Cosmo Park Zoo - Vulns Reveled.

1. The following leak is brought to you by Paw Security & .....
2. _____ ______ __ __ ______ ________ __ __ __ ______
3. /_____/\ /_____/\ /__/\/__/\ /_____/\ /_______/\ /_//_//_/\ /_____/\
4. \:::_ \ \\:::_ \ \\ \ \: \ \__\:::_ \ \\::: _ \ \\:\\:\\:\ \ \:::__\/
5. \:\ \ \ \\:(_) \ \\::\_\::\/_/\\:(_) \ \\::(_) \ \\:\\:\\:\ \ /: /
6. \:\ \ \ \\: ___\/ \_::: __\/ \: ___\/ \:: __ \ \\:\\:\\:\ \ /::/___
7. \:\_\ \ \\ \ \ \::\ \ \ \ \ \:.\ \ \ \\:\\:\\:\ \/_:/____/\
8. \_____\/ \_\/ \__\/ \_\/ \__\/\__\/ \_______\/\_______\/
9. #Op4Pawz & Paw Security; Knocking down one zoo at a time.
10. #EmptyTheCages
11. ########--------#########------##########-----######################-------------##################------######
12. [-] Target: http://www.comozooconservatory.org
13. [I] Server: cloudflare-nginx
14. [I] CMS Detection: Wordpress
15. [I] Wordpress Version: 3.8.4
16. [I] Wordpress Theme: comozoo
17. [-] Searching Vulnerable Theme from ExploitDB website ...
18. [-] Valid Usernames found:
19. [I] admin
20. [M] Website vulnerable to XML-RPC Brute Force Vulnerability
21.  
22. [-] Default WordPress Files:
23. [I] http://www.comozooconservatory.org/readme.html
24. [I] http://www.comozooconservatory.org/license.txt
25. [I] http://www.comozooconservatory.org/xmlrpc.php
26. [I] http://www.comozooconservatory.org/wp-includes/images/crystal/license.txt
27. [I] http://www.comozooconservatory.org/wp-includes/images/crystal/license.txt
28. [I] http://www.comozooconservatory.org/wp-includes/js/plupload/license.txt
29. [I] http://www.comozooconservatory.org/wp-includes/js/plupload/changelog.txt
30. [I] http://www.comozooconservatory.org/wp-includes/js/tinymce/license.txt
31. [I] http://www.comozooconservatory.org/wp-includes/js/tinymce/plugins/spellchecker/changelog.txt
32. [I] http://www.comozooconservatory.org/wp-includes/js/swfupload/license.txt
33. [I] http://www.comozooconservatory.org/wp-includes/ID3/license.txt
34. [I] http://www.comozooconservatory.org/wp-includes/ID3/readme.txt
35. [I] http://www.comozooconservatory.org/wp-includes/ID3/license.commercial.txt
36. [I] http://www.comozooconservatory.org/wp-content/themes/twentythirteen/fonts/COPYING.txt
37. [I] http://www.comozooconservatory.org/wp-content/themes/twentythirteen/fonts/LICENSE.txt
38. ########--------#########------##########-----######################-------------##################------######
39. [-] Searching Vulnerable Plugins from ExploitDB website ...
40. [I] Calendar
41. [I] booking
42. [M] EDB-ID: 35073
43. [M] EDB-ID: 27399 Date: 2013-08-07 Verified: No Title: Wordpress Booking Calendar 4.1.4 - CSRF Vulnerability
44. [M] EDB-ID: 25723
45. [M] EDB-ID: 21715 Date: 2012-10-03 Verified: Yes Title: Wordpress Plugin spider calendar Multiple Vulnerabilities
46. ########--------#########------##########-----######################-------------##################------######
47. [-] Searching Wordpress Themes ...
48. [I] default
49.  
50. [-] Searching Vulnerable Theme from ExploitDB website ...
51. [M] EDB-ID: 34538 Date: 2014-09-05 Verified: No Title: Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability
52. [M] EDB-ID: 33851 Date: 2014-06-24 Verified: Yes Title: Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0-day)
53. [M] EDB-ID: 33003 Date: 2014-04-24 Verified: Yes Title: Wordpress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload
54. [M] EDB-ID: 27531 Date: 2013-08-12 Verified: Yes Title: Wordpress HMS Testimonials Plugin 2.0.10 - Multiple Vulnerabilities
55. [M] EDB-ID: 25721 Date: 2013-05-26 Verified: No Title: Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability
56. [M] EDB-ID: 24868 Date: 2013-03-22 Verified: No Title: WordPress IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection
57. [M] EDB-ID: 23856 Date: 2013-01-03 Verified: Yes Title: WordPress Plugin Advanced Custom Fields Remote File Inclusion
58. [M] EDB-ID: 23356 Date: 2012-12-13 Verified: Yes Title: Portable phpMyAdmin Wordpress Plugin Authentication Bypass
59. [M] EDB-ID: 21646 Date: 2012-10-01 Verified: No Title: Archin WordPress Theme 3.2 Unauthenticated Configuration Access
60. [M] EDB-ID: 21393 Date: 2012-09-19 Verified: Yes Title: wordpress wp-topbar 4.02 - Multiple Vulnerabilities
61. [M] EDB-ID: 20358 Date: 2012-08-08 Verified: Yes Title: wordpress mini mail dashboard widget 1.42 - Stored XSS
62. ########--------#########------##########-----######################-------------##################------######
63. [I] Checking for Directory Listing Enabled ...
64. [I] CMS Detection: Joomla
65.  
66. [-] Joomla Default Files:
67. [-] Interesting Directories/Files ...
68. [L] http://www.comozooconservatory.org/.default/
69. [L] http://www.comozooconservatory.org/0/
70. [L] http://www.comozooconservatory.org/2010/
71. [L] http://www.comozooconservatory.org/2012/
72. [L] http://www.comozooconservatory.org/2011/
73. [L] http://www.comozooconservatory.org/2013/
74. [L] http://www.comozooconservatory.org/2014/
75. [L] http://www.comozooconservatory.org/Info/
76. [L] http://www.comozooconservatory.org/dashboard/
77. [L] http://www.comozooconservatory.org/default/
78. [L] http://www.comozooconservatory.org/general/
79. [L] http://www.comozooconservatory.org/info/
80. [L] http://www.comozooconservatory.org/page2/
81. [L] http://www.comozooconservatory.org/phpMyAdmin/
82. [L] http://www.comozooconservatory.org/sitemap/
83. [L] http://www.comozooconservatory.org/webmail/
84. [L] http://www.comozooconservatory.org/test.html
85. ########--------#########------##########-----######################-------------##################------######
86.  
87. We are PawSecurity.
88. Leaders of many, followers of none.
89. Your #1 Animal Hacktivst Team.
90. @PawSecReturns - @ChezIsMe - @Non_Sec
91.  
92. root@pawsec:~# Out.