daily pastebin goal
80%
SHARE
TWEET

[LEAKED] Bugs ntb.polri.go.id

Berandal666 Sep 8th, 2017 92 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ________  __      __.____         _________________   ____ ___  _____  ________    
  2. \_____  \/  \    /  \    |       /   _____/\_____  \ |    |   \/  _  \ \______ \  
  3.  /   |   \   \/\/   /    |       \_____  \  /  / \  \|    |   /  /_\  \ |    |  \  
  4. /    |    \        /|    |___    /        \/   \_/.  \    |  /    |    \|   -`   \
  5. \_______  /\__/\  / |_______ \  /_______  /\_____\ \_/______/\____|__  /_______  /
  6.         \/      \/          \/          \/        \__>               \/        \/  
  7. /---------------------------------------------------------------------------------------
  8. More info:
  9. Find me on twitter: @id_berandal
  10. /---------------------------------------------------------------------------------------
  11. ~ \ We Are / ~
  12. Artefvcker | Arrownonymous | Berandal | Blck0Wl? | Clutzsec | GoC_X | k4luga | KxK_PrajurID
  13. ShoursCout | WoNg_Nd35O | Yonkou4 | ZEUS | 0wLCulun | "Samael" | ./ARMVXO
  14. /---------------------------------------------------------------------------------------
  15. root@Berandal:~# wpscan --url http://ntb.polri.go.id/ --enumerate u
  16. _______________________________________________________________
  17.         __          _______   _____
  18.         \ \        / /  __ \ / ____|
  19.          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
  20.           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
  21.            \  /\  /  | |     ____) | (__| (_| | | | |
  22.             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
  23.  
  24.         WordPress Security Scanner by the WPScan Team
  25.                        Version 2.9.3
  26.           Sponsored by Sucuri - https://sucuri.net
  27.    @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  28. _______________________________________________________________
  29.  
  30. [+] URL: http://ntb.polri.go.id/
  31. [+] Started: Fri Sep  8 16:47:37 2017
  32.  
  33. [+] robots.txt available under: 'http://ntb.polri.go.id/robots.txt'
  34. [+] Interesting entry from robots.txt: http://ntb.polri.go.id/wp-admin/admin-ajax.php
  35. [!] The WordPress 'http://ntb.polri.go.id/readme.html' file exists exposing a version number
  36. [+] Interesting header: LINK: <http://ntb.polri.go.id/wp-json/>; rel="https://api.w.org/", <http://ntb.polri.go.id/>; rel=shortlink
  37. [+] Interesting header: SERVER: Apache
  38. [+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)
  39. [+] XML-RPC Interface available under: http://ntb.polri.go.id/xmlrpc.php
  40. [!] Upload directory has directory listing enabled: http://ntb.polri.go.id/wp-content/uploads/
  41. [!] Includes directory has directory listing enabled: http://ntb.polri.go.id/wp-includes/
  42.  
  43. [+] WordPress version 4.7.2 (Released on 2017-01-26) identified from meta generator, links opml
  44. [!] 13 vulnerabilities identified from the version number
  45.  
  46. [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  47.     Reference: https://wpvulndb.com/vulnerabilities/8765
  48.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  49.     Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  50.     Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  51.     Reference: http://seclists.org/oss-sec/2017/q1/563
  52.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  53. [i] Fixed in: 4.7.3
  54.  
  55. [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  56.     Reference: https://wpvulndb.com/vulnerabilities/8766
  57.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  58.     Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  59.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  60. [i] Fixed in: 4.7.3
  61.  
  62. [!] Title: WordPress 4.7.0-4.7.2 - Authenticated Unintended File Deletion in Plugin Delete
  63.     Reference: https://wpvulndb.com/vulnerabilities/8767
  64.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  65.     Reference: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
  66.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6816
  67. [i] Fixed in: 4.7.3
  68.  
  69. [!] Title: WordPress  4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
  70.     Reference: https://wpvulndb.com/vulnerabilities/8768
  71.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  72.     Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
  73.     Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
  74.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
  75. [i] Fixed in: 4.7.3
  76.  
  77. [!] Title: WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names
  78.     Reference: https://wpvulndb.com/vulnerabilities/8769
  79.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  80.     Reference: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
  81.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6818
  82. [i] Fixed in: 4.7.3
  83.  
  84. [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
  85.     Reference: https://wpvulndb.com/vulnerabilities/8770
  86.     Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  87.     Reference: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
  88.     Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
  89.     Reference: http://seclists.org/oss-sec/2017/q1/562
  90.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
  91. [i] Fixed in: 4.7.3
  92.  
  93. [!] Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset
  94.     Reference: https://wpvulndb.com/vulnerabilities/8807
  95.     Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  96.     Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  97.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  98.  
  99. [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  100.     Reference: https://wpvulndb.com/vulnerabilities/8815
  101.     Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  102.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  103.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  104. [i] Fixed in: 4.7.5
  105.  
  106. [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  107.     Reference: https://wpvulndb.com/vulnerabilities/8816
  108.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  109.     Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  110.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  111. [i] Fixed in: 4.7.5
  112.  
  113. [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  114.     Reference: https://wpvulndb.com/vulnerabilities/8817
  115.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  116.     Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  117.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  118. [i] Fixed in: 4.7.5
  119.  
  120. [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  121.     Reference: https://wpvulndb.com/vulnerabilities/8818
  122.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  123.     Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  124.     Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  125.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  126. [i] Fixed in: 4.7.5
  127.  
  128. [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  129.     Reference: https://wpvulndb.com/vulnerabilities/8819
  130.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  131.     Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  132.     Reference: https://hackerone.com/reports/203515
  133.     Reference: https://hackerone.com/reports/203515
  134.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  135. [i] Fixed in: 4.7.5
  136.  
  137. [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  138.     Reference: https://wpvulndb.com/vulnerabilities/8820
  139.     Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  140.     Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  141.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  142. [i] Fixed in: 4.7.5
  143.  
  144. [+] WordPress theme in use: jupiter - v5.6
  145.  
  146. [+] Name: jupiter - v5.6
  147.  |  Location: http://ntb.polri.go.id/wp-content/themes/jupiter/
  148.  |  Style URL: http://ntb.polri.go.id/wp-content/themes/jupiter/style.css
  149.  |  Theme Name: Jupiter | Shared By Themes24x7.com
  150.  |  Theme URI: http://themeforest.net/user/artbees
  151.  |  Description: A Beautiful, Professional and Ultimate Wordpress Theme Made by Artbees. Jupiter is a Clean, Flexi...
  152.  |  Author: Artbees
  153.  |  Author URI: http://themeforest.net/user/artbees
  154.  
  155. [+] Enumerating plugins from passive detection ...
  156.  | 4 plugins found:
  157.  
  158. [+] Name: LayerSlider
  159.  |  Location: http://ntb.polri.go.id/wp-content/plugins/LayerSlider/
  160.  
  161. [!] We could not determine a version so all vulnerabilities are printed out
  162.  
  163. [!] Title: LayerSlider 4.6.1 - Style Editing CSRF
  164.     Reference: https://wpvulndb.com/vulnerabilities/7152
  165.     Reference: http://packetstormsecurity.com/files/125637/
  166. [i] Fixed in: 5.2.0
  167.  
  168. [!] Title: LayerSlider 4.6.1 - Remote Path Traversal File Access
  169.     Reference: https://wpvulndb.com/vulnerabilities/7153
  170.     Reference: http://packetstormsecurity.com/files/125637/
  171.     Reference: https://secunia.com/advisories/57309/
  172. [i] Fixed in: 5.2.0
  173.  
  174. [!] Title: LayerSlider <= 6.2.0 - CSRF / Authenticated Stored XSS & SQL Injection
  175.     Reference: https://wpvulndb.com/vulnerabilities/8822
  176.     Reference: http://wphutte.com/layer-slider-6-1-6-csrf-to-xss-to-sqli-with-poc/
  177.     Reference: https://support.kreaturamedia.com/docs/layersliderwp/documentation.html#release-log
  178. [i] Fixed in: 6.2.1
  179.  
  180. [+] Name: js_composer_theme
  181.  |  Location: http://ntb.polri.go.id/wp-content/plugins/js_composer_theme/
  182.  
  183. [+] Name: multisite-global-search - v1.2.14
  184.  |  Latest version: 1.2.14 (up to date)
  185.  |  Last updated: 2017-02-12T23:30:00.000Z
  186.  |  Location: http://ntb.polri.go.id/wp-content/plugins/multisite-global-search/
  187.  |  Readme: http://ntb.polri.go.id/wp-content/plugins/multisite-global-search/readme.txt
  188. [!] Directory listing is enabled: http://ntb.polri.go.id/wp-content/plugins/multisite-global-search/
  189.  
  190. [+] Name: network-latest-posts - v3.7.1
  191.  |  Latest version: 3.7.1 (up to date)
  192.  |  Last updated: 2015-06-16T20:42:00.000Z
  193.  |  Location: http://ntb.polri.go.id/wp-content/plugins/network-latest-posts/
  194.  |  Readme: http://ntb.polri.go.id/wp-content/plugins/network-latest-posts/readme.txt
  195. [!] Directory listing is enabled: http://ntb.polri.go.id/wp-content/plugins/network-latest-posts/
  196.  
  197. [+] Enumerating usernames ...
  198. [+] Identified the following 8 user/s:
  199.     +----+--------------+---------------+
  200.     | Id | Login        | Name          |
  201.     +----+--------------+---------------+
  202.     | 2  | itwasda      | Itwasda       |
  203.     | 3  | opspolda     | Biro Ops      |
  204.     | 4  | renapolda    | Biro Rena     |
  205.     | 5  | sdmpolda     | Biro SDM      |
  206.     | 7  | spnbelanting | SPN Belanting |
  207.     | 8  | propam       | Bid Propam    |
  208.     | 9  | humas        | Bid Humas     |
  209.     | 10 | kumpolda     | Bid Kum       |
  210.     +----+--------------+---------------+
  211.  
  212. [+] Finished: Fri Sep  8 16:52:58 2017
  213. [+] Requests Done: 119
  214. [+] Memory used: 91.648 MB
  215. [+] Elapsed time: 00:05:21
RAW Paste Data
Top