Created
January 1, 2014 21:15
-
-
Save yeukhon/8211580 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (env)vagrant@precise64:~$ /home/vagrant/wpscan/wpscan.rb --url http://blogs.skype.com --enumerate --wordlist /home/vagrant/wpscan/password-2011.lst --threads 20 | |
| _______________________________________________________________ | |
| __ _______ _____ | |
| \ \ / / __ \ / ____| | |
| \ \ /\ / /| |__) | (___ ___ __ _ _ __ | |
| \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ | |
| \ /\ / | | ____) | (__| (_| | | | | | |
| \/ \/ |_| |_____/ \___|\__,_|_| |_| | |
| WordPress Security Scanner by the WPScan Team | |
| Version v2.2r125924d | |
| Sponsored by the RandomStorm Open Source Initiative | |
| @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_ | |
| _______________________________________________________________ | |
| | URL: http://blogs.skype.com/ | |
| | Started: Wed Jan 1 21:12:12 2014 | |
| [+] robots.txt available under: 'http://blogs.skype.com/robots.txt' | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/next/ | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/mshots/v1/ | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/activate/ | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/wp-login.php | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/signup/ | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/related-tags.php | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/public-api/ | |
| [+] Interesting entry from robots.txt: http://blogs.skype.com/cgi-bin/ | |
| [+] Interesting header: LINK: <http://wp.me/2q6gy>; rel=shortlink | |
| [+] Interesting header: SERVER: nginx | |
| [+] Interesting header: X-HACKER: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. | |
| [+] XML-RPC Interface available under: http://blogs.skype.com/xmlrpc.php | |
| [+] Enumerating installed plugins (only vulnerable ones) ... | |
| Time: 00:00:21 <=============================================================================> (652 / 652) 100.00% Time: 00:00:21 | |
| [+] We found 8 plugins: | |
| | Name: audio-player | |
| | Location: http://blogs.skype.com/wp-content/plugins/audio-player/ | |
| | | |
| | * Title: Audio Player - player.swf playerID Parameter XSS | |
| | * Reference: http://seclists.org/bugtraq/2013/Feb/35 | |
| | * Reference: http://secunia.com/advisories/52083 | |
| | * Reference: http://osvdb.org/89963 | |
| | * Fixed in: 2.0.4.6 | |
| | Name: bbpress - v2.3.2 | |
| | Location: http://blogs.skype.com/wp-content/plugins/bbpress/ | |
| | Readme: http://blogs.skype.com/wp-content/plugins/bbpress/readme.txt | |
| | | |
| | * Title: BBPress - Multiple Script Malformed Input Path Disclosure | |
| | * Reference: http://xforce.iss.net/xforce/xfdb/78244 | |
| | * Reference: http://packetstormsecurity.com/files/116123/ | |
| | * Reference: http://osvdb.org/86399 | |
| | * Reference: http://www.exploit-db.com/exploits/22396/ | |
| | | |
| | * Title: BBPress - forum.php page Parameter SQL Injection | |
| | * Reference: http://xforce.iss.net/xforce/xfdb/78244 | |
| | * Reference: http://packetstormsecurity.com/files/116123/ | |
| | * Reference: http://osvdb.org/86400 | |
| | * Reference: http://www.exploit-db.com/exploits/22396/ | |
| | Name: booking | |
| | Location: http://blogs.skype.com/wp-content/plugins/booking/ | |
| | | |
| | * Title: Booking Calendar 4.1.4 - CSRF Vulnerability | |
| | * Reference: http://packetstormsecurity.com/files/122691/ | |
| | * Reference: http://wpbookingcalendar.com/ | |
| | * Reference: http://secunia.com/advisories/54461 | |
| | * Reference: http://osvdb.org/96088 | |
| | * Reference: http://www.exploit-db.com/exploits/27399/ | |
| | * Fixed in: 4.1.6 | |
| | Name: chat | |
| | Location: http://blogs.skype.com/wp-content/plugins/chat/ | |
| | | |
| | * Title: Chat - message Parameter XSS | |
| | * Reference: http://secunia.com/advisories/54403 | |
| | * Reference: http://osvdb.org/95984 | |
| | Name: q-and-a | |
| | Location: http://blogs.skype.com/wp-content/plugins/q-and-a/ | |
| | | |
| | * Title: Q and A 1.0.6.2 - Multiple Scripts Direct Request Path Disclosure | |
| | * Reference: http://osvdb.org/100793 | |
| | Name: syntaxhighlighter | |
| | Location: http://blogs.skype.com/wp-content/plugins/syntaxhighlighter/ | |
| | Readme: http://blogs.skype.com/wp-content/plugins/syntaxhighlighter/readme.txt | |
| | | |
| | * Title: SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS | |
| | * Reference: http://secunia.com/advisories/53235 | |
| | * Reference: http://osvdb.org/92848 | |
| | * Fixed in: 3.1.6 | |
| | Name: top-10 | |
| | Location: http://blogs.skype.com/wp-content/plugins/top-10/ | |
| | | |
| | * Title: top-10 1.9.2 - Setting Manipulation CSRF | |
| | * Reference: http://secunia.com/advisories/53205 | |
| | * Reference: http://osvdb.org/92849 | |
| | * Fixed in: 1.9.3 | |
| | Name: vitamin | |
| | Location: http://blogs.skype.com/wp-content/plugins/vitamin/ | |
| | | |
| | * Title: Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access | |
| | * Reference: http://secunia.com/advisories/50176 | |
| | * Reference: http://osvdb.org/84463 | |
| | * Fixed in: 1.1 | |
| | | |
| | * Title: Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access | |
| | * Reference: http://secunia.com/advisories/50176 | |
| | * Reference: http://osvdb.org/84464 | |
| | * Fixed in: 1.1 | |
| [+] Enumerating installed themes (only vulnerable ones) ... | |
| Time: 00:00:12 <=============================================================================> (248 / 248) 100.00% Time: 00:00:12 | |
| [+] We found 9 themes: | |
| | Name: More | |
| | Location: http://blogs.skype.com/wp-content/themes/More/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/More/style.css | |
| | Description: | |
| | | |
| | * Title: MORE+ - PrettyPhoto XSS Vulnerability | |
| | * Reference: http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0177.html | |
| | * Reference: http://secunia.com/advisories/54924 | |
| | Name: bueno | |
| | Location: http://blogs.skype.com/wp-content/themes/bueno/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/bueno/style.css | |
| | Description: | |
| | | |
| | * Title: WooThemes WooFramework Remote Unauthenticated Shortcode Execution | |
| | * Reference: https://gist.github.com/2523147 | |
| | Name: famous | |
| | Location: http://blogs.skype.com/wp-content/themes/famous/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/famous/style.css | |
| | Description: | |
| | | |
| | * Title: Famous 2.0.5 - Shell Upload | |
| | * Reference: http://packetstormsecurity.org/files/113842/ | |
| | Name: felici | |
| | Location: http://blogs.skype.com/wp-content/themes/felici/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/felici/style.css | |
| | Description: | |
| | | |
| | * Title: felici - XSS Vulnerability | |
| | * Reference: http://1337day.com/exploit/20560 | |
| | Name: highlight | |
| | Location: http://blogs.skype.com/wp-content/themes/highlight/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/highlight/style.css | |
| | Description: | |
| | | |
| | * Title: Highlight Powerful Premium - upload-handler.php File Upload CSRF | |
| | * Reference: http://packetstormsecurity.com/files/123974/ | |
| | * Reference: http://osvdb.org/99703 | |
| | * Reference: http://www.exploit-db.com/exploits/29525/ | |
| | Name: merchant | |
| | Location: http://blogs.skype.com/wp-content/themes/merchant/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/merchant/style.css | |
| | Description: | |
| | | |
| | * Title: WooThemes WooFramework Remote Unauthenticated Shortcode Execution | |
| | * Reference: https://gist.github.com/2523147 | |
| | Name: music | |
| | Location: http://blogs.skype.com/wp-content/themes/music/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/music/style.css | |
| | Description: | |
| | | |
| | * Title: Music - Multiple Script Direct Request Path Disclosure | |
| | * Reference: http://seclists.org/fulldisclosure/2013/Apr/238 | |
| | * Reference: http://osvdb.org/92837 | |
| | Name: sparky | |
| | Location: http://blogs.skype.com/wp-content/themes/sparky/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/sparky/style.css | |
| | Description: | |
| | | |
| | * Title: Sparky - Unspecified XSS | |
| | * Reference: http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html | |
| | * Reference: http://osvdb.org/85911 | |
| | Name: unsigned | |
| | Location: http://blogs.skype.com/wp-content/themes/unsigned/ | |
| | Style URL: http://blogs.skype.com/wp-content/themes/unsigned/style.css | |
| | Description: | |
| | | |
| | * Title: WooThemes WooFramework Remote Unauthenticated Shortcode Execution | |
| | * Reference: https://gist.github.com/2523147 | |
| +----+---------+--------------+----------+ | |
| | Id | Login | Name | Password | | |
| +----+---------+--------------+----------+ | |
| | 1 | admin | Super Admin | | | |
| | 2 | donncha | Donncha | | | |
| | 5 | matt | Matt | | | |
| | 7 | 7 | Anthony | | | |
| | 9 | ian | Ian McKellar | | | |
| +----+---------+--------------+----------+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment