API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 16th, 2019
153
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.30 KB | None | 0 0
raw download clone embed print report
  1. [+] URL: http://www.bfp.com.ni/
  2. [+] Effective URL: https://www.bfp.com.ni/
  3. [+] Started: Wed Jan 16 07:21:43 2019
  4.  
  5. Interesting Finding(s):
  6.  
  7. [+] https://www.bfp.com.ni/
  8. | Interesting Entries:
  9. | - Server: Microsoft-IIS/8.5
  10. | - X-Powered-By: PHP/5.6.31
  11. | Found By: Headers (Passive Detection)
  12. | Confidence: 100%
  13.  
  14. [+] http://www.bfp.com.ni/xmlrpc.php
  15. | Found By: Direct Access (Aggressive Detection)
  16. | Confidence: 100%
  17. | References:
  18. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  19. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
  20. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  21. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  22. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  23.  
  24. [+] http://www.bfp.com.ni/readme.html
  25. | Found By: Direct Access (Aggressive Detection)
  26. | Confidence: 100%
  27.  
  28. [+] This site has 'Must Use Plugins': http://www.bfp.com.ni/wp-content/mu-plugins/
  29. | Found By: Direct Access (Aggressive Detection)
  30. | Confidence: 80%
  31. | Reference: http://codex.wordpress.org/Must_Use_Plugins
  32.  
  33. [+] WordPress version 4.9.9 identified.
  34. | Detected By: Rss Generator (Passive Detection)
  35. | - https://www.bfp.com.ni/feed/, <generator>https://wordpress.org/?v=4.9.9</generator>
  36. | - https://www.bfp.com.ni/comments/feed/, <generator>https://wordpress.org/?v=4.9.9</generator>
  37.  
  38. [+] WordPress theme in use: jupiter
  39. | Location: http://www.bfp.com.ni/wp-content/themes/jupiter/
  40. | Style URL: http://www.bfp.com.ni/wp-content/themes/jupiter/style.css
  41. | Style Name: Jupiter
  42. | Style URI: http://demos.artbees.net/jupiter5
  43. | Description: A Beautiful, Professional and Ultimate Wordpress Theme Made by Artbees. Jupiter is a Clean, Flexible...
  44. | Author: Artbees
  45. | Author URI: http://themeforest.net/user/artbees
  46. |
  47. | Detected By: Urls In Homepage (Passive Detection)
  48. |
  49. | Version: 5.9.7 (80% confidence)
  50. | Detected By: Style (Passive Detection)
  51. | - http://www.bfp.com.ni/wp-content/themes/jupiter/style.css, Match: 'Version: 5.9.7'
  52.  
  53. [+] Enumerating All Plugins
  54. [+] Checking Plugin Versions
  55.  
  56. [i] Plugin(s) Identified:
  57.  
  58. [+] contact-form-7
  59. | Location: http://www.bfp.com.ni/wp-content/plugins/contact-form-7/
  60. | Last Updated: 2018-12-18T18:05:00.000Z
  61. | [!] The version is out of date, the latest version is 5.1.1
  62. |
  63. | Detected By: Urls In Homepage (Passive Detection)
  64. |
  65. | Version: 5.0.5 (100% confidence)
  66. | Detected By: Query Parameter (Passive Detection)
  67. | - https://www.bfp.com.ni/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.5
  68. | - https://www.bfp.com.ni/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.5
  69. | Confirmed By:
  70. | Readme - Stable Tag (Aggressive Detection)
  71. | - http://www.bfp.com.ni/wp-content/plugins/contact-form-7/readme.txt
  72. | Readme - ChangeLog Section (Aggressive Detection)
  73. | - http://www.bfp.com.ni/wp-content/plugins/contact-form-7/readme.txt
  74.  
  75. [+] js_composer
  76. | Location: http://www.bfp.com.ni/wp-content/plugins/js_composer/
  77. |
  78. | Detected By: Meta Generator (Passive Detection)
  79. | Confirmed By: Body Tag (Passive Detection)
  80. |
  81. | Version: 5.2.1 (60% confidence)
  82. | Detected By: Body Tag (Passive Detection)
  83. | - https://www.bfp.com.ni/, Match: 'js-comp-ver-5.2.1'
  84.  
  85. [+] js_composer_theme
  86. | Location: http://www.bfp.com.ni/wp-content/plugins/js_composer_theme/
  87. |
  88. | Detected By: Urls In Homepage (Passive Detection)
  89. |
  90. | The version could not be determined.
  91.  
  92. [+] revslider
  93. | Location: http://www.bfp.com.ni/wp-content/plugins/revslider/
  94. |
  95. | Detected By: Urls In Homepage (Passive Detection)
  96. | Confirmed By:
  97. | Comment (Passive Detection)
  98. | Div Data Version (Passive Detection)
  99. | Meta Generator (Passive Detection)
  100. |
  101. | Version: 5.4.5.1 (100% confidence)
  102. | Detected By: Comment (Passive Detection)
  103. | - https://www.bfp.com.ni/, Match: 'START REVOLUTION SLIDER 5.4.5.1'
  104. | Confirmed By: Div Data Version (Passive Detection)
  105. | - https://www.bfp.com.ni/, Match: '5.4.5.1'
  106.  
  107. [+] wordpress-seo
  108. | Location: http://www.bfp.com.ni/wp-content/plugins/wordpress-seo/
  109. | Last Updated: 2019-01-08T09:18:00.000Z
  110. | [!] The version is out of date, the latest version is 9.4
  111. |
  112. | Detected By: Comment (Passive Detection)
  113. |
  114. | [!] 1 vulnerability identified:
  115. |
  116. | [!] Title: Yoast SEO <= 9.1 - Authenticated Race Condition
  117. | Fixed in: 9.2
  118. | References:
  119. | - https://wpvulndb.com/vulnerabilities/9150
  120. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19370
  121. | - https://plugins.trac.wordpress.org/changeset/1977260/wordpress-seo
  122. | - https://www.youtube.com/watch?v=nL141dcDGCY
  123. | - http://packetstormsecurity.com/files/150497/
  124. | - https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa
  125. |
  126. | Version: 9.1 (100% confidence)
  127. | Detected By: Comment (Passive Detection)
  128. | - https://www.bfp.com.ni/, Match: 'optimized with the Yoast SEO plugin v9.1 -'
  129. | Confirmed By:
  130. | Readme - Stable Tag (Aggressive Detection)
  131. | - http://www.bfp.com.ni/wp-content/plugins/wordpress-seo/readme.txt
  132. | Readme - ChangeLog Section (Aggressive Detection)
  133. | - http://www.bfp.com.ni/wp-content/plugins/wordpress-seo/readme.txt
  134.  
  135. [+] Enumerating Config Backups
  136. Checking Config Backups - Time: 00:00:11 <===> (21 / 21) 100.00% Time: 00:00:11
  137.  
  138. [i] No Config Backups Found.
  139. ///////////////////////////////////////////////////////////////////////////////////
  140. [i] User(s) Identified:
  141.  
  142. [+] desarrollo-kakao-2
  143. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  144.  
  145. [+] mercadeobfp
  146. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  147.  
  148. [+] tiadmin
  149. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  150.  
  151. [+] vuriesgo
  152. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  153.  
  154. [+] karlagutierrez
  155. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  156.  
  157. [+] jessicalopez
  158. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
  159. ////////////////////////////////////////////////////////////////////////////////////
  160. [+] Finished: Wed Jan 16 07:25:37 2019
  161. [+] Requests Done: 14
  162. [+] Memory used: 28.254 MB
  163. [+] Elapsed time: 00:01:12
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!