - https://wpvulndb.com/vulnerabilities/8488
  95. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4567
  96. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  97. | - https://github.com/WordPress/WordPress/commit/a493dc0ab5819c8b831173185f1334b7c3e02e36
  98. | - https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
  99. |
  100. | [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  101. | Fixed in: 4.4.3
  102. | References:
  103. | - https://wpvulndb.com/vulnerabilities/8489
  104. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  105. | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
  106. | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  107. | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  108. |
  109. | [!] Title: WordPress 4.2-4.5.2 - Authenticated Attachment Name Stored XSS
  110. | Fixed in: 4.4.4
  111. | References:
  112. | - https://wpvulndb.com/vulnerabilities/8518
  113. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5833
  114. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834
  115. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  116. | - https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648
  117. |
  118. | [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  119. | Fixed in: 4.4.4
  120. | References:
  121. | - https://wpvulndb.com/vulnerabilities/8519
  122. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  123. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  124. | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  125. | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  126. |
  127. | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  128. | Fixed in: 4.4.4
  129. | References:
  130. | - https://wpvulndb.com/vulnerabilities/8520
  131. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  132. | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
  133. | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  134. |
  135. | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  136. | Fixed in: 4.4.5
  137. | References:
  138. | - https://wpvulndb.com/vulnerabilities/8615
  139. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  140. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  141. | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  142. | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  143. | - http://seclists.org/fulldisclosure/2016/Sep/6
  144. |
  145. | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  146. | Fixed in: 4.4.5
  147. | References:
  148. | - https://wpvulndb.com/vulnerabilities/8616
  149. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  150. | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  151. | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  152. |
  153. | [!] Title: WordPress 4.3-4.7 - Remote Code Execution (RCE) in PHPMailer
  154. | Fixed in: 4.4.6
  155. | References:
  156. | - https://wpvulndb.com/vulnerabilities/8714
  157. | - https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/
  158. | - https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
  159. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  160. | - https://github.com/WordPress/WordPress/commit/24767c76d359231642b0ab48437b64e8c6c7f491
  161. | - http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
  162. | - https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_phpmailer_host_header
  163. |
  164. | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  165. | Fixed in: 4.4.6
  166. | References:
  167. | - https://wpvulndb.com/vulnerabilities/8716
  168. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  169. | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  170. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  171. |
  172. | [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  173. | Fixed in: 4.4.6
  174. | References:
  175. | - https://wpvulndb.com/vulnerabilities/8718
  176. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  177. | - https://www.mehmetince.net/low-severity-wordpress/
  178. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  179. | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  180. |
  181. | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  182. | Fixed in: 4.4.6
  183. | References:
  184. | - https://wpvulndb.com/vulnerabilities/8719
  185. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  186. | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  187. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  188. |
  189. | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  190. | Fixed in: 4.4.6
  191. | References:
  192. | - https://wpvulndb.com/vulnerabilities/8720
  193. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  194. | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  195. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  196. |
  197. | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  198. | Fixed in: 4.4.6
  199. | References:
  200. | - https://wpvulndb.com/vulnerabilities/8721
  201. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  202. | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  203. | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  204. |
  205. | [!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
  206. | Fixed in: 4.4.7
  207. | References:
  208. | - https://wpvulndb.com/vulnerabilities/8729
  209. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610
  210. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  211. | - https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
  212. |
  213. | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  214. | Fixed in: 4.4.7
  215. | References:
  216. | - https://wpvulndb.com/vulnerabilities/8730
  217. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  218. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  219. | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  220. |
  221. | [!] Title: WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table
  222. | Fixed in: 4.4.7
  223. | References:
  224. | - https://wpvulndb.com/vulnerabilities/8731
  225. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612
  226. | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  227. | - https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
  228. |
  229. | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  230. | Fixed in: 4.4.8
  231. | References:
  232. | - https://wpvulndb.com/vulnerabilities/8765
  233. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  234. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  235. | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  236. | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  237. | - http://seclists.org/oss-sec/2017/q1/563
  238. |
  239. | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  240. | Fixed in: 4.4.8
  241. | References:
  242. | - https://wpvulndb.com/vulnerabilities/8766
  243. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  244. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  245. | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  246. |
  247. | [!] Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
  248. | Fixed in: 4.4.8
  249. | References:
  250. | - https://wpvulndb.com/vulnerabilities/8768
  251. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
  252. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  253. | - https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
  254. | - https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
  255. |
  256. | [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
  257. | Fixed in: 4.4.8
  258. | References:
  259. | - https://wpvulndb.com/vulnerabilities/8770
  260. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
  261. | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  262. | - https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
  263. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
  264. | - http://seclists.org/oss-sec/2017/q1/562
  265. | - https://hackerone.com/reports/153093
  266. |
  267. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  268. | References:
  269. | - https://wpvulndb.com/vulnerabilities/8807
  270. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  271. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  272. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  273. | - https://core.trac.wordpress.org/ticket/25239
  274. |
  275. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  276. | Fixed in: 4.4.10
  277. | References:
  278. | - https://wpvulndb.com/vulnerabilities/8815
  279. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  280. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  281. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  282. |
  283. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  284. | Fixed in: 4.4.10
  285. | References:
  286. | - https://wpvulndb.com/vulnerabilities/8816
  287. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  288. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  289. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  290. |
  291. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  292. | Fixed in: 4.4.10
  293. | References:
  294. | - https://wpvulndb.com/vulnerabilities/8817
  295. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  296. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  297. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  298. |
  299. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  300. | Fixed in: 4.4.10
  301. | References:
  302. | - https://wpvulndb.com/vulnerabilities/8818
  303. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  304. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  305. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  306. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  307. |
  308. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  309. | Fixed in: 4.4.10
  310. | References:
  311. | - https://wpvulndb.com/vulnerabilities/8819
  312. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  313. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  314. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  315. | - https://hackerone.com/reports/203515
  316. | - https://hackerone.com/reports/203515
  317. |
  318. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  319. | Fixed in: 4.4.10
  320. | References:
  321. | - https://wpvulndb.com/vulnerabilities/8820
  322. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  323. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
  324. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  325. |
  326. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  327. | Fixed in: 4.4.11
  328. | References:
  329. | - https://wpvulndb.com/vulnerabilities/8905
  330. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  331. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  332. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  333. |
  334. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  335. | Fixed in: 4.7.5
  336. | References:
  337. | - https://wpvulndb.com/vulnerabilities/8906
  338. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  339. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  340. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  341. | - https://wpvulndb.com/vulnerabilities/8905
  342. |
  343. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  344. | Fixed in: 4.4.11
  345. | References:
  346. | - https://wpvulndb.com/vulnerabilities/8910
  347. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  348. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  349. | - https://core.trac.wordpress.org/changeset/41398
  350. |
  351. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  352. | Fixed in: 4.4.11
  353. | References:
  354. | - https://wpvulndb.com/vulnerabilities/8911
  355. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  356. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  357. | - https://core.trac.wordpress.org/changeset/41457
  358. |
  359. | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
  360. | Fixed in: 4.4.11
  361. | References:
  362. | - https://wpvulndb.com/vulnerabilities/8913
  363. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
  364. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  365. | - https://core.trac.wordpress.org/changeset/41448
  366. |
  367. | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
  368. | Fixed in: 4.4.11
  369. | References:
  370. | - https://wpvulndb.com/vulnerabilities/8914
  371. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
  372. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  373. | - https://core.trac.wordpress.org/changeset/41395
  374. | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
  375. |
  376. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  377. | Fixed in: 4.4.12
  378. | References:
  379. | - https://wpvulndb.com/vulnerabilities/8941
  380. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  381. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  382. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  383. | - https://twitter.com/ircmaxell/status/923662170092638208
  384. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  385. |
  386. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  387. | Fixed in: 4.4.13
  388. | References:
  389. | - https://wpvulndb.com/vulnerabilities/8966
  390. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  391. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  392. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  393. |
  394. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  395. | Fixed in: 4.4.13
  396. | References:
  397. | - https://wpvulndb.com/vulnerabilities/8967
  398. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  399. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  400. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  401. |
  402. | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
  403. | Fixed in: 4.4.13
  404. | References:
  405. | - https://wpvulndb.com/vulnerabilities/8968
  406. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
  407. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  408. | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
  409. |
  410. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  411. | Fixed in: 4.4.13
  412. | References:
  413. | - https://wpvulndb.com/vulnerabilities/8969
  414. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  415. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  416. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  417. |
  418. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  419. | Fixed in: 4.4.14
  420. | References:
  421. | - https://wpvulndb.com/vulnerabilities/9006
  422. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  423. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  424. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  425. | - https://core.trac.wordpress.org/ticket/42720
  426. |
  427. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  428. | References:
  429. | - https://wpvulndb.com/vulnerabilities/9021
  430. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  431. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  432. | - https://github.com/quitten/doser.py
  433. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  434. |
  435. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  436. | Fixed in: 4.4.15
  437. | References:
  438. | - https://wpvulndb.com/vulnerabilities/9053
  439. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  440. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  441. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  442. |
  443. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  444. | Fixed in: 4.4.15
  445. | References:
  446. | - https://wpvulndb.com/vulnerabilities/9054
  447. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  448. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  449. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  450. |
  451. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  452. | Fixed in: 4.4.15
  453. | References:
  454. | - https://wpvulndb.com/vulnerabilities/9055
  455. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  456. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  457. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  458. |
  459. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  460. | Fixed in: 4.4.16
  461. | References:
  462. | - https://wpvulndb.com/vulnerabilities/9100
  463. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  464. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  465. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  466. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  467. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  468. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  469. |
  470. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  471. | Fixed in: 4.4.17
  472. | References:
  473. | - https://wpvulndb.com/vulnerabilities/9169
  474. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  475. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  476. |
  477. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  478. | Fixed in: 4.4.17
  479. | References:
  480. | - https://wpvulndb.com/vulnerabilities/9170
  481. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  482. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  483. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  484. |
  485. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  486. | Fixed in: 4.4.17
  487. | References:
  488. | - https://wpvulndb.com/vulnerabilities/9171
  489. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  490. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  491. |
  492. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  493. | Fixed in: 4.4.17
  494. | References:
  495. | - https://wpvulndb.com/vulnerabilities/9172
  496. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  497. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  498. |
  499. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  500. | Fixed in: 4.4.17
  501. | References:
  502. | - https://wpvulndb.com/vulnerabilities/9173
  503. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  504. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  505. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  506. |
  507. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  508. | Fixed in: 4.4.17
  509. | References:
  510. | - https://wpvulndb.com/vulnerabilities/9174
  511. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  512. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  513. |
  514. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  515. | Fixed in: 4.4.17
  516. | References:
  517. | - https://wpvulndb.com/vulnerabilities/9175
  518. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  519. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  520. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  521.  
  522. [+] WordPress theme in use: newsmag
  523. | Location: http://www.transitonacional.gob.ni/wp-content/themes/newsmag/
  524. | Last Updated: 2018-08-09T00:00:00.000Z
  525. | [!] The version is out of date, the latest version is 2.4.0
  526. | Style URL: http://www.transitonacional.gob.ni/wp-content/themes/newsmag/style.css
  527. | Style Name: NewsMag
  528. | Style URI: http://mythemeshop.com/themes/newsmag
  529. | Description: NewsMag is a three column, responsive WordPress magazine theme that is built for sites with lots of ...
  530. | Author: MyThemeShop
  531. | Author URI: http://mythemeshop.com/
  532. |
  533. | Detected By: Css Style (Passive Detection)
  534. | Confirmed By: Urls In Homepage (Passive Detection)
  535. |
  536. | Version: 1.0 (80% confidence)
  537. | Detected By: Style (Passive Detection)
  538. | - http://www.transitonacional.gob.ni/wp-content/themes/newsmag/style.css, Match: 'Version: 1.0'
  539.  
  540. [+] Enumerating All Plugins
  541. [+] Checking Plugin Versions
  542.  
  543. [i] Plugin(s) Identified:
  544.  
  545. [+] contact-form-7
  546. | Location: http://www.transitonacional.gob.ni/wp-content/plugins/contact-form-7/
  547. | Last Updated: 2018-12-18T18:05:00.000Z
  548. | [!] The version is out of date, the latest version is 5.1.1
  549. |
  550. | Detected By: Urls In Homepage (Passive Detection)
  551. |
  552. | [!] 1 vulnerability identified:
  553. |
  554. | [!] Title: Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
  555. | Fixed in: 5.0.4
  556. | References:
  557. | - https://wpvulndb.com/vulnerabilities/9127
  558. | - https://contactform7.com/2018/09/04/contact-form-7-504/
  559. | - https://plugins.trac.wordpress.org/changeset/1935726/contact-form-7
  560. | - https://plugins.trac.wordpress.org/changeset/1934594/contact-form-7
  561. | - https://plugins.trac.wordpress.org/changeset/1934343/contact-form-7
  562. | - https://plugins.trac.wordpress.org/changeset/1934327/contact-form-7
  563. | - https://www.ripstech.com/php-security-calendar-2018/#day-18
  564. |
  565. | Version: 4.2.2 (20% confidence)
  566. | Detected By: Query Parameter (Passive Detection)
  567. | - http://www.transitonacional.gob.ni/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.2.2
  568. | - http://www.transitonacional.gob.ni/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.2.2
  569.  
  570. [+] easy-collapse-accordion
  571. | Location: http://www.transitonacional.gob.ni/wp-content/plugins/easy-collapse-accordion/
  572. | Latest Version: 1.0 (up to date)
  573. | Last Updated: 2013-12-26T00:50:00.000Z
  574. |
  575. | Detected By: Urls In Homepage (Passive Detection)
  576. |
  577. | Version: 4.5 (80% confidence)
  578. | Detected By: Readme - Stable Tag (Aggressive Detection)
  579. | - http://www.transitonacional.gob.ni/wp-content/plugins/easy-collapse-accordion/README.md
  580.  
  581. [+] itro-popup
  582. | Location: http://www.transitonacional.gob.ni/wp-content/plugins/itro-popup/
  583. | Latest Version: 5.0.2
  584. | Last Updated: 2017-07-02T08:03:00.000Z
  585. |
  586. | Detected By: Urls In Homepage (Passive Detection)
  587. |
  588. | The version could not be determined.
  589.  
  590. [+] meteor-slides
  591. | Location: http://www.transitonacional.gob.ni/wp-content/plugins/meteor-slides/
  592. | Last Updated: 2017-06-09T20:39:00.000Z
  593. | [!] The version is out of date, the latest version is 1.5.6
  594. |
  595. | Detected By: Urls In Homepage (Passive Detection)
  596. |
  597. | Version: 1.5.4 (100% confidence)
  598. | Detected By: Style Comment (Aggressive Detection)
  599. | - http://www.transitonacional.gob.ni/wp-content/plugins/meteor-slides/css/meteor-slides.css, Match: 'Stylesheet for the Meteor Slides 1.5.4 slideshow'
  600. | Confirmed By: Javascript Comment (Aggressive Detection)
  601. | - http://www.transitonacional.gob.ni/wp-content/plugins/meteor-slides/js/slideshow.js, Match: 'Script for the Meteor Slides 1.5.4 slideshow'
  602.  
  603. [+] transito_grafico
  604. | Location: http://www.transitonacional.gob.ni/wp-content/plugins/transito_grafico/
  605. |
  606. | Detected By: Urls In Homepage (Passive Detection)
  607. |
  608. | The version could not be determined.
  609.  
  610. [+] wp-super-cache
  611. | Location: http://www.transitonacional.gob.ni/wp-content/plugins/wp-super-cache/
  612. | Latest Version: 1.6.4
  613. | Last Updated: 2018-12-20T09:36:00.000Z
  614. |
  615. | Detected By: Comment (Passive Detection)
  616. |
  617. | [!] 10 vulnerabilities identified:
  618. |
  619. | [!] Title: WP-Super-Cache 1.3 - Remote Code Execution
  620. | Fixed in: 1.3.1
  621. | References:
  622. | - https://wpvulndb.com/vulnerabilities/6623
  623. | - http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
  624. | - http://wordpress.org/support/topic/pwn3d
  625. | - http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
  626. |
  627. | [!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
  628. | Fixed in: 1.3.1
  629. | References:
  630. | - https://wpvulndb.com/vulnerabilities/6624
  631. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
  632. |
  633. | [!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
  634. | Fixed in: 1.3.1
  635. | References:
  636. | - https://wpvulndb.com/vulnerabilities/6625
  637. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
  638. |
  639. | [!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
  640. | Fixed in: 1.3.1
  641. | References:
  642. | - https://wpvulndb.com/vulnerabilities/6626
  643. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
  644. |
  645. | [!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
  646. | Fixed in: 1.3.1
  647. | References:
  648. | - https://wpvulndb.com/vulnerabilities/6627
  649. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
  650. |
  651. | [!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
  652. | Fixed in: 1.3.1
  653. | References:
  654. | - https://wpvulndb.com/vulnerabilities/6628
  655. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
  656. |
  657. | [!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
  658. | Fixed in: 1.3.1
  659. | References:
  660. | - https://wpvulndb.com/vulnerabilities/6629
  661. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
  662. |
  663. | [!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)
  664. | Fixed in: 1.4.3
  665. | References:
  666. | - https://wpvulndb.com/vulnerabilities/7889
  667. | - http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
  668. |
  669. | [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
  670. | Fixed in: 1.4.5
  671. | References:
  672. | - https://wpvulndb.com/vulnerabilities/8197
  673. | - http://z9.io/2015/09/25/wp-super-cache-1-4-5/
  674. |
  675. | [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection
  676. | Fixed in: 1.4.5
  677. | References:
  678. | - https://wpvulndb.com/vulnerabilities/8198
  679. | - http://z9.io/2015/09/25/wp-super-cache-1-4-5/
  680. |
  681. | The version could not be determined.
  682.  
  683. [+] Enumerating Config Backups
  684. Checking Config Backups - Time: 00:00:06 <===> (21 / 21) 100.00% Time: 00:00:06
  685. ///////////////////////////////////////////////////////////////////////////////////
  686. [i] User(s) Identified:
  687.  
  688. [+] admin
  689. | Detected By: Author Posts - Author Pattern (Passive Detection)
  690. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  691.  
  692. [+] comisionado-ivan
  693. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  694. ///////////////////////////////////////////////////////////////////////////////////
  695. [i] User(s) Identified:
  696.  
  697. [+] admin
  698. | Detected By: Author Posts - Author Pattern (Passive Detection)
  699. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  700.  
  701. [+] comisionado-ivan
  702. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!