SHARE
TWEET

Untitled

a guest Jun 8th, 2016 56 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Uniloc
  2. --------
  3.  
  4. ### What
  5. --------
  6.  
  7. #### WordPress
  8.  
  9. Uniloc's primary website is http://uniloc.com. It is run on WordPress version 3.0.1. There are 22 security vulnerabilities:
  10.  
  11. 1. Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
  12.     Reference: https://wpvulndb.com/vulnerabilities/5970
  13.     Reference: http://packetstormsecurity.com/files/123589/
  14.     Reference: http://core.trac.wordpress.org/changeset/25323
  15.     Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
  16.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
  17.     Reference: https://secunia.com/advisories/54803/
  18.     Reference: https://www.exploit-db.com/exploits/28958/
  19.  
  20. 2. Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
  21.     Reference: https://wpvulndb.com/vulnerabilities/5988
  22.     Reference: https://github.com/FireFart/WordpressPingbackPortScanner
  23.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
  24.  
  25. 3. Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
  26.     Reference: https://wpvulndb.com/vulnerabilities/5989
  27.     Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
  28.  
  29. 4. Title: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
  30.     Reference: https://wpvulndb.com/vulnerabilities/5994
  31.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6633
  32.  
  33. 5. Title: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
  34.     Reference: https://wpvulndb.com/vulnerabilities/5995
  35.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6634
  36.  
  37. 6. Title: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
  38.     Reference: https://wpvulndb.com/vulnerabilities/5996
  39.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6635
  40.  
  41. 7. Title: WordPress 2.5 - 3.3.1 XSS in swfupload
  42.     Reference: https://wpvulndb.com/vulnerabilities/5999
  43.     Reference: http://seclists.org/fulldisclosure/2012/Nov/51
  44.  
  45. 8. Title: WordPress <= 3.0.5 wp-admin/press-this.php Privilege Escalation
  46.     Reference: https://wpvulndb.com/vulnerabilities/6004
  47.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5270
  48.  
  49. 9. Title: WordPress 2.0 - 3.0.1 SQL Injection in do_trackbacks()
  50.     Reference: https://wpvulndb.com/vulnerabilities/6005
  51.     Reference: https://www.exploit-db.com/exploits/15684/
  52.  
  53. 10. Title: WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions
  54.     Reference: https://wpvulndb.com/vulnerabilities/6009
  55.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5293
  56.  
  57. 11. Title: WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()
  58.     Reference: https://wpvulndb.com/vulnerabilities/6010
  59.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5294
  60.  
  61. 12. Title: WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php
  62.     Reference: https://wpvulndb.com/vulnerabilities/6011
  63.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5295
  64.  
  65. 13. Title: WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass
  66.     Reference: https://wpvulndb.com/vulnerabilities/6012
  67.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5296
  68.  
  69. 14. Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
  70.     Reference: https://wpvulndb.com/vulnerabilities/7528
  71.     Reference: https://core.trac.wordpress.org/changeset/29384
  72.     Reference: https://core.trac.wordpress.org/changeset/29408
  73.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
  74.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
  75.  
  76. 15. Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
  77.     Reference: https://wpvulndb.com/vulnerabilities/7529
  78.     Reference: https://core.trac.wordpress.org/changeset/29398
  79.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
  80.  
  81. 16. Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
  82.     Reference: https://wpvulndb.com/vulnerabilities/7680
  83.     Reference: http://klikki.fi/adv/wordpress.html
  84.     Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  85.     Reference: http://klikki.fi/adv/wordpress_update.html
  86.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
  87.  
  88. 17. Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
  89.     Reference: https://wpvulndb.com/vulnerabilities/7681
  90.     Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
  91.     Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
  92.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
  93.     Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
  94.     Reference: https://www.exploit-db.com/exploits/35413/
  95.     Reference: https://www.exploit-db.com/exploits/35414/
  96.  
  97. 18. Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
  98.     Reference: https://wpvulndb.com/vulnerabilities/7696
  99.     Reference: http://www.securityfocus.com/bid/71234/
  100.     Reference: https://core.trac.wordpress.org/changeset/30444
  101.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
  102.  
  103. 19. Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  104.     Reference: https://wpvulndb.com/vulnerabilities/8111
  105.     Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
  106.     Reference: https://twitter.com/klikkioy/status/624264122570526720
  107.     Reference: https://klikki.fi/adv/wordpress3.html
  108.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  109.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  110.  
  111. 20. Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  112.     Reference: https://wpvulndb.com/vulnerabilities/8473
  113.     Reference: https://codex.wordpress.org/Version_4.5
  114.     Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  115.  
  116. 21. Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  117.     Reference: https://wpvulndb.com/vulnerabilities/8474
  118.     Reference: https://codex.wordpress.org/Version_4.5
  119.     Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  120.  
  121. 22. Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  122.     Reference: https://wpvulndb.com/vulnerabilities/8475
  123.     Reference: https://codex.wordpress.org/Version_4.5
  124.  
  125. #### Credentials
  126.  
  127. Passwords are hashed.
  128.  
  129. gustavo@gustavolanzas.com/$P$986fJeRphaTYRQPeXzxd43fjdSBCQ11 (admin)
  130.  
  131. bdavis@uniloc.com/$P$9.SrH/8jJ5cMIFxrmL3SGpRSkjlGwp1
  132.  
  133. steve@debrundesign.com/$P$Bfk0ulKEZ8FVptGJq2cd2dzvAW5uUA.
  134.  
  135. knason@hellermanbaretz.com/$P$Bq7JCTjWH5I1iAi1m0BQaKzdTcqQsk.
  136.  
  137. andrew.tang@bluecava.com/$P$BaPg.8HwXAEoM5vsaEjxVckhS0JJJP/
  138.  
  139. chad@overthetop.com/$P$BEaImoQxPp4wguUAle/oabeHsXWG65/
  140.  
  141. dharjanto@unilocusa.com/$P$Bnld7YohLJSiOHD3.dl9uGdfVUEvew.
  142.  
  143. #### Affiliations
  144.  
  145. Gustavo Lanzas & Associates (http://www.gustavolanzas.com/)
  146.  
  147. Debrun Design (http://www.debrundesign.com/)
  148.  
  149. Over The Top (http://overthetop.com/)
  150.  
  151. Blue Cava (http://bluecava.com/)
  152.  
  153. #### Hosts
  154.  
  155. Rackspace, Krypt Technologies, Cox Communications
  156.  
  157. 184.106.65.203 (184.106.64.0 - 184.106.67.255)
  158. 98.129.52.180 (NetRange 98.129.0.0 - 98.129.255.255)
  159. 66.186.36.137 (NetRange 66.186.32.0 - 66.186.63.255)
  160. 70.169.248.195 (70.169.240.0 - 70.169.255.255)
  161. 70.169.248.206 (70.169.240.0 - 70.169.255.255)
  162. 50.57.112.171 (50.57.64.0 - 50.57.127.255)
  163.  
  164. ### Why
  165. -------
  166.  
  167. https://www.youtube.com/watch?v=eatfgXTMFf0
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top