_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.4.1
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
[+] URL: http://testovaci.web/
[+] Started: Fri Nov 28 09:14:36 2014
[+] robots.txt available under: 'http://testovaci.web/robots.txt'
[+] Interesting entry from robots.txt: http://testovaci.web
[!] The WordPress 'http://testovaci.web/readme.html' file exists
[+] Interesting header: SERVER: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze14 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o
[+] Interesting header: X-POWERED-BY: PHP/5.3.3-7+squeeze14
[+] XML-RPC Interface available under: http://testovaci.web/xmlrpc.php
[+] WordPress version 3.0.4 identified from meta generator
[!] 8 vulnerabilities identified from the version number
[!] Title: XSS vulnerability in swfupload in WordPress
Reference: http://seclists.org/fulldisclosure/2012/Nov/51
[!] Title: XMLRPC Pingback API Internal/External Port Scanning
Reference: https://github.com/FireFart/WordpressPingbackPortScanner
[!] Title: WordPress XMLRPC pingback additional issues
Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
[!] Title: wp-admin/press-this.php - Privilege Escalation
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5270
[i] Fixed in: 3.0.6
[!] Title: Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6633
[i] Fixed in: 3.3.3
[!] Title: wp-admin/media-upload.php sensitive information disclosure or bypass
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6634
[i] Fixed in: 3.3.3
[!] Title: wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6635
[i] Fixed in: 3.3.3
[!] Title: Crafted String URL Redirect Restriction Bypass
Reference: http://packetstormsecurity.com/files/123589/
Reference: http://core.trac.wordpress.org/changeset/25323
Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4339
Reference: http://secunia.com/advisories/54803
Reference: http://osvdb.org/97212
Reference: http://www.exploit-db.com/exploits/28958/
[i] Fixed in: 3.6.1
[+] WordPress theme in use: nejakasablona
[+] Name: nejakasablona
| Location: http://testovaci.web/wp-content/themes/nejakasablona/
| Style URL: http://testovaci.web/wp-content/themes/nejakasablona/style.css
| Description:
[+] Enumerating installed plugins ...
: |=========================================================================================================================================================================================================================================================================|
[+] We found 25 plugins:
[+] Name: add-local-avatar
| Location: http://testovaci.web/wp-content/plugins/add-local-avatar/
| Readme: http://testovaci.web/wp-content/plugins/add-local-avatar/readme.txt
[+] Name: adrotate - v3.6.6
| Location: http://testovaci.web/wp-content/plugins/adrotate/
| Readme: http://testovaci.web/wp-content/plugins/adrotate/readme.txt
[!] Title: AdRotate <= 3.9.4 - clicktracker.php track Parameter SQL Injection
Reference: http://packetstormsecurity.com/files/125330/
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1854
Reference: http://secunia.com/advisories/57079
Reference: http://osvdb.org/103578
Reference: http://www.exploit-db.com/exploits/31834/
[i] Fixed in: 3.9.5
[!] Title: AdRotate <= 3.6.6 - SQL Injection Vulnerability
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4671
Reference: http://secunia.com/advisories/46814
Reference: http://osvdb.org/77507
Reference: http://www.exploit-db.com/exploits/18114/
[i] Fixed in: 3.6.8
[!] Title: AdRotate <= 3.6.5 - SQL Injection Vulnerability
Reference: http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4671
Reference: http://osvdb.org/77507
Reference: http://www.exploit-db.com/exploits/17888/
[i] Fixed in: 3.6.8
[+] Name: akismet
| Location: http://testovaci.web/wp-content/plugins/akismet/
| Readme: http://testovaci.web/wp-content/plugins/akismet/readme.txt
[+] Name: antispam-bee
| Location: http://testovaci.web/wp-content/plugins/antispam-bee/
| Readme: http://testovaci.web/wp-content/plugins/antispam-bee/readme.txt
[+] Name: breadcrumb-navxt - v3.4.1
| Location: http://testovaci.web/wp-content/plugins/breadcrumb-navxt/
| Readme: http://testovaci.web/wp-content/plugins/breadcrumb-navxt/readme.txt
[+] Name: contact-form-7 - v2.4.2
| Location: http://testovaci.web/wp-content/plugins/contact-form-7/
| Readme: http://testovaci.web/wp-content/plugins/contact-form-7/readme.txt
[!] Title: Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
Reference: http://www.securityfocus.com/bid/66381/
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2265
[i] Fixed in: 3.7.2
[!] Title: Contact Form 7 3.5.3 - Crafted File Extension Upload Remote Code Execution
Reference: http://packetstormsecurity.com/files/125018/
Reference: http://seclists.org/fulldisclosure/2014/Feb/0
Reference: http://osvdb.org/102776
[!] Title: Contact Form 7 <= 3.5.2 - Arbitrary File Upload Remote Code Execution
Reference: http://packetstormsecurity.com/files/124154/
Reference: http://osvdb.org/100189
[i] Fixed in: 3.5.3
[+] Name: eshop
| Location: http://testovaci.web/wp-content/plugins/eshop/
[!] Title: eShop - wp-admin/admin.php Multiple Parameter XSS
Reference: http://seclists.org/bugtraq/2011/Aug/52
Reference: http://secunia.com/advisories/45553
Reference: http://osvdb.org/74464
[i] Fixed in: 6.2.9
[+] Name: members - v0.1.1
| Location: http://testovaci.web/wp-content/plugins/members/
| Readme: http://testovaci.web/wp-content/plugins/members/readme.txt
[+] Name: ple-navigation
| Location: http://testovaci.web/wp-content/plugins/ple-navigation/
| Readme: http://testovaci.web/wp-content/plugins/ple-navigation/readme.txt
[+] Name: post-plugin-library - v2.6.2.1
| Location: http://testovaci.web/wp-content/plugins/post-plugin-library/
| Readme: http://testovaci.web/wp-content/plugins/post-plugin-library/readme.txt
[+] Name: redirection
| Location: http://testovaci.web/wp-content/plugins/redirection/
| Readme: http://testovaci.web/wp-content/plugins/redirection/readme.txt
[!] Title: Redirection 2.3.3 - view/admin/item.php URL Handling Reflected XSS
Reference: http://osvdb.org/101774
[i] Fixed in: 2.3.4
[!] Title: Redirection - wp-admin/tools.php id Parameter XSS
Reference: http://secunia.com/advisories/45782
Reference: http://osvdb.org/74783
[i] Fixed in: 2.2.9
[+] Name: rss-import - v4.9.9
| Location: http://testovaci.web/wp-content/plugins/rss-import/
| Readme: http://testovaci.web/wp-content/plugins/rss-import/readme.txt
[+] Name: sem-external-links
| Location: http://testovaci.web/wp-content/plugins/sem-external-links/
| Readme: http://testovaci.web/wp-content/plugins/sem-external-links/readme.txt
[+] Name: similar-posts - v2.6.2.0
| Location: http://testovaci.web/wp-content/plugins/similar-posts/
| Readme: http://testovaci.web/wp-content/plugins/similar-posts/readme.txt
[+] Name: smooth-slider - v2.3.2
| Location: http://testovaci.web/wp-content/plugins/smooth-slider/
| Readme: http://testovaci.web/wp-content/plugins/smooth-slider/readme.txt
[+] Name: sociable - v3.5.2
| Location: http://testovaci.web/wp-content/plugins/sociable/
| Readme: http://testovaci.web/wp-content/plugins/sociable/readme.txt
[+] Name: syntax-highlighter-mt - v2.2.2
| Location: http://testovaci.web/wp-content/plugins/syntax-highlighter-mt/
| Readme: http://testovaci.web/wp-content/plugins/syntax-highlighter-mt/readme.txt
[+] Name: wiziapp-create-your-own-native-iphone-app - vv1.2.4b
| Location: http://testovaci.web/wp-content/plugins/wiziapp-create-your-own-native-iphone-app/
| Readme: http://testovaci.web/wp-content/plugins/wiziapp-create-your-own-native-iphone-app/readme.txt
[+] Name: wp-db-backup - v2.2.3
| Location: http://testovaci.web/wp-content/plugins/wp-db-backup/
| Readme: http://testovaci.web/wp-content/plugins/wp-db-backup/readme.txt
[+] Name: wp-memory-usage
| Location: http://testovaci.web/wp-content/plugins/wp-memory-usage/
| Readme: http://testovaci.web/wp-content/plugins/wp-memory-usage/readme.txt
[+] Name: wp-pagenavi - v2.73
| Location: http://testovaci.web/wp-content/plugins/wp-pagenavi/
| Readme: http://testovaci.web/wp-content/plugins/wp-pagenavi/readme.txt
[+] Name: wp-postviews - v1.50
| Location: http://testovaci.web/wp-content/plugins/wp-postviews/
| Readme: http://testovaci.web/wp-content/plugins/wp-postviews/readme.txt
[!] Title: WP-PostViews - "search_input" Cross-Site Scripting Vulnerability
Reference: http://secunia.com/advisories/50982
[!] Title: WP-PostViews 1.62 - Setting Manipulation CSRF
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3252
Reference: http://secunia.com/advisories/53127
Reference: http://osvdb.org/93096
[i] Fixed in: 1.63
[+] Name: wp-spamfree
| Location: http://testovaci.web/wp-content/plugins/wp-spamfree/
| Readme: http://testovaci.web/wp-content/plugins/wp-spamfree/readme.txt
[!] Title: WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability
Reference: http://www.exploit-db.com/exploits/17970/
[+] Name: wp-super-cache - v0.9.7
| Location: http://testovaci.web/wp-content/plugins/wp-super-cache/
| Readme: http://testovaci.web/wp-content/plugins/wp-super-cache/readme.txt
[!] Title: WP-Super-Cache 1.3 - Remote Code Execution
Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
Reference: http://wordpress.org/support/topic/pwn3d
Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
[i] Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2008
Reference: http://osvdb.org/92832
[i] Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2008
Reference: http://osvdb.org/92831
[i] Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2008
Reference: http://osvdb.org/92830
[i] Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2008
Reference: http://osvdb.org/92829
[i] Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2008
Reference: http://osvdb.org/92828
[i] Fixed in: 1.3.1
[!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2008
Reference: http://osvdb.org/92827
[i] Fixed in: 1.3.1
[+] Name: wptouch - v1.9.34
| Location: http://testovaci.web/wp-content/plugins/wptouch/
| Readme: http://testovaci.web/wp-content/plugins/wptouch/readme.txt
[+] Finished: Fri Nov 28 09:26:27 2014
[+] Memory used: 10.266 MB
[+] Elapsed time: 00:11:51