Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Uniloc
- --------
- ### What
- --------
- #### WordPress
- Uniloc's primary website is http://uniloc.com. It is run on WordPress version 3.0.1. There are 22 security vulnerabilities:
- 1. Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
- Reference: https://wpvulndb.com/vulnerabilities/5970
- Reference: http://packetstormsecurity.com/files/123589/
- Reference: http://core.trac.wordpress.org/changeset/25323
- Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
- Reference: https://secunia.com/advisories/54803/
- Reference: https://www.exploit-db.com/exploits/28958/
- 2. Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
- Reference: https://wpvulndb.com/vulnerabilities/5988
- Reference: https://github.com/FireFart/WordpressPingbackPortScanner
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
- 3. Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
- Reference: https://wpvulndb.com/vulnerabilities/5989
- Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
- 4. Title: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
- Reference: https://wpvulndb.com/vulnerabilities/5994
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6633
- 5. Title: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
- Reference: https://wpvulndb.com/vulnerabilities/5995
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6634
- 6. Title: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
- Reference: https://wpvulndb.com/vulnerabilities/5996
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6635
- 7. Title: WordPress 2.5 - 3.3.1 XSS in swfupload
- Reference: https://wpvulndb.com/vulnerabilities/5999
- Reference: http://seclists.org/fulldisclosure/2012/Nov/51
- 8. Title: WordPress <= 3.0.5 wp-admin/press-this.php Privilege Escalation
- Reference: https://wpvulndb.com/vulnerabilities/6004
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5270
- 9. Title: WordPress 2.0 - 3.0.1 SQL Injection in do_trackbacks()
- Reference: https://wpvulndb.com/vulnerabilities/6005
- Reference: https://www.exploit-db.com/exploits/15684/
- 10. Title: WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions
- Reference: https://wpvulndb.com/vulnerabilities/6009
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5293
- 11. Title: WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()
- Reference: https://wpvulndb.com/vulnerabilities/6010
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5294
- 12. Title: WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php
- Reference: https://wpvulndb.com/vulnerabilities/6011
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5295
- 13. Title: WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass
- Reference: https://wpvulndb.com/vulnerabilities/6012
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5296
- 14. Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
- Reference: https://wpvulndb.com/vulnerabilities/7528
- Reference: https://core.trac.wordpress.org/changeset/29384
- Reference: https://core.trac.wordpress.org/changeset/29408
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
- 15. Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
- Reference: https://wpvulndb.com/vulnerabilities/7529
- Reference: https://core.trac.wordpress.org/changeset/29398
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
- 16. Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/7680
- Reference: http://klikki.fi/adv/wordpress.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: http://klikki.fi/adv/wordpress_update.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
- 17. Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
- Reference: https://wpvulndb.com/vulnerabilities/7681
- Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
- Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
- Reference: https://www.exploit-db.com/exploits/35413/
- Reference: https://www.exploit-db.com/exploits/35414/
- 18. Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
- Reference: https://wpvulndb.com/vulnerabilities/7696
- Reference: http://www.securityfocus.com/bid/71234/
- Reference: https://core.trac.wordpress.org/changeset/30444
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
- 19. Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8111
- Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
- Reference: https://twitter.com/klikkioy/status/624264122570526720
- Reference: https://klikki.fi/adv/wordpress3.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
- 20. Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
- Reference: https://wpvulndb.com/vulnerabilities/8473
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
- 21. Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
- Reference: https://wpvulndb.com/vulnerabilities/8474
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
- 22. Title: WordPress <= 4.4.2 - Script Compression Option CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8475
- Reference: https://codex.wordpress.org/Version_4.5
- #### Credentials
- Passwords are hashed.
- gustavo@gustavolanzas.com/$P$986fJeRphaTYRQPeXzxd43fjdSBCQ11 (admin)
- bdavis@uniloc.com/$P$9.SrH/8jJ5cMIFxrmL3SGpRSkjlGwp1
- steve@debrundesign.com/$P$Bfk0ulKEZ8FVptGJq2cd2dzvAW5uUA.
- knason@hellermanbaretz.com/$P$Bq7JCTjWH5I1iAi1m0BQaKzdTcqQsk.
- andrew.tang@bluecava.com/$P$BaPg.8HwXAEoM5vsaEjxVckhS0JJJP/
- chad@overthetop.com/$P$BEaImoQxPp4wguUAle/oabeHsXWG65/
- dharjanto@unilocusa.com/$P$Bnld7YohLJSiOHD3.dl9uGdfVUEvew.
- #### Affiliations
- Gustavo Lanzas & Associates (http://www.gustavolanzas.com/)
- Debrun Design (http://www.debrundesign.com/)
- Over The Top (http://overthetop.com/)
- Blue Cava (http://bluecava.com/)
- #### Hosts
- Rackspace, Krypt Technologies, Cox Communications
- 184.106.65.203 (184.106.64.0 - 184.106.67.255)
- 98.129.52.180 (NetRange 98.129.0.0 - 98.129.255.255)
- 66.186.36.137 (NetRange 66.186.32.0 - 66.186.63.255)
- 70.169.248.195 (70.169.240.0 - 70.169.255.255)
- 70.169.248.206 (70.169.240.0 - 70.169.255.255)
- 50.57.112.171 (50.57.64.0 - 50.57.127.255)
- ### Why
- -------
- https://www.youtube.com/watch?v=eatfgXTMFf0
Add Comment
Please, Sign In to add comment