API tools faq
paste
Advertisement
foozzi

Untitled

foozzi
Dec 22nd, 2016
200
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.79 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [+] robots.txt available under: 'http://*/robots.txt'
  3. [+] Interesting entry from robots.txt: http://*/
  4. [+] Interesting entry from robots.txt: http://*/
  5. [!] The WordPress 'http://*/readme.html' file exists exposing a version number
  6. [+] Interesting header: LINK: <http://*/wp-json/>; rel="https://api.w.org/"
  7. [+] Interesting header: SERVER: Apache/2.2.22 (Debian)
  8. [+] Interesting header: X-POWERED-BY: PHP/5.4.45-0+deb7u1
  9. [+] XML-RPC Interface available under: http://*/xmlrpc.php
  10. [!] Upload directory has directory listing enabled: http://*/wp-content/uploads/
  11. [!] Includes directory has directory listing enabled: http://*/wp-includes/
  12.  
  13. [+] WordPress version 4.4.2 (Released on 2016-02-02) identified from advanced fingerprinting, links opml
  14. [!] 10 vulnerabilities identified from the version number
  15.  
  16. [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  17. Reference: https://wpvulndb.com/vulnerabilities/8473
  18. Reference: https://codex.wordpress.org/Version_4.5
  19. Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  20. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  21. [i] Fixed in: 4.5
  22.  
  23. [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  24. Reference: https://wpvulndb.com/vulnerabilities/8474
  25. Reference: https://codex.wordpress.org/Version_4.5
  26. Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  27. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  28. [i] Fixed in: 4.5
  29.  
  30. [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  31. Reference: https://wpvulndb.com/vulnerabilities/8475
  32. Reference: https://codex.wordpress.org/Version_4.5
  33. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  34. [i] Fixed in: 4.5
  35.  
  36. [!] Title: WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
  37. Reference: https://wpvulndb.com/vulnerabilities/8488
  38. Reference: https://wordpress.org/news/2016/05/wordpress-4-5-2/
  39. Reference: https://github.com/WordPress/WordPress/commit/a493dc0ab5819c8b831173185f1334b7c3e02e36
  40. Reference: https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
  41. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4567
  42. [i] Fixed in: 4.5.2
  43.  
  44. [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  45. Reference: https://wpvulndb.com/vulnerabilities/8489
  46. Reference: https://wordpress.org/news/2016/05/wordpress-4-5-2/
  47. Reference: https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  48. Reference: https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  49. Reference: http://avlidienbrunn.com/wp_some_loader.php
  50. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  51. [i] Fixed in: 4.4.3
  52.  
  53. [!] Title: WordPress 4.2-4.5.2 - Authenticated Attachment Name Stored XSS
  54. Reference: https://wpvulndb.com/vulnerabilities/8518
  55. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  56. Reference: https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648
  57. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5833
  58. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834
  59. [i] Fixed in: 4.4.4
  60.  
  61. [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  62. Reference: https://wpvulndb.com/vulnerabilities/8519
  63. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  64. Reference: https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  65. Reference: https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  66. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  67. [i] Fixed in: 4.4.4
  68.  
  69. [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  70. Reference: https://wpvulndb.com/vulnerabilities/8520
  71. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  72. Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  73. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  74. [i] Fixed in: 4.4.4
  75.  
  76. [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  77. Reference: https://wpvulndb.com/vulnerabilities/8615
  78. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  79. Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  80. Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  81. Reference: http://seclists.org/fulldisclosure/2016/Sep/6
  82. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  83. [i] Fixed in: 4.4.5
  84.  
  85. [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  86. Reference: https://wpvulndb.com/vulnerabilities/8616
  87. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  88. Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  89. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  90. [i] Fixed in: 4.4.5
  91.  
  92. [+] WordPress theme in use: mst
  93.  
  94. [+] Name: mst
  95. | Location: http://*/wp-content/themes/mst/
  96. [!] Directory listing is enabled: http://*/wp-content/themes/mst/
  97. | Style URL: http://*/wp-content/themes/mst/style.css
  98. | Referenced style.css: http://*/wp-content/themes/mst/css/style.css
  99.  
  100. [+] Enumerating plugins from passive detection ...
  101. [+] No plugins found
  102.  
  103. [+] Finished: Thu Dec 22 19:49:25 2016
  104. [+] Requests Done: 51
  105. [+] Memory used: 25.48 MB
  106. [+] Elapsed time: 00:00:22
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!