API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 19th, 2019
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.25 KB | None | 0 0
raw download clone embed print report
  1. _______________________________________________________________
  2. __ _______ _____
  3. \ \ / / __ \ / ____|
  4. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
  5. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  6. \ /\ / | | ____) | (__| (_| | | | |
  7. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  8.  
  9. WordPress Security Scanner by the WPScan Team
  10. Version 3.3.1
  11. Sponsored by Sucuri - https://sucuri.net
  12. @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
  13. _______________________________________________________________
  14.  
  15. [+] URL: https://www.rs2.com/
  16. [+] Started: Tue Feb 19 10:02:23 2019
  17.  
  18. Interesting Finding(s):
  19.  
  20. [+] https://www.rs2.com/
  21. | Interesting Entries:
  22. | - Referrer-Policy: strict-origin-when-cross-origin
  23. | - X-Server: 1
  24. | Found By: Headers (Passive Detection)
  25. | Confidence: 100%
  26.  
  27. [+] WordPress version 4.9.9 identified.
  28. | Detected By: Emoji Settings (Passive Detection)
  29. | - https://www.rs2.com/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=4.9.9'
  30. | Confirmed By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
  31. | - https://www.rs2.com/wp-includes/css/dashicons.min.css?ver=4.9.9
  32. | - https://www.rs2.com/wp-includes/js/wp-embed.min.js?ver=4.9.9
  33.  
  34. [+] WordPress theme in use: rs2
  35. | Location: https://www.rs2.com/wp-content/themes/rs2/
  36. | Style URL: https://www.rs2.com/wp-content/themes/rs2/style.css?ver=1.0
  37. | Style Name: RS2
  38. | Style URI: www.rs2.com
  39. | Description: RS2 Customers: all around the world RS2 Customers expand their relationship with RS2 year on year....
  40. | Author: ICON
  41. | Author URI: http://www.icon.com.mt
  42. |
  43. | Detected By: Css Style (Passive Detection)
  44. |
  45. | Version: 0.1 (80% confidence)
  46. | Detected By: Style (Passive Detection)
  47. | - https://www.rs2.com/wp-content/themes/rs2/style.css?ver=1.0, Match: 'Version: 0.1'
  48.  
  49. [+] Enumerating All Plugins
  50. [+] Checking Plugin Versions
  51.  
  52. [i] Plugin(s) Identified:
  53.  
  54. [+] gravityforms
  55. | Location: https://www.rs2.com/wp-content/plugins/gravityforms/
  56. |
  57. | Detected By: Urls In Homepage (Passive Detection)
  58. |
  59. | Version: 2.2.5 (60% confidence)
  60. | Detected By: Query Parameter (Passive Detection)
  61. | - https://www.rs2.com/wp-content/plugins/gravityforms/css/formreset.min.css?ver=2.2.5
  62. | - https://www.rs2.com/wp-content/plugins/gravityforms/css/formsmain.min.css?ver=2.2.5
  63. | - https://www.rs2.com/wp-content/plugins/gravityforms/css/readyclass.min.css?ver=2.2.5
  64. | - https://www.rs2.com/wp-content/plugins/gravityforms/css/browsers.min.css?ver=2.2.5
  65. | - https://www.rs2.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.2.5
  66. | - https://www.rs2.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.2.5
  67.  
  68. [+] megamenu
  69. | Location: https://www.rs2.com/wp-content/plugins/megamenu/
  70. | Last Updated: 2018-12-17T11:42:00.000Z
  71. | [!] The version is out of date, the latest version is 2.5.3.2
  72. |
  73. | Detected By: Urls In Homepage (Passive Detection)
  74. |
  75. | Version: 2.4 (10% confidence)
  76. | Detected By: Query Parameter (Passive Detection)
  77. | - https://www.rs2.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=2.4
  78.  
  79. [+] w3-total-cache
  80. | Location: https://www.rs2.com/wp-content/plugins/w3-total-cache/
  81. | Latest Version: 0.9.7.2
  82. | Last Updated: 2019-01-30T23:42:00.000Z
  83. |
  84. | Detected By: Comment Debug Info (Passive Detection)
  85. |
  86. | [!] 13 vulnerabilities identified:
  87. |
  88. | [!] Title: W3 Total Cache 0.9.2.4 - Username & Hash Extract
  89. | Fixed in: 0.9.2.5
  90. | References:
  91. | - https://wpvulndb.com/vulnerabilities/6621
  92. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6079
  93. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6078
  94. | - http://seclists.org/fulldisclosure/2012/Dec/242
  95. | - https://github.com/FireFart/W3TotalCacheExploit
  96. |
  97. | [!] Title: W3 Total Cache - Remote Code Execution
  98. | Fixed in: 0.9.2.9
  99. | References:
  100. | - https://wpvulndb.com/vulnerabilities/6622
  101. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2010
  102. | - https://secunia.com/advisories/53052/
  103. | - https://www.exploit-db.com/exploits/25137/
  104. | - http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
  105. | - http://wordpress.org/support/topic/pwn3d
  106. | - http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
  107. | - https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_total_cache_exec
  108. |
  109. | [!] Title: W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
  110. | Fixed in: 0.9.4.1
  111. | References:
  112. | - https://wpvulndb.com/vulnerabilities/7621
  113. | - http://seclists.org/fulldisclosure/2014/Sep/29
  114. |
  115. | [!] Title: W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
  116. | Fixed in: 0.9.4.1
  117. | References:
  118. | - https://wpvulndb.com/vulnerabilities/7717
  119. | - http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html
  120. |
  121. | [!] Title: W3 Total Cache <= 0.9.4 - Debug Mode XSS
  122. | Fixed in: 0.9.4.1
  123. | References:
  124. | - https://wpvulndb.com/vulnerabilities/7718
  125. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8724
  126. |
  127. | [!] Title: W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)
  128. | Fixed in: 0.9.5
  129. | References:
  130. | - https://wpvulndb.com/vulnerabilities/8625
  131. | - https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/
  132. | - http://seclists.org/fulldisclosure/2016/Sep/52
  133. | - https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_w3_total_cache_plugin.html
  134. | - http://seclists.org/fulldisclosure/2016/Nov/63
  135. |
  136. | [!] Title: W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass
  137. | Fixed in: 0.9.5
  138. | References:
  139. | - https://wpvulndb.com/vulnerabilities/8626
  140. | - https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  141. |
  142. | [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Upload
  143. | Fixed in: 0.9.5
  144. | References:
  145. | - https://wpvulndb.com/vulnerabilities/8627
  146. | - https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  147. |
  148. | [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download
  149. | Fixed in: 0.9.5
  150. | References:
  151. | - https://wpvulndb.com/vulnerabilities/8628
  152. | - https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  153. |
  154. | [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP Code Execution
  155. | Fixed in: 0.9.5
  156. | References:
  157. | - https://wpvulndb.com/vulnerabilities/8629
  158. | - https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  159. |
  160. | [!] Title: W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Request Forgery (SSRF)
  161. | Fixed in: 0.9.5
  162. | References:
  163. | - https://wpvulndb.com/vulnerabilities/8644
  164. | - https://klikki.fi/adv/w3_total_cache.html
  165. |
  166. | [!] Title: W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SNS Push Messages
  167. | Fixed in: 0.9.5
  168. | References:
  169. | - https://wpvulndb.com/vulnerabilities/8654
  170. | - https://sumofpwn.nl/advisory/2016/weak_validation_of_amazon_sns_push_messages_in_w3_total_cache_wordpress_plugin.html
  171. | - http://seclists.org/fulldisclosure/2016/Nov/61
  172. |
  173. | [!] Title: W3 Total Cache <= 0.9.4.1 - Information Disclosure Race Condition
  174. | Fixed in: 0.9.5
  175. | References:
  176. | - https://wpvulndb.com/vulnerabilities/8655
  177. | - https://sumofpwn.nl/advisory/2016/information_disclosure_race_condition_in_w3_total_cache_wordpress_plugin.html
  178. | - http://seclists.org/fulldisclosure/2016/Nov/62
  179. |
  180. | The version could not be determined.
  181.  
  182. [+] wordpress-seo
  183. | Location: https://www.rs2.com/wp-content/plugins/wordpress-seo/
  184. | Last Updated: 2019-02-12T11:31:00.000Z
  185. | [!] The version is out of date, the latest version is 9.6
  186. |
  187. | Detected By: Comment (Passive Detection)
  188. |
  189. | [!] 1 vulnerability identified:
  190. |
  191. | [!] Title: Yoast SEO <= 9.1 - Authenticated Race Condition
  192. | Fixed in: 9.2
  193. | References:
  194. | - https://wpvulndb.com/vulnerabilities/9150
  195. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19370
  196. | - https://plugins.trac.wordpress.org/changeset/1977260/wordpress-seo
  197. | - https://www.youtube.com/watch?v=nL141dcDGCY
  198. | - http://packetstormsecurity.com/files/150497/
  199. | - https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa
  200. |
  201. | Version: 6.3 (60% confidence)
  202. | Detected By: Comment (Passive Detection)
  203. | - https://www.rs2.com/, Match: 'optimized with the Yoast SEO plugin v6.3 -'
  204.  
  205. [+] Enumerating Config Backups
  206.  
  207. [i] No Config Backups Found.
  208.  
  209. [+] Finished: Tue Feb 19 10:02:25 2019
  210. [+] Requests Done: 5
  211. [+] Memory used: 78.863 MB
  212. [+] Elapsed time: 00:00:02
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!