Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- The following leak is brought to you by Paw Security & .....
- _____ ______ __ __ ______ ________ __ __ __ ______
- /_____/\ /_____/\ /__/\/__/\ /_____/\ /_______/\ /_//_//_/\ /_____/\
- \:::_ \ \\:::_ \ \\ \ \: \ \__\:::_ \ \\::: _ \ \\:\\:\\:\ \ \:::__\/
- \:\ \ \ \\:(_) \ \\::\_\::\/_/\\:(_) \ \\::(_) \ \\:\\:\\:\ \ /: /
- \:\ \ \ \\: ___\/ \_::: __\/ \: ___\/ \:: __ \ \\:\\:\\:\ \ /::/___
- \:\_\ \ \\ \ \ \::\ \ \ \ \ \:.\ \ \ \\:\\:\\:\ \/_:/____/\
- \_____\/ \_\/ \__\/ \_\/ \__\/\__\/ \_______\/\_______\/
- #Op4Pawz & Paw Security; Knocking down one zoo at a time.
- #EmptyTheCages
- ########--------#########------##########-----######################-------------##################------######
- [-] Target: http://www.comozooconservatory.org
- [I] Server: cloudflare-nginx
- [I] CMS Detection: Wordpress
- [I] Wordpress Version: 3.8.4
- [I] Wordpress Theme: comozoo
- [-] Searching Vulnerable Theme from ExploitDB website ...
- [-] Valid Usernames found:
- [I] admin
- [M] Website vulnerable to XML-RPC Brute Force Vulnerability
- [-] Default WordPress Files:
- [I] http://www.comozooconservatory.org/readme.html
- [I] http://www.comozooconservatory.org/license.txt
- [I] http://www.comozooconservatory.org/xmlrpc.php
- [I] http://www.comozooconservatory.org/wp-includes/images/crystal/license.txt
- [I] http://www.comozooconservatory.org/wp-includes/images/crystal/license.txt
- [I] http://www.comozooconservatory.org/wp-includes/js/plupload/license.txt
- [I] http://www.comozooconservatory.org/wp-includes/js/plupload/changelog.txt
- [I] http://www.comozooconservatory.org/wp-includes/js/tinymce/license.txt
- [I] http://www.comozooconservatory.org/wp-includes/js/tinymce/plugins/spellchecker/changelog.txt
- [I] http://www.comozooconservatory.org/wp-includes/js/swfupload/license.txt
- [I] http://www.comozooconservatory.org/wp-includes/ID3/license.txt
- [I] http://www.comozooconservatory.org/wp-includes/ID3/readme.txt
- [I] http://www.comozooconservatory.org/wp-includes/ID3/license.commercial.txt
- [I] http://www.comozooconservatory.org/wp-content/themes/twentythirteen/fonts/COPYING.txt
- [I] http://www.comozooconservatory.org/wp-content/themes/twentythirteen/fonts/LICENSE.txt
- ########--------#########------##########-----######################-------------##################------######
- [-] Searching Vulnerable Plugins from ExploitDB website ...
- [I] Calendar
- [I] booking
- [M] EDB-ID: 35073
- [M] EDB-ID: 27399 Date: 2013-08-07 Verified: No Title: Wordpress Booking Calendar 4.1.4 - CSRF Vulnerability
- [M] EDB-ID: 25723
- [M] EDB-ID: 21715 Date: 2012-10-03 Verified: Yes Title: Wordpress Plugin spider calendar Multiple Vulnerabilities
- ########--------#########------##########-----######################-------------##################------######
- [-] Searching Wordpress Themes ...
- [I] default
- [-] Searching Vulnerable Theme from ExploitDB website ...
- [M] EDB-ID: 34538 Date: 2014-09-05 Verified: No Title: Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability
- [M] EDB-ID: 33851 Date: 2014-06-24 Verified: Yes Title: Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0-day)
- [M] EDB-ID: 33003 Date: 2014-04-24 Verified: Yes Title: Wordpress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload
- [M] EDB-ID: 27531 Date: 2013-08-12 Verified: Yes Title: Wordpress HMS Testimonials Plugin 2.0.10 - Multiple Vulnerabilities
- [M] EDB-ID: 25721 Date: 2013-05-26 Verified: No Title: Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability
- [M] EDB-ID: 24868 Date: 2013-03-22 Verified: No Title: WordPress IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection
- [M] EDB-ID: 23856 Date: 2013-01-03 Verified: Yes Title: WordPress Plugin Advanced Custom Fields Remote File Inclusion
- [M] EDB-ID: 23356 Date: 2012-12-13 Verified: Yes Title: Portable phpMyAdmin Wordpress Plugin Authentication Bypass
- [M] EDB-ID: 21646 Date: 2012-10-01 Verified: No Title: Archin WordPress Theme 3.2 Unauthenticated Configuration Access
- [M] EDB-ID: 21393 Date: 2012-09-19 Verified: Yes Title: wordpress wp-topbar 4.02 - Multiple Vulnerabilities
- [M] EDB-ID: 20358 Date: 2012-08-08 Verified: Yes Title: wordpress mini mail dashboard widget 1.42 - Stored XSS
- ########--------#########------##########-----######################-------------##################------######
- [I] Checking for Directory Listing Enabled ...
- [I] CMS Detection: Joomla
- [-] Joomla Default Files:
- [-] Interesting Directories/Files ...
- [L] http://www.comozooconservatory.org/.default/
- [L] http://www.comozooconservatory.org/0/
- [L] http://www.comozooconservatory.org/2010/
- [L] http://www.comozooconservatory.org/2012/
- [L] http://www.comozooconservatory.org/2011/
- [L] http://www.comozooconservatory.org/2013/
- [L] http://www.comozooconservatory.org/2014/
- [L] http://www.comozooconservatory.org/Info/
- [L] http://www.comozooconservatory.org/dashboard/
- [L] http://www.comozooconservatory.org/default/
- [L] http://www.comozooconservatory.org/general/
- [L] http://www.comozooconservatory.org/info/
- [L] http://www.comozooconservatory.org/page2/
- [L] http://www.comozooconservatory.org/phpMyAdmin/
- [L] http://www.comozooconservatory.org/sitemap/
- [L] http://www.comozooconservatory.org/webmail/
- [L] http://www.comozooconservatory.org/test.html
- ########--------#########------##########-----######################-------------##################------######
- We are PawSecurity.
- Leaders of many, followers of none.
- Your #1 Animal Hacktivst Team.
- @PawSecReturns - @ChezIsMe - @Non_Sec
- root@pawsec:~# Out.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement