API tools faq
paste
Advertisement
Guest User

Anonymous #OpNicaragua JTSEC Full Recon #10

a guest
Jul 20th, 2018
779
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 66.19 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Hostname digesto.asamblea.gob.ni ISP Amnet Telecomunicaciones S.A.
  3. Continent North America Flag
  4. NI
  5. Country Nicaragua Country Code NI
  6. Region Departamento de Managua Local time 19 Jul 2018 18:54 CST
  7. City Managua Postal Code Unknown
  8. IP Address 208.96.133.58 Latitude 12.151
  9. Longitude -86.268
  10. #######################################################################################################################################
  11. "ip": "208.96.133.58",
  12. "city": "Managua",
  13. "region": "Departamento de Managua",
  14. "country": "NI",
  15. "loc": "12.1508,-86.2683"
  16. #######################################################################################################################################
  17. HostIP:208.96.133.58
  18. HostName:digesto.asamblea.gob.ni
  19.  
  20. Gathered Inet-whois information for 208.96.133.58
  21. ---------------------------------------------------------------------------------------------------------------------------------------
  22.  
  23.  
  24. inetnum: 208.82.76.0 - 208.255.255.255
  25. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  26. descr: IPv4 address block not managed by the RIPE NCC
  27. remarks: ------------------------------------------------------
  28. remarks:
  29. remarks: You can find the whois server to query, or the
  30. remarks: IANA registry to query on this web page:
  31. remarks: http://www.iana.org/assignments/ipv4-address-space
  32. remarks:
  33. remarks: You can access databases of other RIRs at:
  34. remarks:
  35. remarks: AFRINIC (Africa)
  36. remarks: http://www.afrinic.net/ whois.afrinic.net
  37. remarks:
  38. remarks: APNIC (Asia Pacific)
  39. remarks: http://www.apnic.net/ whois.apnic.net
  40. remarks:
  41. remarks: ARIN (Northern America)
  42. remarks: http://www.arin.net/ whois.arin.net
  43. remarks:
  44. remarks: LACNIC (Latin America and the Carribean)
  45. remarks: http://www.lacnic.net/ whois.lacnic.net
  46. remarks:
  47. remarks: IANA IPV4 Recovered Address Space
  48. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
  49. remarks:
  50. remarks: ------------------------------------------------------
  51. country: EU # Country is really world wide
  52. admin-c: IANA1-RIPE
  53. tech-c: IANA1-RIPE
  54. status: ALLOCATED UNSPECIFIED
  55. mnt-by: RIPE-NCC-HM-MNT
  56. mnt-lower: RIPE-NCC-HM-MNT
  57. mnt-routes: RIPE-NCC-RPSL-MNT
  58. created: 2017-01-19T16:05:24Z
  59. last-modified: 2017-01-19T16:05:24Z
  60. source: RIPE
  61.  
  62. role: Internet Assigned Numbers Authority
  63. address: see http://www.iana.org.
  64. admin-c: IANA1-RIPE
  65. tech-c: IANA1-RIPE
  66. nic-hdl: IANA1-RIPE
  67. remarks: For more information on IANA services
  68. remarks: go to IANA web site at http://www.iana.org.
  69. mnt-by: RIPE-NCC-MNT
  70. created: 1970-01-01T00:00:00Z
  71. last-modified: 2001-09-22T09:31:27Z
  72. source: RIPE # Filtered
  73.  
  74. % This query was served by the RIPE Database Query Service version 1.91.2 (WAGYU)
  75.  
  76.  
  77.  
  78. Gathered Inic-whois information for digesto.asamblea.gob.ni
  79. ---------------------------------------------------------------------------------------------------------------------------------------
  80. Error: Unable to connect - Invalid Host
  81. ERROR: Connection to InicWhois Server ni.whois-servers.net failed
  82. close error
  83.  
  84. Gathered Netcraft information for digesto.asamblea.gob.ni
  85. ---------------------------------------------------------------------------------------------------------------------------------------
  86.  
  87. Retrieving Netcraft.com information for digesto.asamblea.gob.ni
  88. Netcraft.com Information gathered
  89.  
  90. Gathered Subdomain information for digesto.asamblea.gob.ni
  91. ---------------------------------------------------------------------------------------------------------------------------------------
  92. Searching Google.com:80...
  93. Searching Altavista.com:80...
  94. Found 0 possible subdomain(s) for host digesto.asamblea.gob.ni, Searched 0 pages containing 0 results
  95.  
  96. Gathered E-Mail information for digesto.asamblea.gob.ni
  97. ---------------------------------------------------------------------------------------------------------------------------------------
  98. Searching Google.com:80...
  99. Searching Altavista.com:80...
  100. Found 0 E-Mail(s) for host digesto.asamblea.gob.ni, Searched 0 pages containing 0 results
  101.  
  102. Gathered TCP Port information for 208.96.133.58
  103. ---------------------------------------------------------------------------------------------------------------------------------------
  104. Port State
  105.  
  106.  
  107. Portscan Finished: Scanned 150 ports, 0 ports were in state closed
  108. #######################################################################################################################################
  109. [i] Scanning Site: http://digesto.asamblea.gob.ni
  110.  
  111.  
  112.  
  113. B A S I C I N F O
  114. =======================================================================================================================================
  115.  
  116.  
  117. [+] Site Title: Digesto Jurídico Nicaragüense | Digesto Jurídico Nicaragüense
  118. [+] IP address: 208.96.133.58
  119. [+] Web Server: Apache
  120. [+] CMS: WordPress
  121. [+] Cloudflare: Not Detected
  122. [+] Robots File: Could NOT Find robots.txt!
  123.  
  124.  
  125.  
  126. G E O I P L O O K U P
  127. =======================================================================================================================================
  128.  
  129. [i] IP Address: 208.96.133.58
  130. [i] Country: NI
  131. [i] State: Managua
  132. [i] City: Managua
  133. [i] Latitude: 12.150800
  134. [i] Longitude: -86.268303
  135.  
  136.  
  137.  
  138.  
  139. H T T P H E A D E R S
  140. =======================================================================================================================================
  141.  
  142.  
  143. [i] HTTP/1.1 200 OK
  144. [i] Date: Fri, 20 Jul 2018 00:57:30 GMT
  145. [i] Server: Apache
  146. [i] X-Powered-By: PHP/5.6.1
  147. [i] Last-Modified: Fri, 20 Jul 2018 00:55:02 GMT
  148. [i] X-Pingback: http://digesto.asamblea.gob.ni/xmlrpc.php
  149. [i] Content-Type: text/html; charset=UTF-8
  150. [i] Vary: Accept-Encoding
  151. [i] Content-Length: 94491
  152. [i] Connection: close
  153.  
  154.  
  155.  
  156.  
  157. D N S L O O K U P
  158. =======================================================================================================================================
  159.  
  160. ;; Truncated, retrying in TCP mode.
  161. digesto.asamblea.gob.ni. 60 IN A 208.96.133.58
  162.  
  163.  
  164.  
  165.  
  166. S U B N E T C A L C U L A T I O N
  167. =======================================================================================================================================
  168.  
  169. Address = 208.96.133.58
  170. Network = 208.96.133.58 / 32
  171. Netmask = 255.255.255.255
  172. Broadcast = not needed on Point-to-Point links
  173. Wildcard Mask = 0.0.0.0
  174. Hosts Bits = 0
  175. Max. Hosts = 1 (2^0 - 0)
  176. Host Range = { 208.96.133.58 - 208.96.133.58 }
  177.  
  178.  
  179.  
  180. N M A P P O R T S C A N
  181. =======================================================================================================================================
  182.  
  183.  
  184. Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 00:57 UTC
  185. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  186. Host is up (0.069s latency).
  187. PORT STATE SERVICE VERSION
  188. 21/tcp filtered ftp
  189. 22/tcp filtered ssh
  190. 23/tcp filtered telnet
  191. 80/tcp open http Apache httpd
  192. 110/tcp open pop3-proxy Astaro firewall pop3 proxy
  193. 143/tcp filtered imap
  194. 443/tcp filtered https
  195. 3389/tcp filtered ms-wbt-server
  196. Service Info: Device: firewall
  197.  
  198. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  199. Nmap done: 1 IP address (1 host up) scanned in 8.49 seconds
  200. #######################################################################################################################################
  201. [?] Enter the target: http://digesto.asamblea.gob.ni/
  202. [!] IP Address : 208.96.133.58
  203. [!] Server: Apache
  204. [!] Powered By: PHP/5.6.1
  205. [+] Clickjacking protection is not in place.
  206. [!] digesto.asamblea.gob.ni doesn't seem to use a CMS
  207. [+] Honeypot Probabilty: 0%
  208. ---------------------------------------------------------------------------------------------------------------------------------------
  209. [~] Trying to gather whois information for digesto.asamblea.gob.ni
  210. [+] Whois information found
  211. [-] Unable to build response, visit https://who.is/whois/digesto.asamblea.gob.ni
  212. ---------------------------------------------------------------------------------------------------------------------------------------
  213. PORT STATE SERVICE VERSION
  214. 21/tcp filtered ftp
  215. 22/tcp filtered ssh
  216. 23/tcp filtered telnet
  217. 80/tcp open http Apache httpd
  218. 110/tcp open pop3-proxy Astaro firewall pop3 proxy
  219. 143/tcp filtered imap
  220. 443/tcp filtered https
  221. 3389/tcp filtered ms-wbt-server
  222. ---------------------------------------------------------------------------------------------------------------------------------------
  223.  
  224. [+] DNS Records
  225.  
  226. [+] Host Records (A)
  227. digesto.asamblea.gob.niHTTP: (208.96.133.58) AS27742 Amnet Telecomunicaciones S.A. Nicaragua
  228.  
  229. [+] TXT Records
  230.  
  231. [+] DNS Map: https://dnsdumpster.com/static/map/digesto.asamblea.gob.ni.png
  232.  
  233. [>] Initiating 3 intel modules
  234. [>] Loading Alpha module (1/3)
  235. [>] Beta module deployed (2/3)
  236. [>] Gamma module initiated (3/3)
  237.  
  238.  
  239. [+] Emails found:
  240. ------------------
  241. pixel-1532048269865343-web-@digesto.asamblea.gob.ni
  242. pixel-1532048275725773-web-@digesto.asamblea.gob.ni
  243.  
  244. [+] Hosts found in search engines:
  245. ---------------------------------------------------------------------------------------------------------------------------------------
  246. [-] Resolving hostnames IPs...
  247. [+] Virtual hosts:
  248. ---------------------------------------------------------------------------------------------------------------------------------------
  249. #######################################################################################################################################
  250. Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 01:05 UTC
  251. Nmap scan report for 208.96.133.58
  252. Host is up (0.068s latency).
  253. PORT STATE SERVICE VERSION
  254. 21/tcp filtered ftp
  255. 22/tcp filtered ssh
  256. 23/tcp filtered telnet
  257. 80/tcp open http Apache httpd
  258. 110/tcp open pop3-proxy Astaro firewall pop3 proxy
  259. 143/tcp filtered imap
  260. 443/tcp filtered https
  261. 3389/tcp filtered ms-wbt-server
  262. Service Info: Device: firewall
  263.  
  264. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  265. Nmap done: 1 IP address (1 host up) scanned in 8.80 seconds
  266.  
  267. #######################################################################################################################################
  268. Start: Fri Jul 20 01:05:46 2018
  269. HOST: whatweb Loss% Snt Last Avg Best Wrst StDev
  270. 1.|-- 45.55.64.254 0.0% 3 0.3 1.2 0.3 2.7 1.2
  271. 2.|-- 138.197.251.28 0.0% 3 0.5 0.5 0.4 0.6 0.0
  272. 3.|-- 138.197.244.38 0.0% 3 1.0 1.0 1.0 1.0 0.0
  273. 4.|-- ce-0-3-0-2.r07.nycmny01.us.bb.gin.ntt.net 0.0% 3 1.2 1.2 1.1 1.2 0.0
  274. 5.|-- ae-3.r08.nycmny01.us.bb.gin.ntt.net 0.0% 3 1.4 1.4 1.3 1.5 0.0
  275. 6.|-- xe-11-3-0.BR3.NYC4.ALTER.NET 0.0% 3 1.2 1.3 1.2 1.4 0.0
  276. 7.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  277. 8.|-- tigo.com-gw.customer.alter.net 0.0% 3 28.7 28.8 28.7 28.8 0.0
  278. 9.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  279. 10.|-- ip-105-126.amnet.com.ni 0.0% 3 72.9 72.7 72.3 72.9 0.0
  280. 11.|-- clp.theargusgroup.us 0.0% 3 74.1 74.1 74.1 74.2 0.0
  281. 12.|-- 200.30.177.54 0.0% 3 72.5 72.5 72.4 72.5 0.0
  282. 13.|-- 208.96.133.58 0.0% 3 74.0 74.0 74.0 74.0 0.0
  283.  
  284. #######################################################################################################################################
  285. dnsenum VERSION:1.2.4
  286.  
  287. ----- digesto.asamblea.gob.ni -----
  288.  
  289.  
  290. Host's addresses:
  291. __________________
  292.  
  293. digesto.asamblea.gob.ni. 60 IN A 208.96.133.58
  294.  
  295.  
  296. Name Servers:
  297. ______________
  298. #######################################################################################################################################
  299. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:55 EDT
  300. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  301. Host is up (0.67s latency).
  302. Not shown: 431 closed ports, 43 filtered ports
  303. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  304. PORT STATE SERVICE
  305. 80/tcp open http
  306. 554/tcp open rtsp
  307. #######################################################################################################################################
  308. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:55 EDT
  309. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  310. Host is up.
  311.  
  312. PORT STATE SERVICE
  313. 53/udp open|filtered domain
  314. 67/udp open|filtered dhcps
  315. 68/udp open|filtered dhcpc
  316. 69/udp open|filtered tftp
  317. 88/udp open|filtered kerberos-sec
  318. 123/udp open|filtered ntp
  319. 137/udp open|filtered netbios-ns
  320. 138/udp open|filtered netbios-dgm
  321. 139/udp open|filtered netbios-ssn
  322. 161/udp open|filtered snmp
  323. 162/udp open|filtered snmptrap
  324. 389/udp open|filtered ldap
  325. 520/udp open|filtered route
  326. 2049/udp open|filtered nfs
  327. #######################################################################################################################################
  328. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:55 EDT
  329. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  330. Host is up (0.24s latency).
  331.  
  332. PORT STATE SERVICE VERSION
  333. 67/udp open|filtered dhcps
  334. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  335. Too many fingerprints match this host to give specific OS details
  336.  
  337. TRACEROUTE (using proto 1/icmp)
  338. HOP RTT ADDRESS
  339. 1 ... 30
  340.  
  341. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  342. Nmap done: 1 IP address (1 host up) scanned in 116.05 seconds
  343. + -- --=[Port 68 opened... running tests...
  344. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:57 EDT
  345. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  346. Host is up (0.24s latency).
  347.  
  348. PORT STATE SERVICE VERSION
  349. 68/udp open|filtered dhcpc
  350. Too many fingerprints match this host to give specific OS details
  351.  
  352. TRACEROUTE (using proto 1/icmp)
  353. HOP RTT ADDRESS
  354. 1 ... 30
  355.  
  356. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  357. Nmap done: 1 IP address (1 host up) scanned in 116.41 seconds
  358. + -- --=[Port 69 opened... running tests...
  359. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:59 EDT
  360. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  361. Host is up (0.23s latency).
  362.  
  363. PORT STATE SERVICE VERSION
  364. 69/udp open|filtered tftp
  365. Too many fingerprints match this host to give specific OS details
  366.  
  367. TRACEROUTE (using proto 1/icmp)
  368. HOP RTT ADDRESS
  369. 1 ... 30
  370. #######################################################################################################################################
  371. ERROR:root:Site http://digesto.asamblea.gob.ni appears to be down
  372.  
  373. ^ ^
  374. _ __ _ ____ _ __ _ _ ____
  375. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  376. | V V // o // _/ | V V // 0 // 0 // _/
  377. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  378. <
  379. ...'
  380.  
  381. WAFW00F - Web Application Firewall Detection Tool
  382.  
  383. By Sandro Gauci && Wendel G. Henrique
  384.  
  385. Checking http://digesto.asamblea.gob.ni
  386. #######################################################################################################################################
  387. https://digesto.asamblea.gob.ni ERROR: Timed out execution expired
  388. https://digesto.asamblea.gob.ni [ Unassigned]
  389. #######################################################################################################################################
  390. wig - WebApp Information Gatherer
  391.  
  392.  
  393. Scanning http://digesto.asamblea.gob.ni...
  394. ________________________________________ SITE INFO ________________________________________
  395. IP Title
  396. 208.96.133.58 Digesto Jurídico Nicaragüense | Digesto Jurídico Nicaragüense
  397.  
  398. _________________________________________ VERSION _________________________________________
  399. Name Versions Type
  400. WordPress 4.2.2 CMS
  401. Apache Platform
  402. PHP 5.6.1 Platform
  403. openSUSE 13.2 OS
  404.  
  405. _______________________________________ INTERESTING _______________________________________
  406. URL Note Type
  407. /readme.html Wordpress readme Interesting
  408. /readme.html Readme file Interesting
  409.  
  410. __________________________________________ TOOLS __________________________________________
  411. Name Link Software
  412. wpscan https://github.com/wpscanteam/wpscan WordPress
  413. CMSmap https://github.com/Dionach/CMSmap WordPress
  414.  
  415. _____________________________________ VULNERABILITIES _____________________________________
  416. Affected #Vulns Link
  417. WordPress 4.2.2 2 http://cvedetails.com/version/185073
  418.  
  419. ___________________________________________________________________________________________
  420. Time: 362.5 sec Urls: 465 Fingerprints: 40401
  421. #######################################################################################################################################
  422. HTTP/1.1 200 OK
  423. Date: Fri, 20 Jul 2018 04:08:08 GMT
  424. Server: Apache
  425. X-Powered-By: PHP/5.6.1
  426. Last-Modified: Fri, 20 Jul 2018 04:03:52 GMT
  427. X-Pingback: http://digesto.asamblea.gob.ni/xmlrpc.php
  428. Content-Type: text/html; charset=UTF-8
  429. #######################################################################################################################################
  430.  
  431. + -- --=[Port 110 closed... skipping.
  432. + -- --=[Port 111 closed... skipping.
  433. + -- --=[Port 123 opened... running tests...
  434. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 00:08 EDT
  435. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  436. Host is up (0.23s latency).
  437.  
  438. PORT STATE SERVICE VERSION
  439. 123/udp open|filtered ntp
  440. Too many fingerprints match this host to give specific OS details
  441.  
  442. TRACEROUTE (using proto 1/icmp)
  443. HOP RTT ADDRESS
  444. 1 ... 30
  445. #######################################################################################################################################
  446.  
  447. I, [2018-07-20T00:10:56.051435 #27605] INFO -- : Initiating port scan
  448. Traceback (most recent call last):
  449. 3: from yasuo.rb:700:in `<main>'
  450. 2: from yasuo.rb:132:in `run'
  451. 1: from yasuo.rb:232:in `process_nmap_scan'
  452. yasuo.rb:232:in `each_slice': invalid slice size (ArgumentError)
  453. I, [2018-07-20T00:10:59.589886 #27605] INFO -- : Using nmap scan output file logs/nmap_output_2018-07-20_00-10-56.xml
  454. #######################################################################################################################################
  455. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 00:10 EDT
  456. NSE: Loaded 43 scripts for scanning.
  457. Initiating Parallel DNS resolution of 1 host. at 00:11
  458. Completed Parallel DNS resolution of 1 host. at 00:11, 0.02s elapsed
  459. Initiating SYN Stealth Scan at 00:11
  460. Scanning digesto.asamblea.gob.ni (208.96.133.58) [65535 ports]
  461. Discovered open port 21/tcp on 208.96.133.58
  462. Discovered open port 587/tcp on 208.96.133.58
  463. Discovered open port 554/tcp on 208.96.133.58
  464. Increasing send delay for 208.96.133.58 from 0 to 5 due to 39 out of 97 dropped probes since last increase.
  465. Increasing send delay for 208.96.133.58 from 5 to 10 due to 122 out of 304 dropped probes since last increase.
  466. Warning: 208.96.133.58 giving up on port because retransmission cap hit (6).
  467. SYN Stealth Scan Timing: About 0.42% done
  468. SYN Stealth Scan Timing: About 0.75% done
  469. SYN Stealth Scan Timing: About 1.05% done; ETC: 02:35 (2:23:03 remaining)
  470. SYN Stealth Scan Timing: About 1.61% done; ETC: 02:44 (2:30:32 remaining)
  471. SYN Stealth Scan Timing: About 6.98% done; ETC: 02:44 (2:22:49 remaining)
  472. SYN Stealth Scan Timing: About 12.89% done; ETC: 02:45 (2:14:59 remaining)
  473. SYN Stealth Scan Timing: About 18.13% done; ETC: 02:46 (2:07:09 remaining)
  474. SYN Stealth Scan Timing: About 23.01% done; ETC: 02:46 (1:59:22 remaining)
  475. SYN Stealth Scan Timing: About 27.64% done; ETC: 02:45 (1:51:33 remaining)
  476. SYN Stealth Scan Timing: About 32.73% done; ETC: 02:45 (1:43:48 remaining)
  477. SYN Stealth Scan Timing: About 37.53% done; ETC: 02:44 (1:36:04 remaining)
  478. adjust_timeouts2: packet supposedly had rtt of 8000241 microseconds. Ignoring time.
  479. adjust_timeouts2: packet supposedly had rtt of 8000241 microseconds. Ignoring time.
  480. adjust_timeouts2: packet supposedly had rtt of 8196321 microseconds. Ignoring time.
  481. adjust_timeouts2: packet supposedly had rtt of 8196321 microseconds. Ignoring time.
  482. adjust_timeouts2: packet supposedly had rtt of 8190655 microseconds. Ignoring time.
  483. adjust_timeouts2: packet supposedly had rtt of 8190655 microseconds. Ignoring time.
  484. adjust_timeouts2: packet supposedly had rtt of 8182872 microseconds. Ignoring time.
  485. adjust_timeouts2: packet supposedly had rtt of 8182872 microseconds. Ignoring time.
  486. adjust_timeouts2: packet supposedly had rtt of 8176883 microseconds. Ignoring time.
  487. adjust_timeouts2: packet supposedly had rtt of 8176883 microseconds. Ignoring time.
  488. adjust_timeouts2: packet supposedly had rtt of 8175784 microseconds. Ignoring time.
  489. adjust_timeouts2: packet supposedly had rtt of 8175784 microseconds. Ignoring time.
  490. adjust_timeouts2: packet supposedly had rtt of 8109956 microseconds. Ignoring time.
  491. adjust_timeouts2: packet supposedly had rtt of 8109956 microseconds. Ignoring time.
  492. adjust_timeouts2: packet supposedly had rtt of 8301777 microseconds. Ignoring time.
  493. adjust_timeouts2: packet supposedly had rtt of 8301777 microseconds. Ignoring time.
  494. adjust_timeouts2: packet supposedly had rtt of 8280952 microseconds. Ignoring time.
  495. adjust_timeouts2: packet supposedly had rtt of 8280952 microseconds. Ignoring time.
  496. adjust_timeouts2: packet supposedly had rtt of 8256686 microseconds. Ignoring time.
  497. adjust_timeouts2: packet supposedly had rtt of 8256686 microseconds. Ignoring time.
  498. adjust_timeouts2: packet supposedly had rtt of 8250799 microseconds. Ignoring time.
  499. adjust_timeouts2: packet supposedly had rtt of 8250799 microseconds. Ignoring time.
  500. adjust_timeouts2: packet supposedly had rtt of 8234964 microseconds. Ignoring time.
  501. adjust_timeouts2: packet supposedly had rtt of 8234964 microseconds. Ignoring time.
  502. SYN Stealth Scan Timing: About 42.72% done; ETC: 02:45 (1:28:23 remaining)
  503. SYN Stealth Scan Timing: About 47.59% done; ETC: 02:44 (1:20:37 remaining)
  504. SYN Stealth Scan Timing: About 52.51% done; ETC: 02:44 (1:12:53 remaining)
  505. SYN Stealth Scan Timing: About 57.46% done; ETC: 02:44 (1:05:11 remaining)
  506. SYN Stealth Scan Timing: About 62.57% done; ETC: 02:44 (0:57:30 remaining)
  507. SYN Stealth Scan Timing: About 67.63% done; ETC: 02:44 (0:49:48 remaining)
  508. SYN Stealth Scan Timing: About 72.83% done; ETC: 02:45 (0:42:03 remaining)
  509. SYN Stealth Scan Timing: About 77.88% done; ETC: 02:46 (0:34:17 remaining)
  510. SYN Stealth Scan Timing: About 82.96% done; ETC: 02:46 (0:26:29 remaining)
  511. SYN Stealth Scan Timing: About 88.01% done; ETC: 02:46 (0:18:40 remaining)
  512. SYN Stealth Scan Timing: About 93.01% done; ETC: 02:46 (0:10:52 remaining)
  513. SYN Stealth Scan Timing: About 98.03% done; ETC: 02:46 (0:03:03 remaining)
  514. Discovered open port 7070/tcp on 208.96.133.58
  515. adjust_timeouts2: packet supposedly had rtt of 8303162 microseconds. Ignoring time.
  516. adjust_timeouts2: packet supposedly had rtt of 8303162 microseconds. Ignoring time.
  517. adjust_timeouts2: packet supposedly had rtt of 8308607 microseconds. Ignoring time.
  518. adjust_timeouts2: packet supposedly had rtt of 8308607 microseconds. Ignoring time.
  519. Completed SYN Stealth Scan at 05:01, 17416.56s elapsed (65535 total ports)
  520. Initiating Service scan at 05:01
  521. Scanning 4 services on digesto.asamblea.gob.ni (208.96.133.58)
  522. Service scan Timing: About 50.00% done; ETC: 05:06 (0:02:38 remaining)
  523. Completed Service scan at 05:03, 157.65s elapsed (4 services on 1 host)
  524. Initiating OS detection (try #1) against digesto.asamblea.gob.ni (208.96.133.58)
  525. RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
  526. RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
  527. RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
  528. RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
  529. RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
  530. Retrying OS detection (try #2) against digesto.asamblea.gob.ni (208.96.133.58)
  531. NSE: Script scanning 208.96.133.58.
  532. Initiating NSE at 05:04
  533. Completed NSE at 05:04, 0.98s elapsed
  534. Initiating NSE at 05:04
  535. Completed NSE at 05:04, 3.09s elapsed
  536. Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
  537. Host is up (1.3s latency).
  538. Not shown: 65524 closed ports
  539. PORT STATE SERVICE VERSION
  540. 21/tcp open ftp?
  541. 25/tcp filtered smtp
  542. 135/tcp filtered msrpc
  543. 136/tcp filtered profile
  544. 137/tcp filtered netbios-ns
  545. 138/tcp filtered netbios-dgm
  546. 139/tcp filtered netbios-ssn
  547. 445/tcp filtered microsoft-ds
  548. 554/tcp open rtsp?
  549. 587/tcp open tcpwrapped
  550. 7070/tcp open realserver?
  551. Device type: printer|router
  552. Running (JUST GUESSING): Ricoh embedded (88%), Linksys embedded (87%)
  553. OS CPE: cpe:/h:ricoh:aficio_sp_c240sf
  554. Aggressive OS guesses: Ricoh Aficio SP C240SF printer (88%), Linksys BEFSR41 EtherFast router (87%)
  555. No exact OS matches for host (test conditions non-ideal).
  556. Uptime guess: 0.000 days (since Fri Jul 20 05:04:01 2018)
  557. TCP Sequence Prediction: Difficulty=208 (Good luck!)
  558. IP ID Sequence Generation: Busy server or unknown class
  559.  
  560. Read data files from: /usr/bin/../share/nmap
  561. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  562. Nmap done: 1 IP address (1 host up) scanned in 17592.22 seconds
  563. Raw packets sent: 458121 (20.162MB) | Rcvd: 457161 (18.287MB)
  564. #######################################################################################################################################
  565. [*] Processing domain digesto.asamblea.gob.ni
  566. [+] Getting nameservers
  567. [-] Getting nameservers failed
  568. [-] Zone transfer failed
  569.  
  570. [*] Scanning digesto.asamblea.gob.ni for A records
  571. 208.96.133.58 - digesto.asamblea.gob.ni
  572. #######################################################################################################################################
  573. [*] Performing General Enumeration of Domain: digesto.asamblea.gob.ni
  574. [-] DNSSEC is not configured for digesto.asamblea.gob.ni
  575. [*] SOA ns.asamblea.gob.ni 186.1.3.163
  576. [-] Could not Resolve NS Records for digesto.asamblea.gob.ni
  577. [-] Could not Resolve MX Records for digesto.asamblea.gob.ni
  578. [*] A digesto.asamblea.gob.ni 208.96.133.58
  579. [*] Enumerating SRV Records
  580. [-] No SRV Records Found for digesto.asamblea.gob.ni
  581. [+] 0 Records Found
  582. #######################################################################################################################################
  583. [i] It seems like you have not updated the database for some time
  584. [?] Do you want to update now? [Y]es [N]o [A]bort update, default: [N] > Y
  585. [i] Updating the Database ...
  586. [i] Update completed
  587. [+] URL: http://digesto.asamblea.gob.ni/
  588. [+] Started: Thu Jul 19 21:26:33 2018
  589.  
  590. [+] Interesting header: SERVER: Apache
  591. [+] Interesting header: X-POWERED-BY: PHP/5.6.1
  592. [+] XML-RPC Interface available under: http://digesto.asamblea.gob.ni/xmlrpc.php [HTTP 405]
  593. [+] Found an RSS Feed: http://digesto.asamblea.gob.ni/?feed=rss2 [HTTP 200]
  594. [!] Detected 1 user from RSS feed:
  595. +-----------------+
  596. | Name |
  597. +-----------------+
  598. | Elizabeth Perez |
  599. +-----------------+
  600.  
  601. [+] Enumerating WordPress version ...
  602. [!] The WordPress 'http://digesto.asamblea.gob.ni/readme.html' file exists exposing a version number
  603.  
  604. [+] WordPress version 4.2.2 (Released on 2015-05-07) identified from advanced fingerprinting, meta generator, readme, links opml
  605. [!] 54 vulnerabilities identified from the version number
  606.  
  607. [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
  608. Reference: https://wpvulndb.com/vulnerabilities/8111
  609. Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
  610. Reference: https://twitter.com/klikkioy/status/624264122570526720
  611. Reference: https://klikki.fi/adv/wordpress3.html
  612. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
  613. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
  614. [i] Fixed in: 4.2.3
  615.  
  616. [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
  617. Reference: https://wpvulndb.com/vulnerabilities/8126
  618. Reference: https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
  619. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
  620. [i] Fixed in: 4.2.4
  621.  
  622. [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
  623. Reference: https://wpvulndb.com/vulnerabilities/8130
  624. Reference: https://core.trac.wordpress.org/changeset/33536
  625. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
  626. [i] Fixed in: 4.2.4
  627.  
  628. [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
  629. Reference: https://wpvulndb.com/vulnerabilities/8131
  630. Reference: https://core.trac.wordpress.org/changeset/33529
  631. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
  632. [i] Fixed in: 4.2.4
  633.  
  634. [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
  635. Reference: https://wpvulndb.com/vulnerabilities/8132
  636. Reference: https://core.trac.wordpress.org/changeset/33541
  637. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
  638. [i] Fixed in: 4.2.4
  639.  
  640. [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
  641. Reference: https://wpvulndb.com/vulnerabilities/8133
  642. Reference: https://core.trac.wordpress.org/changeset/33549
  643. Reference: https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
  644. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
  645. [i] Fixed in: 4.2.4
  646.  
  647. [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
  648. Reference: https://wpvulndb.com/vulnerabilities/8186
  649. Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
  650. Reference: http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  651. Reference: http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  652. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
  653. [i] Fixed in: 4.2.5
  654.  
  655. [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
  656. Reference: https://wpvulndb.com/vulnerabilities/8187
  657. Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
  658. Reference: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
  659. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
  660. [i] Fixed in: 4.2.5
  661.  
  662. [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
  663. Reference: https://wpvulndb.com/vulnerabilities/8188
  664. Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
  665. Reference: http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
  666. Reference: http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
  667. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
  668. [i] Fixed in: 4.2.5
  669.  
  670. [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
  671. Reference: https://wpvulndb.com/vulnerabilities/8358
  672. Reference: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
  673. Reference: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
  674. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
  675. [i] Fixed in: 4.2.6
  676.  
  677. [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
  678. Reference: https://wpvulndb.com/vulnerabilities/8376
  679. Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  680. Reference: https://core.trac.wordpress.org/changeset/36435
  681. Reference: https://hackerone.com/reports/110801
  682. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
  683. [i] Fixed in: 4.2.7
  684.  
  685. [!] Title: WordPress 3.7-4.4.1 - Open Redirect
  686. Reference: https://wpvulndb.com/vulnerabilities/8377
  687. Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
  688. Reference: https://core.trac.wordpress.org/changeset/36444
  689. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
  690. [i] Fixed in: 4.2.7
  691.  
  692. [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
  693. Reference: https://wpvulndb.com/vulnerabilities/8473
  694. Reference: https://codex.wordpress.org/Version_4.5
  695. Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
  696. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
  697. [i] Fixed in: 4.5
  698.  
  699. [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
  700. Reference: https://wpvulndb.com/vulnerabilities/8474
  701. Reference: https://codex.wordpress.org/Version_4.5
  702. Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
  703. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
  704. [i] Fixed in: 4.5
  705.  
  706. [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
  707. Reference: https://wpvulndb.com/vulnerabilities/8475
  708. Reference: https://codex.wordpress.org/Version_4.5
  709. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
  710. [i] Fixed in: 4.5
  711.  
  712. [!] Title: WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
  713. Reference: https://wpvulndb.com/vulnerabilities/8488
  714. Reference: https://wordpress.org/news/2016/05/wordpress-4-5-2/
  715. Reference: https://github.com/WordPress/WordPress/commit/a493dc0ab5819c8b831173185f1334b7c3e02e36
  716. Reference: https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
  717. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4567
  718. [i] Fixed in: 4.5.2
  719.  
  720. [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
  721. Reference: https://wpvulndb.com/vulnerabilities/8489
  722. Reference: https://wordpress.org/news/2016/05/wordpress-4-5-2/
  723. Reference: https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
  724. Reference: https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
  725. Reference: http://avlidienbrunn.com/wp_some_loader.php
  726. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
  727. [i] Fixed in: 4.2.8
  728.  
  729. [!] Title: WordPress 4.2-4.5.2 - Authenticated Attachment Name Stored XSS
  730. Reference: https://wpvulndb.com/vulnerabilities/8518
  731. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  732. Reference: https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648
  733. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5833
  734. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834
  735. [i] Fixed in: 4.2.9
  736.  
  737. [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
  738. Reference: https://wpvulndb.com/vulnerabilities/8519
  739. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  740. Reference: https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
  741. Reference: https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
  742. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
  743. [i] Fixed in: 4.2.9
  744.  
  745. [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
  746. Reference: https://wpvulndb.com/vulnerabilities/8520
  747. Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
  748. Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
  749. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
  750. [i] Fixed in: 4.2.9
  751.  
  752. [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
  753. Reference: https://wpvulndb.com/vulnerabilities/8615
  754. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  755. Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
  756. Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
  757. Reference: http://seclists.org/fulldisclosure/2016/Sep/6
  758. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
  759. [i] Fixed in: 4.2.10
  760.  
  761. [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
  762. Reference: https://wpvulndb.com/vulnerabilities/8616
  763. Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
  764. Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
  765. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
  766. [i] Fixed in: 4.2.10
  767.  
  768. [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
  769. Reference: https://wpvulndb.com/vulnerabilities/8716
  770. Reference: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
  771. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  772. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
  773. [i] Fixed in: 4.2.11
  774.  
  775. [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
  776. Reference: https://wpvulndb.com/vulnerabilities/8718
  777. Reference: https://www.mehmetince.net/low-severity-wordpress/
  778. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  779. Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
  780. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
  781. [i] Fixed in: 4.2.11
  782.  
  783. [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
  784. Reference: https://wpvulndb.com/vulnerabilities/8719
  785. Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
  786. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  787. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
  788. [i] Fixed in: 4.2.11
  789.  
  790. [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
  791. Reference: https://wpvulndb.com/vulnerabilities/8720
  792. Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
  793. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  794. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
  795. [i] Fixed in: 4.2.11
  796.  
  797. [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  798. Reference: https://wpvulndb.com/vulnerabilities/8721
  799. Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
  800. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
  801. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
  802. [i] Fixed in: 4.2.11
  803.  
  804. [!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
  805. Reference: https://wpvulndb.com/vulnerabilities/8729
  806. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  807. Reference: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
  808. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610
  809. [i] Fixed in: 4.2.12
  810.  
  811. [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
  812. Reference: https://wpvulndb.com/vulnerabilities/8730
  813. Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
  814. Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
  815. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
  816. [i] Fixed in: 4.2.12
  817.  
  818. [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
  819. Reference: https://wpvulndb.com/vulnerabilities/8765
  820. Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  821. Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
  822. Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
  823. Reference: http://seclists.org/oss-sec/2017/q1/563
  824. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
  825. [i] Fixed in: 4.2.13
  826.  
  827. [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
  828. Reference: https://wpvulndb.com/vulnerabilities/8766
  829. Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  830. Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
  831. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
  832. [i] Fixed in: 4.2.13
  833.  
  834. [!] Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
  835. Reference: https://wpvulndb.com/vulnerabilities/8768
  836. Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  837. Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
  838. Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
  839. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
  840. [i] Fixed in: 4.2.13
  841.  
  842. [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
  843. Reference: https://wpvulndb.com/vulnerabilities/8770
  844. Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
  845. Reference: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
  846. Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
  847. Reference: http://seclists.org/oss-sec/2017/q1/562
  848. Reference: https://hackerone.com/reports/153093
  849. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
  850. [i] Fixed in: 4.2.13
  851.  
  852. [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  853. Reference: https://wpvulndb.com/vulnerabilities/8807
  854. Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  855. Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  856. Reference: https://core.trac.wordpress.org/ticket/25239
  857. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  858.  
  859. [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
  860. Reference: https://wpvulndb.com/vulnerabilities/8815
  861. Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
  862. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  863. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
  864. [i] Fixed in: 4.2.15
  865.  
  866. [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
  867. Reference: https://wpvulndb.com/vulnerabilities/8816
  868. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  869. Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
  870. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
  871. [i] Fixed in: 4.2.15
  872.  
  873. [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
  874. Reference: https://wpvulndb.com/vulnerabilities/8817
  875. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  876. Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
  877. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
  878. [i] Fixed in: 4.2.15
  879.  
  880. [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
  881. Reference: https://wpvulndb.com/vulnerabilities/8818
  882. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  883. Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
  884. Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
  885. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
  886. [i] Fixed in: 4.2.15
  887.  
  888. [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
  889. Reference: https://wpvulndb.com/vulnerabilities/8819
  890. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  891. Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
  892. Reference: https://hackerone.com/reports/203515
  893. Reference: https://hackerone.com/reports/203515
  894. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
  895. [i] Fixed in: 4.2.15
  896.  
  897. [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
  898. Reference: https://wpvulndb.com/vulnerabilities/8820
  899. Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
  900. Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
  901. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
  902. [i] Fixed in: 4.2.15
  903.  
  904. [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  905. Reference: https://wpvulndb.com/vulnerabilities/8905
  906. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  907. Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  908. Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  909. [i] Fixed in: 4.2.16
  910.  
  911. [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
  912. Reference: https://wpvulndb.com/vulnerabilities/8906
  913. Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
  914. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  915. Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  916. Reference: https://wpvulndb.com/vulnerabilities/8905
  917. [i] Fixed in: 4.7.5
  918.  
  919. [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  920. Reference: https://wpvulndb.com/vulnerabilities/8910
  921. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  922. Reference: https://core.trac.wordpress.org/changeset/41398
  923. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  924. [i] Fixed in: 4.2.16
  925.  
  926. [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  927. Reference: https://wpvulndb.com/vulnerabilities/8911
  928. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  929. Reference: https://core.trac.wordpress.org/changeset/41457
  930. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  931. [i] Fixed in: 4.2.16
  932.  
  933. [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  934. Reference: https://wpvulndb.com/vulnerabilities/8941
  935. Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  936. Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  937. Reference: https://twitter.com/ircmaxell/status/923662170092638208
  938. Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  939. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  940. [i] Fixed in: 4.2.17
  941.  
  942. [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  943. Reference: https://wpvulndb.com/vulnerabilities/8966
  944. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  945. Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  946. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  947. [i] Fixed in: 4.2.18
  948.  
  949. [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  950. Reference: https://wpvulndb.com/vulnerabilities/8967
  951. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  952. Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  953. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  954. [i] Fixed in: 4.2.18
  955.  
  956. [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  957. Reference: https://wpvulndb.com/vulnerabilities/8969
  958. Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  959. Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  960. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  961. [i] Fixed in: 4.2.18
  962.  
  963. [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  964. Reference: https://wpvulndb.com/vulnerabilities/9006
  965. Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  966. Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  967. Reference: https://core.trac.wordpress.org/ticket/42720
  968. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  969. [i] Fixed in: 4.2.19
  970.  
  971. [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  972. Reference: https://wpvulndb.com/vulnerabilities/9021
  973. Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  974. Reference: https://github.com/quitten/doser.py
  975. Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  976. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  977.  
  978. [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  979. Reference: https://wpvulndb.com/vulnerabilities/9053
  980. Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  981. Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  982. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  983. [i] Fixed in: 4.2.20
  984.  
  985. [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  986. Reference: https://wpvulndb.com/vulnerabilities/9054
  987. Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  988. Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  989. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  990. [i] Fixed in: 4.2.20
  991.  
  992. [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  993. Reference: https://wpvulndb.com/vulnerabilities/9055
  994. Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  995. Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  996. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  997. [i] Fixed in: 4.2.20
  998.  
  999. [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  1000. Reference: https://wpvulndb.com/vulnerabilities/9100
  1001. Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  1002. Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  1003. Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  1004. Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  1005. Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  1006. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  1007. [i] Fixed in: 4.2.21
  1008.  
  1009. [+] WordPress theme in use: divi-child - v2.2
  1010.  
  1011. [+] Name: divi-child - v2.2
  1012. | Location: http://digesto.asamblea.gob.ni/wp-content/themes/divi-child/
  1013. | Style URL: http://digesto.asamblea.gob.ni/wp-content/themes/divi-child/style.css
  1014. | Theme Name: Divi Child Theme
  1015. | Description: Divi Child Theme
  1016. | Author: XOLO S.A.
  1017. | Author URI: http://www.xolosa.com
  1018.  
  1019. [+] Detected parent theme: Divi - v2.2
  1020.  
  1021. [+] Name: Divi - v2.2
  1022. | Location: http://digesto.asamblea.gob.ni/wp-content/themes/Divi/
  1023. | Changelog: http://digesto.asamblea.gob.ni/wp-content/themes/Divi/changelog.txt
  1024. | Style URL: http://digesto.asamblea.gob.ni/wp-content/themes/Divi/style.css
  1025. | Theme Name: Divi
  1026. | Theme URI: http://www.elegantthemes.com/gallery/divi/
  1027. | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection.
  1028. | Author: Elegant Themes
  1029. | Author URI: http://www.elegantthemes.com
  1030.  
  1031. [!] Title: ElegantThemes - Privilege Escalation
  1032. Reference: https://wpvulndb.com/vulnerabilities/8394
  1033. Reference: http://www.pritect.net/blog/elegant-themes-security-vulnerability
  1034. Reference: http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
  1035. [i] Fixed in: 2.6.4
  1036.  
  1037. [+] Enumerating plugins from passive detection ...
  1038. | 3 plugins found:
  1039.  
  1040. [+] Name: contact-form-7 - v4.1.2
  1041. | Last updated: 2018-07-12T12:37:00.000Z
  1042. | Location: http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/
  1043. | Readme: http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/readme.txt
  1044. [!] The version is out of date, the latest version is 5.0.3
  1045.  
  1046. [+] Name: wp-recaptcha-integration - v1.1.5
  1047. | Last updated: 2017-10-19T18:38:00.000Z
  1048. | Location: http://digesto.asamblea.gob.ni/wp-content/plugins/wp-recaptcha-integration/
  1049. | Readme: http://digesto.asamblea.gob.ni/wp-content/plugins/wp-recaptcha-integration/readme.txt
  1050. [!] The version is out of date, the latest version is 1.2.1
  1051.  
  1052. [+] Name: w3-total-cache
  1053. | Latest version: 0.9.7
  1054. | Last updated: 2018-04-25T21:31:00.000Z
  1055. | Location: http://digesto.asamblea.gob.ni/wp-content/plugins/w3-total-cache/
  1056. | Changelog: http://digesto.asamblea.gob.ni/wp-content/plugins/w3-total-cache/changelog.txt
  1057.  
  1058. [!] We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.
  1059.  
  1060. [!] Title: W3 Total Cache 0.9.2.4 - Username & Hash Extract
  1061. Reference: https://wpvulndb.com/vulnerabilities/6621
  1062. Reference: http://seclists.org/fulldisclosure/2012/Dec/242
  1063. Reference: https://github.com/FireFart/W3TotalCacheExploit
  1064. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6079
  1065. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6078
  1066. [i] Fixed in: 0.9.2.5
  1067.  
  1068. [!] Title: W3 Total Cache - Remote Code Execution
  1069. Reference: https://wpvulndb.com/vulnerabilities/6622
  1070. Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
  1071. Reference: http://wordpress.org/support/topic/pwn3d
  1072. Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
  1073. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2010
  1074. Reference: https://secunia.com/advisories/53052/
  1075. Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_total_cache_exec
  1076. Reference: https://www.exploit-db.com/exploits/25137/
  1077. [i] Fixed in: 0.9.2.9
  1078.  
  1079. [!] Title: W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
  1080. Reference: https://wpvulndb.com/vulnerabilities/7621
  1081. Reference: http://seclists.org/fulldisclosure/2014/Sep/29
  1082. [i] Fixed in: 0.9.4.1
  1083.  
  1084. [!] Title: W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
  1085. Reference: https://wpvulndb.com/vulnerabilities/7717
  1086. Reference: http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html
  1087. [i] Fixed in: 0.9.4.1
  1088.  
  1089. [!] Title: W3 Total Cache <= 0.9.4 - Debug Mode XSS
  1090. Reference: https://wpvulndb.com/vulnerabilities/7718
  1091. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8724
  1092. [i] Fixed in: 0.9.4.1
  1093.  
  1094. [!] Title: W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)
  1095. Reference: https://wpvulndb.com/vulnerabilities/8625
  1096. Reference: https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/
  1097. Reference: http://seclists.org/fulldisclosure/2016/Sep/52
  1098. Reference: https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_w3_total_cache_plugin.html
  1099. Reference: http://seclists.org/fulldisclosure/2016/Nov/63
  1100. [i] Fixed in: 0.9.5
  1101.  
  1102. [!] Title: W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass
  1103. Reference: https://wpvulndb.com/vulnerabilities/8626
  1104. Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  1105. [i] Fixed in: 0.9.5
  1106.  
  1107. [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Upload
  1108. Reference: https://wpvulndb.com/vulnerabilities/8627
  1109. Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  1110. [i] Fixed in: 0.9.5
  1111.  
  1112. [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download
  1113. Reference: https://wpvulndb.com/vulnerabilities/8628
  1114. Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  1115. [i] Fixed in: 0.9.5
  1116.  
  1117. [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP Code Execution
  1118. Reference: https://wpvulndb.com/vulnerabilities/8629
  1119. Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
  1120. [i] Fixed in: 0.9.5
  1121.  
  1122. [!] Title: W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Request Forgery (SSRF)
  1123. Reference: https://wpvulndb.com/vulnerabilities/8644
  1124. Reference: https://klikki.fi/adv/w3_total_cache.html
  1125. [i] Fixed in: 0.9.5
  1126.  
  1127. [!] Title: W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SNS Push Messages
  1128. Reference: https://wpvulndb.com/vulnerabilities/8654
  1129. Reference: https://sumofpwn.nl/advisory/2016/weak_validation_of_amazon_sns_push_messages_in_w3_total_cache_wordpress_plugin.html
  1130. Reference: http://seclists.org/fulldisclosure/2016/Nov/61
  1131. [i] Fixed in: 0.9.5
  1132.  
  1133. [!] Title: W3 Total Cache <= 0.9.4.1 - Information Disclosure Race Condition
  1134. Reference: https://wpvulndb.com/vulnerabilities/8655
  1135. Reference: https://sumofpwn.nl/advisory/2016/information_disclosure_race_condition_in_w3_total_cache_wordpress_plugin.html
  1136. Reference: http://seclists.org/fulldisclosure/2016/Nov/62
  1137. [i] Fixed in: 0.9.5
  1138.  
  1139. [+] Finished: Thu Jul 19 21:27:37 2018
  1140. [+] Elapsed time: 00:01:04
  1141. [+] Requests made: 117
  1142. [+] Memory used: 64.746 MB
  1143. #######################################################################################################################################
  1144. =======================================================================================================================================
  1145. | Domain: http://digesto.asamblea.gob.ni/
  1146. | Server: Apache
  1147. | IP: 208.96.133.58
  1148. =======================================================================================================================================
  1149. |
  1150. | Directory check:
  1151. =======================================================================================================================================
  1152. |
  1153. | File check:
  1154. | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/index.php
  1155. | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/license.txt
  1156. | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/readme.html
  1157. | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/wp-content/plugins/akismet/readme.txt
  1158. =======================================================================================================================================
  1159. | E-mails:
  1160. | [+] E-mail Found: digesto@asamblea.gob.ni
  1161. | [+] E-mail Found: m@tidakada.com
  1162. |
  1163. | External hosts:
  1164. | [+] External Host Found: http://php.net
  1165. | [+] External Host Found: https://www.google.com
  1166. | [+] External Host Found: http://www.mysql.com
  1167. | [+] External Host Found: http://www.cse.gob.ni
  1168. | [+] External Host Found: http://www.presidencia.gob.ni
  1169. | [+] External Host Found: https://www.facebook.com
  1170. | [+] External Host Found: http://httpd.apache.org
  1171. | [+] External Host Found: https://planet.wordpress.org
  1172. | [+] External Host Found: http://www.poderjudicial.gob.ni
  1173. | [+] External Host Found: https://codex.wordpress.org
  1174. | [+] External Host Found: http://www.asamblea.gob.ni
  1175. | [+] External Host Found: https://wordpress.org
  1176. |
  1177. | Source Code Disclosure:
  1178. |
  1179. | PHPinfo() Disclosure:
  1180. |
  1181. | FCKeditor File Upload:
  1182. |
  1183. | Web Backdoors:
  1184. |
  1185. | File Upload Forms:
  1186. |
  1187. | Timthumb:
  1188. |
  1189. | Ignored Files:
  1190. | http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
  1191. | http://digesto.asamblea.gob.ni/wp-includes/js/jquery/jquery.js?ver=1.11.2
  1192. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/epanel/shortcodes/css/shortcodes_responsive.css?ver=3.0
  1193. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/custom.js?ver=2.2
  1194. | http://digesto.asamblea.gob.ni/wp-content/themes/divi-child/style.css?ver=2.2
  1195. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/imagesloaded.js?ver=2.2
  1196. | http://digesto.asamblea.gob.ni/wp-includes/css/buttons.min.css?ver=4.2.2
  1197. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/jquery.magnific-popup.js?ver=2.2
  1198. | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4.2.2
  1199. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/waypoints.min.js?ver=2.2
  1200. | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.16.2
  1201. | http://digesto.asamblea.gob.ni/wp-includes/js/comment-reply.min.js?ver=4.2.2
  1202. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/epanel/shortcodes/css/shortcodes.css?ver=3.0
  1203. | http://digesto.asamblea.gob.ni/wp-admin/css/ie.min.css?ver=4.2.2
  1204. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/jquery.fitvids.js?ver=2.2
  1205. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/masonry.js?ver=2.2
  1206. | http://digesto.asamblea.gob.ni/wp-admin/css/login.min.css?ver=4.2.2
  1207. | http://digesto.asamblea.gob.ni/wp-admin/css/install.min.css?ver=4.2.2
  1208. | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/wp-mediaelement.js?ver=4.2.2
  1209. | http://digesto.asamblea.gob.ni/wp-content/plugins/wp-recaptcha-integration/js/wpcf7.js?ver=4.2.2
  1210. | http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.1.2
  1211. | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/mediaelementplayer.min.css?ver=2.16.2
  1212. | http://digesto.asamblea.gob.ni/wp-includes/wlwmanifest.xml
  1213. | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/jquery.hashchange.js?ver=2.2
  1214. | http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.1.2
  1215. | http://digesto.asamblea.gob.ni/wp-admin/css/install.css?ver=20100228
  1216. | http://digesto.asamblea.gob.ni/wp-includes/css/dashicons.min.css?ver=4.2.2
  1217. | http://digesto.asamblea.gob.ni/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
  1218. =======================================================================================================================================
  1219. #######################################################################################################################################
  1220. ---------------------------------------------------------------------------------------------------------------------------------------
  1221. + Target IP: 208.96.133.58
  1222. + Target Hostname: digesto.asamblea.gob.ni
  1223. + Target Port: 80
  1224. + Start Time: 2018-07-19 21:10:09 (GMT-4)
  1225. ---------------------------------------------------------------------------------------------------------------------------------------
  1226. + Server: Apache
  1227. + The anti-clickjacking X-Frame-Options header is not present.
  1228. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1229. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1230. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
  1231. + Scan terminated: 20 error(s) and 3 item(s) reported on remote host
  1232. + End Time: 2018-07-19 22:36:55 (GMT-4) (5206 seconds)
  1233. ---------------------------------------------------------------------------------------------------------------------------------------
  1234. #######################################################################################################################################
  1235. Anonymous #OpNicaragua JTSEC Full Recon #10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!