Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- Hostname digesto.asamblea.gob.ni ISP Amnet Telecomunicaciones S.A.
- Continent North America Flag
- NI
- Country Nicaragua Country Code NI
- Region Departamento de Managua Local time 19 Jul 2018 18:54 CST
- City Managua Postal Code Unknown
- IP Address 208.96.133.58 Latitude 12.151
- Longitude -86.268
- #######################################################################################################################################
- "ip": "208.96.133.58",
- "city": "Managua",
- "region": "Departamento de Managua",
- "country": "NI",
- "loc": "12.1508,-86.2683"
- #######################################################################################################################################
- HostIP:208.96.133.58
- HostName:digesto.asamblea.gob.ni
- Gathered Inet-whois information for 208.96.133.58
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 208.82.76.0 - 208.255.255.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: You can find the whois server to query, or the
- remarks: IANA registry to query on this web page:
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks:
- remarks: You can access databases of other RIRs at:
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: IANA IPV4 Recovered Address Space
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- mnt-lower: RIPE-NCC-HM-MNT
- mnt-routes: RIPE-NCC-RPSL-MNT
- created: 2017-01-19T16:05:24Z
- last-modified: 2017-01-19T16:05:24Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.91.2 (WAGYU)
- Gathered Inic-whois information for digesto.asamblea.gob.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server ni.whois-servers.net failed
- close error
- Gathered Netcraft information for digesto.asamblea.gob.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for digesto.asamblea.gob.ni
- Netcraft.com Information gathered
- Gathered Subdomain information for digesto.asamblea.gob.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 possible subdomain(s) for host digesto.asamblea.gob.ni, Searched 0 pages containing 0 results
- Gathered E-Mail information for digesto.asamblea.gob.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host digesto.asamblea.gob.ni, Searched 0 pages containing 0 results
- Gathered TCP Port information for 208.96.133.58
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- Portscan Finished: Scanned 150 ports, 0 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://digesto.asamblea.gob.ni
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: Digesto Jurídico Nicaragüense | Digesto Jurídico Nicaragüense
- [+] IP address: 208.96.133.58
- [+] Web Server: Apache
- [+] CMS: WordPress
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 208.96.133.58
- [i] Country: NI
- [i] State: Managua
- [i] City: Managua
- [i] Latitude: 12.150800
- [i] Longitude: -86.268303
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Fri, 20 Jul 2018 00:57:30 GMT
- [i] Server: Apache
- [i] X-Powered-By: PHP/5.6.1
- [i] Last-Modified: Fri, 20 Jul 2018 00:55:02 GMT
- [i] X-Pingback: http://digesto.asamblea.gob.ni/xmlrpc.php
- [i] Content-Type: text/html; charset=UTF-8
- [i] Vary: Accept-Encoding
- [i] Content-Length: 94491
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- ;; Truncated, retrying in TCP mode.
- digesto.asamblea.gob.ni. 60 IN A 208.96.133.58
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 208.96.133.58
- Network = 208.96.133.58 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 208.96.133.58 - 208.96.133.58 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 00:57 UTC
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up (0.069s latency).
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http Apache httpd
- 110/tcp open pop3-proxy Astaro firewall pop3 proxy
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Service Info: Device: firewall
- Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 8.49 seconds
- #######################################################################################################################################
- [?] Enter the target: http://digesto.asamblea.gob.ni/
- [!] IP Address : 208.96.133.58
- [!] Server: Apache
- [!] Powered By: PHP/5.6.1
- [+] Clickjacking protection is not in place.
- [!] digesto.asamblea.gob.ni doesn't seem to use a CMS
- [+] Honeypot Probabilty: 0%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for digesto.asamblea.gob.ni
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/digesto.asamblea.gob.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http Apache httpd
- 110/tcp open pop3-proxy Astaro firewall pop3 proxy
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- [+] Host Records (A)
- digesto.asamblea.gob.niHTTP: (208.96.133.58) AS27742 Amnet Telecomunicaciones S.A. Nicaragua
- [+] TXT Records
- [+] DNS Map: https://dnsdumpster.com/static/map/digesto.asamblea.gob.ni.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ------------------
- pixel-1532048269865343-web-@digesto.asamblea.gob.ni
- pixel-1532048275725773-web-@digesto.asamblea.gob.ni
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 01:05 UTC
- Nmap scan report for 208.96.133.58
- Host is up (0.068s latency).
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http Apache httpd
- 110/tcp open pop3-proxy Astaro firewall pop3 proxy
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Service Info: Device: firewall
- Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 8.80 seconds
- #######################################################################################################################################
- Start: Fri Jul 20 01:05:46 2018
- HOST: whatweb Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.55.64.254 0.0% 3 0.3 1.2 0.3 2.7 1.2
- 2.|-- 138.197.251.28 0.0% 3 0.5 0.5 0.4 0.6 0.0
- 3.|-- 138.197.244.38 0.0% 3 1.0 1.0 1.0 1.0 0.0
- 4.|-- ce-0-3-0-2.r07.nycmny01.us.bb.gin.ntt.net 0.0% 3 1.2 1.2 1.1 1.2 0.0
- 5.|-- ae-3.r08.nycmny01.us.bb.gin.ntt.net 0.0% 3 1.4 1.4 1.3 1.5 0.0
- 6.|-- xe-11-3-0.BR3.NYC4.ALTER.NET 0.0% 3 1.2 1.3 1.2 1.4 0.0
- 7.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 8.|-- tigo.com-gw.customer.alter.net 0.0% 3 28.7 28.8 28.7 28.8 0.0
- 9.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 10.|-- ip-105-126.amnet.com.ni 0.0% 3 72.9 72.7 72.3 72.9 0.0
- 11.|-- clp.theargusgroup.us 0.0% 3 74.1 74.1 74.1 74.2 0.0
- 12.|-- 200.30.177.54 0.0% 3 72.5 72.5 72.4 72.5 0.0
- 13.|-- 208.96.133.58 0.0% 3 74.0 74.0 74.0 74.0 0.0
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- digesto.asamblea.gob.ni -----
- Host's addresses:
- __________________
- digesto.asamblea.gob.ni. 60 IN A 208.96.133.58
- Name Servers:
- ______________
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:55 EDT
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up (0.67s latency).
- Not shown: 431 closed ports, 43 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 554/tcp open rtsp
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:55 EDT
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up.
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp open|filtered netbios-ns
- 138/udp open|filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:55 EDT
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up (0.24s latency).
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 116.05 seconds
- + -- --=[Port 68 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:57 EDT
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up (0.24s latency).
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 116.41 seconds
- + -- --=[Port 69 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-19 23:59 EDT
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up (0.23s latency).
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- #######################################################################################################################################
- ERROR:root:Site http://digesto.asamblea.gob.ni appears to be down
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://digesto.asamblea.gob.ni
- #######################################################################################################################################
- https://digesto.asamblea.gob.ni ERROR: Timed out execution expired
- https://digesto.asamblea.gob.ni [ Unassigned]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://digesto.asamblea.gob.ni...
- ________________________________________ SITE INFO ________________________________________
- IP Title
- 208.96.133.58 Digesto Jurídico Nicaragüense | Digesto Jurídico Nicaragüense
- _________________________________________ VERSION _________________________________________
- Name Versions Type
- WordPress 4.2.2 CMS
- Apache Platform
- PHP 5.6.1 Platform
- openSUSE 13.2 OS
- _______________________________________ INTERESTING _______________________________________
- URL Note Type
- /readme.html Wordpress readme Interesting
- /readme.html Readme file Interesting
- __________________________________________ TOOLS __________________________________________
- Name Link Software
- wpscan https://github.com/wpscanteam/wpscan WordPress
- CMSmap https://github.com/Dionach/CMSmap WordPress
- _____________________________________ VULNERABILITIES _____________________________________
- Affected #Vulns Link
- WordPress 4.2.2 2 http://cvedetails.com/version/185073
- ___________________________________________________________________________________________
- Time: 362.5 sec Urls: 465 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Fri, 20 Jul 2018 04:08:08 GMT
- Server: Apache
- X-Powered-By: PHP/5.6.1
- Last-Modified: Fri, 20 Jul 2018 04:03:52 GMT
- X-Pingback: http://digesto.asamblea.gob.ni/xmlrpc.php
- Content-Type: text/html; charset=UTF-8
- #######################################################################################################################################
- + -- --=[Port 110 closed... skipping.
- + -- --=[Port 111 closed... skipping.
- + -- --=[Port 123 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 00:08 EDT
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up (0.23s latency).
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- #######################################################################################################################################
- I, [2018-07-20T00:10:56.051435 #27605] INFO -- : Initiating port scan
- Traceback (most recent call last):
- 3: from yasuo.rb:700:in `<main>'
- 2: from yasuo.rb:132:in `run'
- 1: from yasuo.rb:232:in `process_nmap_scan'
- yasuo.rb:232:in `each_slice': invalid slice size (ArgumentError)
- I, [2018-07-20T00:10:59.589886 #27605] INFO -- : Using nmap scan output file logs/nmap_output_2018-07-20_00-10-56.xml
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 00:10 EDT
- NSE: Loaded 43 scripts for scanning.
- Initiating Parallel DNS resolution of 1 host. at 00:11
- Completed Parallel DNS resolution of 1 host. at 00:11, 0.02s elapsed
- Initiating SYN Stealth Scan at 00:11
- Scanning digesto.asamblea.gob.ni (208.96.133.58) [65535 ports]
- Discovered open port 21/tcp on 208.96.133.58
- Discovered open port 587/tcp on 208.96.133.58
- Discovered open port 554/tcp on 208.96.133.58
- Increasing send delay for 208.96.133.58 from 0 to 5 due to 39 out of 97 dropped probes since last increase.
- Increasing send delay for 208.96.133.58 from 5 to 10 due to 122 out of 304 dropped probes since last increase.
- Warning: 208.96.133.58 giving up on port because retransmission cap hit (6).
- SYN Stealth Scan Timing: About 0.42% done
- SYN Stealth Scan Timing: About 0.75% done
- SYN Stealth Scan Timing: About 1.05% done; ETC: 02:35 (2:23:03 remaining)
- SYN Stealth Scan Timing: About 1.61% done; ETC: 02:44 (2:30:32 remaining)
- SYN Stealth Scan Timing: About 6.98% done; ETC: 02:44 (2:22:49 remaining)
- SYN Stealth Scan Timing: About 12.89% done; ETC: 02:45 (2:14:59 remaining)
- SYN Stealth Scan Timing: About 18.13% done; ETC: 02:46 (2:07:09 remaining)
- SYN Stealth Scan Timing: About 23.01% done; ETC: 02:46 (1:59:22 remaining)
- SYN Stealth Scan Timing: About 27.64% done; ETC: 02:45 (1:51:33 remaining)
- SYN Stealth Scan Timing: About 32.73% done; ETC: 02:45 (1:43:48 remaining)
- SYN Stealth Scan Timing: About 37.53% done; ETC: 02:44 (1:36:04 remaining)
- adjust_timeouts2: packet supposedly had rtt of 8000241 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8000241 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8196321 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8196321 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8190655 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8190655 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8182872 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8182872 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8176883 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8176883 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8175784 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8175784 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8109956 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8109956 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8301777 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8301777 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8280952 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8280952 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8256686 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8256686 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8250799 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8250799 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8234964 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8234964 microseconds. Ignoring time.
- SYN Stealth Scan Timing: About 42.72% done; ETC: 02:45 (1:28:23 remaining)
- SYN Stealth Scan Timing: About 47.59% done; ETC: 02:44 (1:20:37 remaining)
- SYN Stealth Scan Timing: About 52.51% done; ETC: 02:44 (1:12:53 remaining)
- SYN Stealth Scan Timing: About 57.46% done; ETC: 02:44 (1:05:11 remaining)
- SYN Stealth Scan Timing: About 62.57% done; ETC: 02:44 (0:57:30 remaining)
- SYN Stealth Scan Timing: About 67.63% done; ETC: 02:44 (0:49:48 remaining)
- SYN Stealth Scan Timing: About 72.83% done; ETC: 02:45 (0:42:03 remaining)
- SYN Stealth Scan Timing: About 77.88% done; ETC: 02:46 (0:34:17 remaining)
- SYN Stealth Scan Timing: About 82.96% done; ETC: 02:46 (0:26:29 remaining)
- SYN Stealth Scan Timing: About 88.01% done; ETC: 02:46 (0:18:40 remaining)
- SYN Stealth Scan Timing: About 93.01% done; ETC: 02:46 (0:10:52 remaining)
- SYN Stealth Scan Timing: About 98.03% done; ETC: 02:46 (0:03:03 remaining)
- Discovered open port 7070/tcp on 208.96.133.58
- adjust_timeouts2: packet supposedly had rtt of 8303162 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8303162 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8308607 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of 8308607 microseconds. Ignoring time.
- Completed SYN Stealth Scan at 05:01, 17416.56s elapsed (65535 total ports)
- Initiating Service scan at 05:01
- Scanning 4 services on digesto.asamblea.gob.ni (208.96.133.58)
- Service scan Timing: About 50.00% done; ETC: 05:06 (0:02:38 remaining)
- Completed Service scan at 05:03, 157.65s elapsed (4 services on 1 host)
- Initiating OS detection (try #1) against digesto.asamblea.gob.ni (208.96.133.58)
- RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
- RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
- RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
- RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
- RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
- Retrying OS detection (try #2) against digesto.asamblea.gob.ni (208.96.133.58)
- NSE: Script scanning 208.96.133.58.
- Initiating NSE at 05:04
- Completed NSE at 05:04, 0.98s elapsed
- Initiating NSE at 05:04
- Completed NSE at 05:04, 3.09s elapsed
- Nmap scan report for digesto.asamblea.gob.ni (208.96.133.58)
- Host is up (1.3s latency).
- Not shown: 65524 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp?
- 25/tcp filtered smtp
- 135/tcp filtered msrpc
- 136/tcp filtered profile
- 137/tcp filtered netbios-ns
- 138/tcp filtered netbios-dgm
- 139/tcp filtered netbios-ssn
- 445/tcp filtered microsoft-ds
- 554/tcp open rtsp?
- 587/tcp open tcpwrapped
- 7070/tcp open realserver?
- Device type: printer|router
- Running (JUST GUESSING): Ricoh embedded (88%), Linksys embedded (87%)
- OS CPE: cpe:/h:ricoh:aficio_sp_c240sf
- Aggressive OS guesses: Ricoh Aficio SP C240SF printer (88%), Linksys BEFSR41 EtherFast router (87%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.000 days (since Fri Jul 20 05:04:01 2018)
- TCP Sequence Prediction: Difficulty=208 (Good luck!)
- IP ID Sequence Generation: Busy server or unknown class
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 17592.22 seconds
- Raw packets sent: 458121 (20.162MB) | Rcvd: 457161 (18.287MB)
- #######################################################################################################################################
- [*] Processing domain digesto.asamblea.gob.ni
- [+] Getting nameservers
- [-] Getting nameservers failed
- [-] Zone transfer failed
- [*] Scanning digesto.asamblea.gob.ni for A records
- 208.96.133.58 - digesto.asamblea.gob.ni
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: digesto.asamblea.gob.ni
- [-] DNSSEC is not configured for digesto.asamblea.gob.ni
- [*] SOA ns.asamblea.gob.ni 186.1.3.163
- [-] Could not Resolve NS Records for digesto.asamblea.gob.ni
- [-] Could not Resolve MX Records for digesto.asamblea.gob.ni
- [*] A digesto.asamblea.gob.ni 208.96.133.58
- [*] Enumerating SRV Records
- [-] No SRV Records Found for digesto.asamblea.gob.ni
- [+] 0 Records Found
- #######################################################################################################################################
- [i] It seems like you have not updated the database for some time
- [?] Do you want to update now? [Y]es [N]o [A]bort update, default: [N] > Y
- [i] Updating the Database ...
- [i] Update completed
- [+] URL: http://digesto.asamblea.gob.ni/
- [+] Started: Thu Jul 19 21:26:33 2018
- [+] Interesting header: SERVER: Apache
- [+] Interesting header: X-POWERED-BY: PHP/5.6.1
- [+] XML-RPC Interface available under: http://digesto.asamblea.gob.ni/xmlrpc.php [HTTP 405]
- [+] Found an RSS Feed: http://digesto.asamblea.gob.ni/?feed=rss2 [HTTP 200]
- [!] Detected 1 user from RSS feed:
- +-----------------+
- | Name |
- +-----------------+
- | Elizabeth Perez |
- +-----------------+
- [+] Enumerating WordPress version ...
- [!] The WordPress 'http://digesto.asamblea.gob.ni/readme.html' file exists exposing a version number
- [+] WordPress version 4.2.2 (Released on 2015-05-07) identified from advanced fingerprinting, meta generator, readme, links opml
- [!] 54 vulnerabilities identified from the version number
- [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8111
- Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
- Reference: https://twitter.com/klikkioy/status/624264122570526720
- Reference: https://klikki.fi/adv/wordpress3.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
- [i] Fixed in: 4.2.3
- [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/8126
- Reference: https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
- [i] Fixed in: 4.2.4
- [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack
- Reference: https://wpvulndb.com/vulnerabilities/8130
- Reference: https://core.trac.wordpress.org/changeset/33536
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
- [i] Fixed in: 4.2.4
- [!] Title: WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8131
- Reference: https://core.trac.wordpress.org/changeset/33529
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
- [i] Fixed in: 4.2.4
- [!] Title: WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8132
- Reference: https://core.trac.wordpress.org/changeset/33541
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
- [i] Fixed in: 4.2.4
- [!] Title: WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8133
- Reference: https://core.trac.wordpress.org/changeset/33549
- Reference: https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
- [i] Fixed in: 4.2.4
- [!] Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8186
- Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
- Reference: http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
- Reference: http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
- [i] Fixed in: 4.2.5
- [!] Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8187
- Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
- Reference: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
- [i] Fixed in: 4.2.5
- [!] Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
- Reference: https://wpvulndb.com/vulnerabilities/8188
- Reference: https://wordpress.org/news/2015/09/wordpress-4-3-1/
- Reference: http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
- Reference: http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
- [i] Fixed in: 4.2.5
- [!] Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8358
- Reference: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
- [i] Fixed in: 4.2.6
- [!] Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
- Reference: https://wpvulndb.com/vulnerabilities/8376
- Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/36435
- Reference: https://hackerone.com/reports/110801
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
- [i] Fixed in: 4.2.7
- [!] Title: WordPress 3.7-4.4.1 - Open Redirect
- Reference: https://wpvulndb.com/vulnerabilities/8377
- Reference: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/36444
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
- [i] Fixed in: 4.2.7
- [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
- Reference: https://wpvulndb.com/vulnerabilities/8473
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
- [i] Fixed in: 4.5
- [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
- Reference: https://wpvulndb.com/vulnerabilities/8474
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
- [i] Fixed in: 4.5
- [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8475
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
- [i] Fixed in: 4.5
- [!] Title: WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8488
- Reference: https://wordpress.org/news/2016/05/wordpress-4-5-2/
- Reference: https://github.com/WordPress/WordPress/commit/a493dc0ab5819c8b831173185f1334b7c3e02e36
- Reference: https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4567
- [i] Fixed in: 4.5.2
- [!] Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
- Reference: https://wpvulndb.com/vulnerabilities/8489
- Reference: https://wordpress.org/news/2016/05/wordpress-4-5-2/
- Reference: https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
- Reference: https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
- Reference: http://avlidienbrunn.com/wp_some_loader.php
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
- [i] Fixed in: 4.2.8
- [!] Title: WordPress 4.2-4.5.2 - Authenticated Attachment Name Stored XSS
- Reference: https://wpvulndb.com/vulnerabilities/8518
- Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
- Reference: https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5833
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834
- [i] Fixed in: 4.2.9
- [!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
- Reference: https://wpvulndb.com/vulnerabilities/8519
- Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
- Reference: https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
- Reference: https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
- [i] Fixed in: 4.2.9
- [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
- Reference: https://wpvulndb.com/vulnerabilities/8520
- Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
- Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
- [i] Fixed in: 4.2.9
- [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
- Reference: https://wpvulndb.com/vulnerabilities/8615
- Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
- Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
- Reference: http://seclists.org/fulldisclosure/2016/Sep/6
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
- [i] Fixed in: 4.2.10
- [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
- Reference: https://wpvulndb.com/vulnerabilities/8616
- Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
- [i] Fixed in: 4.2.10
- [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
- Reference: https://wpvulndb.com/vulnerabilities/8716
- Reference: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
- [i] Fixed in: 4.2.11
- [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
- Reference: https://wpvulndb.com/vulnerabilities/8718
- Reference: https://www.mehmetince.net/low-severity-wordpress/
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
- [i] Fixed in: 4.2.11
- [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
- Reference: https://wpvulndb.com/vulnerabilities/8719
- Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
- [i] Fixed in: 4.2.11
- [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
- Reference: https://wpvulndb.com/vulnerabilities/8720
- Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
- [i] Fixed in: 4.2.11
- [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- Reference: https://wpvulndb.com/vulnerabilities/8721
- Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
- [i] Fixed in: 4.2.11
- [!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
- Reference: https://wpvulndb.com/vulnerabilities/8729
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
- Reference: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610
- [i] Fixed in: 4.2.12
- [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/8730
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
- Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
- [i] Fixed in: 4.2.12
- [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
- Reference: https://wpvulndb.com/vulnerabilities/8765
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
- Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
- Reference: http://seclists.org/oss-sec/2017/q1/563
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
- [i] Fixed in: 4.2.13
- [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
- Reference: https://wpvulndb.com/vulnerabilities/8766
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
- [i] Fixed in: 4.2.13
- [!] Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
- Reference: https://wpvulndb.com/vulnerabilities/8768
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
- Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
- [i] Fixed in: 4.2.13
- [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
- Reference: https://wpvulndb.com/vulnerabilities/8770
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
- Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
- Reference: http://seclists.org/oss-sec/2017/q1/562
- Reference: https://hackerone.com/reports/153093
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
- [i] Fixed in: 4.2.13
- [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- Reference: https://wpvulndb.com/vulnerabilities/8807
- Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- Reference: https://core.trac.wordpress.org/ticket/25239
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- Reference: https://wpvulndb.com/vulnerabilities/8815
- Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
- [i] Fixed in: 4.2.15
- [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- Reference: https://wpvulndb.com/vulnerabilities/8816
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
- [i] Fixed in: 4.2.15
- [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
- Reference: https://wpvulndb.com/vulnerabilities/8817
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
- [i] Fixed in: 4.2.15
- [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8818
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
- [i] Fixed in: 4.2.15
- [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
- Reference: https://wpvulndb.com/vulnerabilities/8819
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
- Reference: https://hackerone.com/reports/203515
- Reference: https://hackerone.com/reports/203515
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
- [i] Fixed in: 4.2.15
- [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8820
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
- [i] Fixed in: 4.2.15
- [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/8905
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- [i] Fixed in: 4.2.16
- [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- Reference: https://wpvulndb.com/vulnerabilities/8906
- Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- Reference: https://wpvulndb.com/vulnerabilities/8905
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- Reference: https://wpvulndb.com/vulnerabilities/8910
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41398
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- [i] Fixed in: 4.2.16
- [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- Reference: https://wpvulndb.com/vulnerabilities/8911
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41457
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- [i] Fixed in: 4.2.16
- [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- Reference: https://wpvulndb.com/vulnerabilities/8941
- Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- Reference: https://twitter.com/ircmaxell/status/923662170092638208
- Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- [i] Fixed in: 4.2.17
- [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- Reference: https://wpvulndb.com/vulnerabilities/8966
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- [i] Fixed in: 4.2.18
- [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- Reference: https://wpvulndb.com/vulnerabilities/8967
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- [i] Fixed in: 4.2.18
- [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- Reference: https://wpvulndb.com/vulnerabilities/8969
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
- [i] Fixed in: 4.2.18
- [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/9006
- Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
- Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/ticket/42720
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
- [i] Fixed in: 4.2.19
- [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- Reference: https://wpvulndb.com/vulnerabilities/9021
- Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- Reference: https://github.com/quitten/doser.py
- Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- Reference: https://wpvulndb.com/vulnerabilities/9053
- Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- [i] Fixed in: 4.2.20
- [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- Reference: https://wpvulndb.com/vulnerabilities/9054
- Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- [i] Fixed in: 4.2.20
- [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- Reference: https://wpvulndb.com/vulnerabilities/9055
- Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- [i] Fixed in: 4.2.20
- [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- Reference: https://wpvulndb.com/vulnerabilities/9100
- Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- [i] Fixed in: 4.2.21
- [+] WordPress theme in use: divi-child - v2.2
- [+] Name: divi-child - v2.2
- | Location: http://digesto.asamblea.gob.ni/wp-content/themes/divi-child/
- | Style URL: http://digesto.asamblea.gob.ni/wp-content/themes/divi-child/style.css
- | Theme Name: Divi Child Theme
- | Description: Divi Child Theme
- | Author: XOLO S.A.
- | Author URI: http://www.xolosa.com
- [+] Detected parent theme: Divi - v2.2
- [+] Name: Divi - v2.2
- | Location: http://digesto.asamblea.gob.ni/wp-content/themes/Divi/
- | Changelog: http://digesto.asamblea.gob.ni/wp-content/themes/Divi/changelog.txt
- | Style URL: http://digesto.asamblea.gob.ni/wp-content/themes/Divi/style.css
- | Theme Name: Divi
- | Theme URI: http://www.elegantthemes.com/gallery/divi/
- | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection.
- | Author: Elegant Themes
- | Author URI: http://www.elegantthemes.com
- [!] Title: ElegantThemes - Privilege Escalation
- Reference: https://wpvulndb.com/vulnerabilities/8394
- Reference: http://www.pritect.net/blog/elegant-themes-security-vulnerability
- Reference: http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
- [i] Fixed in: 2.6.4
- [+] Enumerating plugins from passive detection ...
- | 3 plugins found:
- [+] Name: contact-form-7 - v4.1.2
- | Last updated: 2018-07-12T12:37:00.000Z
- | Location: http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/
- | Readme: http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/readme.txt
- [!] The version is out of date, the latest version is 5.0.3
- [+] Name: wp-recaptcha-integration - v1.1.5
- | Last updated: 2017-10-19T18:38:00.000Z
- | Location: http://digesto.asamblea.gob.ni/wp-content/plugins/wp-recaptcha-integration/
- | Readme: http://digesto.asamblea.gob.ni/wp-content/plugins/wp-recaptcha-integration/readme.txt
- [!] The version is out of date, the latest version is 1.2.1
- [+] Name: w3-total-cache
- | Latest version: 0.9.7
- | Last updated: 2018-04-25T21:31:00.000Z
- | Location: http://digesto.asamblea.gob.ni/wp-content/plugins/w3-total-cache/
- | Changelog: http://digesto.asamblea.gob.ni/wp-content/plugins/w3-total-cache/changelog.txt
- [!] We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.
- [!] Title: W3 Total Cache 0.9.2.4 - Username & Hash Extract
- Reference: https://wpvulndb.com/vulnerabilities/6621
- Reference: http://seclists.org/fulldisclosure/2012/Dec/242
- Reference: https://github.com/FireFart/W3TotalCacheExploit
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6079
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6078
- [i] Fixed in: 0.9.2.5
- [!] Title: W3 Total Cache - Remote Code Execution
- Reference: https://wpvulndb.com/vulnerabilities/6622
- Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
- Reference: http://wordpress.org/support/topic/pwn3d
- Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2010
- Reference: https://secunia.com/advisories/53052/
- Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_total_cache_exec
- Reference: https://www.exploit-db.com/exploits/25137/
- [i] Fixed in: 0.9.2.9
- [!] Title: W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
- Reference: https://wpvulndb.com/vulnerabilities/7621
- Reference: http://seclists.org/fulldisclosure/2014/Sep/29
- [i] Fixed in: 0.9.4.1
- [!] Title: W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
- Reference: https://wpvulndb.com/vulnerabilities/7717
- Reference: http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html
- [i] Fixed in: 0.9.4.1
- [!] Title: W3 Total Cache <= 0.9.4 - Debug Mode XSS
- Reference: https://wpvulndb.com/vulnerabilities/7718
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8724
- [i] Fixed in: 0.9.4.1
- [!] Title: W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8625
- Reference: https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/
- Reference: http://seclists.org/fulldisclosure/2016/Sep/52
- Reference: https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_w3_total_cache_plugin.html
- Reference: http://seclists.org/fulldisclosure/2016/Nov/63
- [i] Fixed in: 0.9.5
- [!] Title: W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass
- Reference: https://wpvulndb.com/vulnerabilities/8626
- Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
- [i] Fixed in: 0.9.5
- [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Upload
- Reference: https://wpvulndb.com/vulnerabilities/8627
- Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
- [i] Fixed in: 0.9.5
- [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download
- Reference: https://wpvulndb.com/vulnerabilities/8628
- Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
- [i] Fixed in: 0.9.5
- [!] Title: W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP Code Execution
- Reference: https://wpvulndb.com/vulnerabilities/8629
- Reference: https://secupress.me/blog/4-new-security-flaws-w3-total-cache-0-9-4-1/
- [i] Fixed in: 0.9.5
- [!] Title: W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Request Forgery (SSRF)
- Reference: https://wpvulndb.com/vulnerabilities/8644
- Reference: https://klikki.fi/adv/w3_total_cache.html
- [i] Fixed in: 0.9.5
- [!] Title: W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SNS Push Messages
- Reference: https://wpvulndb.com/vulnerabilities/8654
- Reference: https://sumofpwn.nl/advisory/2016/weak_validation_of_amazon_sns_push_messages_in_w3_total_cache_wordpress_plugin.html
- Reference: http://seclists.org/fulldisclosure/2016/Nov/61
- [i] Fixed in: 0.9.5
- [!] Title: W3 Total Cache <= 0.9.4.1 - Information Disclosure Race Condition
- Reference: https://wpvulndb.com/vulnerabilities/8655
- Reference: https://sumofpwn.nl/advisory/2016/information_disclosure_race_condition_in_w3_total_cache_wordpress_plugin.html
- Reference: http://seclists.org/fulldisclosure/2016/Nov/62
- [i] Fixed in: 0.9.5
- [+] Finished: Thu Jul 19 21:27:37 2018
- [+] Elapsed time: 00:01:04
- [+] Requests made: 117
- [+] Memory used: 64.746 MB
- #######################################################################################################################################
- =======================================================================================================================================
- | Domain: http://digesto.asamblea.gob.ni/
- | Server: Apache
- | IP: 208.96.133.58
- =======================================================================================================================================
- |
- | Directory check:
- =======================================================================================================================================
- |
- | File check:
- | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/index.php
- | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/license.txt
- | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/readme.html
- | [+] CODE: 200 URL: http://digesto.asamblea.gob.ni/wp-content/plugins/akismet/readme.txt
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: digesto@asamblea.gob.ni
- | [+] E-mail Found: m@tidakada.com
- |
- | External hosts:
- | [+] External Host Found: http://php.net
- | [+] External Host Found: https://www.google.com
- | [+] External Host Found: http://www.mysql.com
- | [+] External Host Found: http://www.cse.gob.ni
- | [+] External Host Found: http://www.presidencia.gob.ni
- | [+] External Host Found: https://www.facebook.com
- | [+] External Host Found: http://httpd.apache.org
- | [+] External Host Found: https://planet.wordpress.org
- | [+] External Host Found: http://www.poderjudicial.gob.ni
- | [+] External Host Found: https://codex.wordpress.org
- | [+] External Host Found: http://www.asamblea.gob.ni
- | [+] External Host Found: https://wordpress.org
- |
- | Source Code Disclosure:
- |
- | PHPinfo() Disclosure:
- |
- | FCKeditor File Upload:
- |
- | Web Backdoors:
- |
- | File Upload Forms:
- |
- | Timthumb:
- |
- | Ignored Files:
- | http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
- | http://digesto.asamblea.gob.ni/wp-includes/js/jquery/jquery.js?ver=1.11.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/epanel/shortcodes/css/shortcodes_responsive.css?ver=3.0
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/custom.js?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/divi-child/style.css?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/imagesloaded.js?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-includes/css/buttons.min.css?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/jquery.magnific-popup.js?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/waypoints.min.js?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.16.2
- | http://digesto.asamblea.gob.ni/wp-includes/js/comment-reply.min.js?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/epanel/shortcodes/css/shortcodes.css?ver=3.0
- | http://digesto.asamblea.gob.ni/wp-admin/css/ie.min.css?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/jquery.fitvids.js?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/masonry.js?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-admin/css/login.min.css?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-admin/css/install.min.css?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/wp-mediaelement.js?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-content/plugins/wp-recaptcha-integration/js/wpcf7.js?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.1.2
- | http://digesto.asamblea.gob.ni/wp-includes/js/mediaelement/mediaelementplayer.min.css?ver=2.16.2
- | http://digesto.asamblea.gob.ni/wp-includes/wlwmanifest.xml
- | http://digesto.asamblea.gob.ni/wp-content/themes/Divi/js/jquery.hashchange.js?ver=2.2
- | http://digesto.asamblea.gob.ni/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.1.2
- | http://digesto.asamblea.gob.ni/wp-admin/css/install.css?ver=20100228
- | http://digesto.asamblea.gob.ni/wp-includes/css/dashicons.min.css?ver=4.2.2
- | http://digesto.asamblea.gob.ni/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
- =======================================================================================================================================
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 208.96.133.58
- + Target Hostname: digesto.asamblea.gob.ni
- + Target Port: 80
- + Start Time: 2018-07-19 21:10:09 (GMT-4)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: Apache
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Operation now in progress
- + Scan terminated: 20 error(s) and 3 item(s) reported on remote host
- + End Time: 2018-07-19 22:36:55 (GMT-4) (5206 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Anonymous #OpNicaragua JTSEC Full Recon #10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement