API tools faq
paste
Advertisement
Guest User

ajkerkotha.com

a guest
Dec 18th, 2018
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.66 KB | None | 0 0
raw download clone embed print report
  1. Interesting Finding(s):
  2.  
  3. [+] https://ajkerkotha.com/
  4. | Interesting Entries:
  5. | - Server: Apache
  6. | - X-Powered-By: PHP/7.1.18
  7. | Found By: Headers (Passive Detection)
  8. | Confidence: 100%
  9.  
  10. [+] https://ajkerkotha.com/xmlrpc.php
  11. | Found By: Link Tag (Passive Detection)
  12. | Confidence: 100%
  13. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
  14. | References:
  15. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  16. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
  17. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  18. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  19. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  20.  
  21. [+] https://ajkerkotha.com/wp-content/backup-db/
  22. | Found By: Direct Access (Aggressive Detection)
  23. | Confidence: 70%
  24. | Reference: https://github.com/wpscanteam/wpscan/issues/422
  25.  
  26. [+] This site has 'Must Use Plugins': https://ajkerkotha.com/wp-content/mu-plugins/
  27. | Found By: Direct Access (Aggressive Detection)
  28. | Confidence: 80%
  29. | Reference: http://codex.wordpress.org/Must_Use_Plugins
  30.  
  31. [+] WordPress version 5.0 identified (Insecure, released on 2018-12-06).
  32. | Detected By: Rss Generator (Passive Detection)
  33. | - https://ajkerkotha.com/?feed=rss2, <generator>https://wordpress.org/?v=5.0</generator>
  34. | - https://ajkerkotha.com/?feed=comments-rss2, <generator>https://wordpress.org/?v=5.0</generator>
  35. |
  36. | [!] 7 vulnerabilities identified:
  37. |
  38. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  39. | Fixed in: 5.0.1
  40. | References:
  41. | - https://wpvulndb.com/vulnerabilities/9169
  42. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  43. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  44. |
  45. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  46. | Fixed in: 5.0.1
  47. | References:
  48. | - https://wpvulndb.com/vulnerabilities/9170
  49. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  50. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  51. |
  52. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  53. | Fixed in: 5.0.1
  54. | References:
  55. | - https://wpvulndb.com/vulnerabilities/9171
  56. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  57. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  58. |
  59. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  60. | Fixed in: 5.0.1
  61. | References:
  62. | - https://wpvulndb.com/vulnerabilities/9172
  63. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  64. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  65. |
  66. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  67. | Fixed in: 5.0.1
  68. | References:
  69. | - https://wpvulndb.com/vulnerabilities/9173
  70. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  71. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  72. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  73. |
  74. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  75. | Fixed in: 5.0.1
  76. | References:
  77. | - https://wpvulndb.com/vulnerabilities/9174
  78. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  79. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  80. |
  81. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  82. | Fixed in: 5.0.1
  83. | References:
  84. | - https://wpvulndb.com/vulnerabilities/9175
  85. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  86. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  87. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  88.  
  89. [+] WordPress theme in use: jnews
  90. | Location: https://ajkerkotha.com/wp-content/themes/jnews/
  91. | Readme: https://ajkerkotha.com/wp-content/themes/jnews/readme.txt
  92. | [!] An error log file has been found: https://ajkerkotha.com/wp-content/themes/jnews/error_log
  93. | Style URL: https://ajkerkotha.com/wp-content/themes/jnews/style.css?ver=1.2.2
  94. | Style Name: JNews
  95. | Style URI: http://themeforest.net
  96. | Description: JNews...
  97. | Author: Jegtheme
  98. | Author URI: http://jegtheme.com/
  99. |
  100. | Detected By: Css Style (Passive Detection)
  101. |
  102. | Version: 1.2.2 (80% confidence)
  103. | Detected By: Style (Passive Detection)
  104. | - https://ajkerkotha.com/wp-content/themes/jnews/style.css?ver=1.2.2, Match: 'Version: 1.2.2'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!