API tools faq
paste
Advertisement
b3gund4L

Unpas File Upload Arbitrary Code Execution

b3gund4L
Apr 25th, 2017
38,259
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 6.29 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [+] URL: https://blogs.unpas.ac.id/
  3. [+] Started: Tue Apr 25 17:31:44 2017
  4.  
  5. [+] robots.txt available under: 'https://blogs.unpas.ac.id/robots.txt'
  6. [+] Interesting entry from robots.txt: https://blogs.unpas.ac.id/wp-admin/admin-ajax.php
  7. [!] The WordPress 'https://blogs.unpas.ac.id/readme.html' file exists exposing a version number
  8. [+] Interesting header: LINK: <https://blogs.unpas.ac.id/wp-json/>; rel="https://api.w.org/", <https://blogs.unpas.ac.id/>; rel=shortlink
  9. [+] Interesting header: SERVER: Apache/2.4.6
  10. [+] Interesting header: SET-COOKIE: wfvt_3759539884=58ff25a9346e1; expires=Tue, 25-Apr-2017 11:02:09 GMT; Max-Age=1800; path=/; httponly
  11. [+] Interesting header: X-POWERED-BY: PHP/5.6.30
  12. [+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)
  13. [+] XML-RPC Interface available under: https://blogs.unpas.ac.id/xmlrpc.php
  14.  
  15. [+] WordPress version 4.7.4 (Released on 2017-04-20) identified from meta generator, links opml
  16.  
  17. [+] Enumerating installed plugins (only ones with known vulnerabilities) ...
  18.  
  19.    Time: 00:08:09 <========================================================================> (1493 / 1493) 100.00% Time: 00:08:09
  20.  
  21. [+] We found 5 plugins:
  22.  
  23. [+] Name: akismet
  24.  |  Latest version: 3.3
  25.  |  Last updated: 2017-02-23T17:23:00.000Z
  26.  |  Location: https://blogs.unpas.ac.id/wp-content/plugins/akismet/
  27.  
  28. [!] We could not determine a version so all vulnerabilities are printed out
  29.  
  30. [!] Title: Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)
  31.     Reference: https://wpvulndb.com/vulnerabilities/8215
  32.     Reference: http://blog.akismet.com/2015/10/13/akismet-3-1-5-wordpress/
  33.     Reference: https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html
  34. [i] Fixed in: 3.1.5
  35.  
  36. [+] Name: backupbuddy
  37.  |  Location: https://blogs.unpas.ac.id/wp-content/plugins/backupbuddy/
  38.  |  Readme: https://blogs.unpas.ac.id/wp-content/plugins/backupbuddy/readme.txt
  39.  
  40. [!] We could not determine a version so all vulnerabilities are printed out
  41.  
  42. [!] Title: Backupbuddy - importbuddy.php Direct Request Remote Backup File Disclosure
  43.     Reference: https://wpvulndb.com/vulnerabilities/6782
  44.     Reference: http://packetstormsecurity.com/files/120923/
  45.     Reference: http://seclists.org/fulldisclosure/2013/Mar/206
  46.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2741
  47. [i] Fixed in: 3.0
  48.  
  49. [!] Title: Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass
  50.     Reference: https://wpvulndb.com/vulnerabilities/6783
  51.     Reference: http://packetstormsecurity.com/files/120923/
  52.     Reference: http://seclists.org/fulldisclosure/2013/Mar/206
  53.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2743
  54. [i] Fixed in: 3.0
  55.  
  56. [!] Title: Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure
  57.     Reference: https://wpvulndb.com/vulnerabilities/6784
  58.     Reference: http://packetstormsecurity.com/files/120923/
  59.     Reference: http://seclists.org/fulldisclosure/2013/Mar/206
  60.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2744
  61. [i] Fixed in: 3.0
  62.  
  63. [!] Title: Backupbuddy - importbuddy.php Restore Operation Persistence Weakness
  64.     Reference: https://wpvulndb.com/vulnerabilities/6785
  65.     Reference: http://packetstormsecurity.com/files/120923/
  66.     Reference: http://seclists.org/fulldisclosure/2013/Mar/206
  67.     Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2742
  68. [i] Fixed in: 3.0
  69.  
  70. [+] Name: groups
  71.  |  Latest version: 2.1.1
  72.  |  Last updated: 2017-04-05T19:36:00.000Z
  73.  |  Location: https://blogs.unpas.ac.id/wp-content/plugins/groups/
  74.  
  75. [!] We could not determine a version so all vulnerabilities are printed out
  76.  
  77. [!] Title: Groups 1.4.5 - Negated Role Capability H&ling Elevated Privilege Issue
  78.     Reference: https://wpvulndb.com/vulnerabilities/7177
  79.     Reference: http://osvdb.org/show/osvdb/104940
  80. [i] Fixed in: 1.4.6
  81.  
  82. [+] Name: portfolio
  83.  |  Latest version: 2.40
  84.  |  Last updated: 2017-04-14T11:20:00.000Z
  85.  |  Location: https://blogs.unpas.ac.id/wp-content/plugins/portfolio/
  86.  
  87. [!] We could not determine a version so all vulnerabilities are printed out
  88.  
  89. [!] Title: Multiple BestWebSoft Plugins - Authenticated Reflected GET Cross-Site Scripting (XSS)
  90.     Reference: https://wpvulndb.com/vulnerabilities/8796
  91.     Reference: http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
  92.     Reference: http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2017-April/010860.html
  93. [i] Fixed in: 2.40
  94.  
  95. [+] Name: searchterms-tagging-2 - v1.535
  96.  |  Location: https://blogs.unpas.ac.id/wp-content/plugins/searchterms-tagging-2/
  97.  |  Readme: https://blogs.unpas.ac.id/wp-content/plugins/searchterms-tagging-2/readme.txt
  98.  
  99. [!] Title: SEO SearchTerms Tagging <= 2 1.535 - Authenticated SQL Injection
  100.     Reference: https://wpvulndb.com/vulnerabilities/8248
  101.     Reference: http://cinu.pl/research/wp-plugins/mail_d14e213879cd60e80e538bde21c0359b.html
  102.     Reference: http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html
  103.  
  104. [+] Enumerating installed themes (only ones with known vulnerabilities) ...
  105.  
  106.    Time: 00:01:35 <==========================================================================> (279 / 279) 100.00% Time: 00:01:35
  107.  
  108. [+] We found 1 themes:
  109.  
  110. [+] Name: slide
  111.  |  Location: https://blogs.unpas.ac.id/wp-content/themes/slide/
  112.  |  Style URL: https://blogs.unpas.ac.id/wp-content/themes/slide/style.css
  113.  
  114. [!] We could not determine a version so all vulnerabilities are printed out
  115.  
  116. [!] Title: Slide - themify-ajax.php File Upload Arbitrary Code Execution
  117.     Reference: https://wpvulndb.com/vulnerabilities/7493
  118.     Reference: http://packetstormsecurity.com/files/124097/
  119.     Reference: https://web.archive.org/web/http://1337day.com/exploit/22090
  120.  
  121. [+] Enumerating timthumb files ...
  122.  
  123.    Time: 00:15:35 <========================================================================> (2533 / 2533) 100.00% Time: 00:15:35
  124.  
  125. [+] We found 1 timthumb file/s:
  126.  
  127. [+] https://blogs.unpas.ac.id/wp-content/themes/themorningafter/functions/thumb.php v2.8.11
  128.  
  129. [+] Enumerating usernames ...
  130. [+] We did not enumerate any usernames
  131.  
  132. [+] Finished: Tue Apr 25 17:58:23 2017
  133. [+] Requests Done: 4443
  134. [+] Memory used: 162.422 MB
  135. [+] Elapsed time: 00:26:38
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!