• VLMI - форум по обмену информацией. На форуме можете найти способы заработка, разнообразную информацию по интернет-безопасности, обмен знаниями, курсы/сливы.

    После регистрации будут доступны основные разделы.

    Контент форума создают пользователи, администрация за действия пользователей не несёт ответственности, отказ от ответственности. Так же перед использованием форума необходимо ознакомиться с правилами ресурса. Продолжая использовать ресурс вы соглашаетесь с правилами.
  • Подпишись на наш канал в Telegram для информации о актуальных зеркалах форума: https://t.me/vlmiclub

Эксплоиты к сайту www.alrosa.ru

bogdanohacker

bogdanohacker

bogdanohacker

Новичок
Сообщения
29
Реакции
6
0 руб.
Please note, if you want to make a deal with this user, that it is blocked.
Взлом ok.ru с помощью php инъекции | Nj Passwords v 0.2

bogdanohacker

bogdanohacker

bogdanohacker

Новичок
Сообщения
29
Реакции
6
0 руб.
Please note, if you want to make a deal with this user, that it is blocked.
Raskolnikov написал(а):
под хайд бы закинул небольшой) А так +
Нажмите для раскрытия...
Знаешь, когда я был новичком в теме хакинга, практически все было под хайдом)Было сложно брать хорошую, достоверную информацию,вот я поставил себе цель НИКОГДА не ставить под хайд.
 

BPOH

BPOH

BPOH

Участник
Сообщения
28
Реакции
19
0 руб.
It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]y
Updating the Database ...
Update completed.
[+] URL: http://www.alrosa.ru/
[+] Started: Thu Nov 23 09:36:52 2017

[+] robots.txt available under: 'http://www.alrosa.ru/robots.txt'
[!] The WordPress 'http://www.alrosa.ru/readme.html' file exists exposing a version number
[+] Interesting header: SERVER: Apache/2.2.15 (CentOS)
[+] Interesting header: SET-COOKIE: _icl_current_language=ru; expires=Fri, 24-Nov-2017 06:36:57 GMT; path=/; domain=.alrosa.ru
[+] Interesting header: X-POWERED-BY: PHP/5.3.3
[+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)
[+] XML-RPC Interface available under: http://www.alrosa.ru/xmlrpc.php

[+] WordPress version 3.6 (Released on 2013-08-01) identified from advanced fingerprinting, rss generator, rdf generator, atom generator, readme, links opml
[!] 44 vulnerabilities identified from the version number

[!] Title: WordPress 3.6 PHP Object Injection
Reference: https://wpvulndb.com/vulnerabilities/5968
Reference: http://vagosec.org/2013/09/wordpress-php-object-injection/
Reference: http://www.openwall.com/lists/oss-security/2013/09/12/1
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340
Reference: http://core.trac.wordpress.org/changeset/25325
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338
Reference: https://secunia.com/advisories/54803/
Fixed in: 3.6.1

[!] Title: WordPress 3.6 SWF/EXE File Upload XSS Weakness
Reference: https://wpvulndb.com/vulnerabilities/5969
Reference: http://core.trac.wordpress.org/changeset/25322
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739
Fixed in: 3.6.1

[!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
Reference: https://wpvulndb.com/vulnerabilities/5970
Reference: http://packetstormsecurity.com/files/123589/
Reference: http://core.trac.wordpress.org/changeset/25323
Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
Reference: https://secunia.com/advisories/54803/
Reference: https://www.exploit-db.com/exploits/28958/
Fixed in: 3.6.1

[!] Title: WordPress 3.6 Post Authorship Spoofing
Reference: https://wpvulndb.com/vulnerabilities/5971
Reference: http://core.trac.wordpress.org/changeset/25321
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340
Reference: https://secunia.com/advisories/54803/
Fixed in: 3.6.1

[!] Title: WordPress 3.6 HTML File Upload XSS Weakness
Reference: https://wpvulndb.com/vulnerabilities/5972
Reference: http://core.trac.wordpress.org/changeset/25322
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738
Fixed in: 3.6.1

[!] Title: WordPress 3.6 Multiple Function Path Disclosure
Reference: https://wpvulndb.com/vulnerabilities/5973
Reference: http://seclists.org/fulldisclosure/2013/Nov/220

[!] Title: WordPress 3.6 Multiple Script Arbitrary Site Redirect
Reference: https://wpvulndb.com/vulnerabilities/5974
Reference: http://seclists.org/fulldisclosure/2013/Dec/174
Fixed in: 3.6.1

[!] Title: WordPress 3.6 _wp_http_referer Parameter Reflected XSS
Reference: https://wpvulndb.com/vulnerabilities/5975
Reference: http://seclists.org/fulldisclosure/2013/Dec/174
Fixed in: 3.6.1

[!] Title: WordPress 3.5 - 3.7.1 XML-RPC DoS
Reference: https://wpvulndb.com/vulnerabilities/7526
Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/
Reference: http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/
Reference: http://www.breaksec.com/?p=6362
Fixed in: 3.9.2

[!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
Reference: https://wpvulndb.com/vulnerabilities/7528
Reference: https://core.trac.wordpress.org/changeset/29384
Reference: https://core.trac.wordpress.org/changeset/29408
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
Fixed in: 3.9.2

[!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
Reference: https://wpvulndb.com/vulnerabilities/7529
Reference: https://core.trac.wordpress.org/changeset/29398
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
Fixed in: 3.9.2

[!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
Reference: https://wpvulndb.com/vulnerabilities/7530
Reference: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
Reference: http://getid3.sourceforge.net/
Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/
Reference: http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html
Reference: https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
Fixed in: 3.9.2

[!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
Reference: https://wpvulndb.com/vulnerabilities/7531
Reference: http://whiteoaksecurity.com/blog/20...ions-not-terminated-upon-explicit-user-logout
Reference: http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
Fixed in: 4.0

[!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/7680
Reference: http://klikki.fi/adv/wordpress.html
Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
Reference: http://klikki.fi/adv/wordpress_update.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
Fixed in: 4.0

[!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
Reference: https://wpvulndb.com/vulnerabilities/7681
Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
Reference: https://www.exploit-db.com/exploits/35413/
Reference: https://www.exploit-db.com/exploits/35414/
Fixed in: 4.0.1

[!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
Reference: https://wpvulndb.com/vulnerabilities/7696
Reference: http://www.securityfocus.com/bid/71234/
Reference: https://core.trac.wordpress.org/changeset/30444
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
Fixed in: 4.0.1

[!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/8111
Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
Reference: https://twitter.com/klikkioy/status/624264122570526720
Reference: https://klikki.fi/adv/wordpress3.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
Fixed in: 4.2.3

[!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
Reference: https://wpvulndb.com/vulnerabilities/8473
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
Fixed in: 4.5

[!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
Reference: https://wpvulndb.com/vulnerabilities/8474
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
Fixed in: 4.5

[!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
Reference: https://wpvulndb.com/vulnerabilities/8475
Reference: https://codex.wordpress.org/Version_4.5
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
Fixed in: 4.5

[!] Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
Reference: https://wpvulndb.com/vulnerabilities/8519
Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
Reference: https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
Reference: https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
Fixed in: 4.5.3

[!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
Reference: https://wpvulndb.com/vulnerabilities/8520
Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
Fixed in: 4.5.3

[!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
Reference: https://wpvulndb.com/vulnerabilities/8615
Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
Reference: https://sumofpwn.nl/advisory/2016/p...s_due_to_unsafe_processing_of_file_names.html
Reference: http://seclists.org/fulldisclosure/2016/Sep/6
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
Fixed in: 4.6.1

[!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
Reference: https://wpvulndb.com/vulnerabilities/8616
Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
Fixed in: 4.6.1

[!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
Reference: https://wpvulndb.com/vulnerabilities/8716
Reference: https://github.com/WordPress/WordPr...bf72d513ca9de66566c2/wp-admin/update-core.php
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
Fixed in: 4.7.1

[!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
Reference: https://wpvulndb.com/vulnerabilities/8718
Reference: https://www.mehmetince.net/low-severity-wordpress/
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
Fixed in: 4.7.1

[!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
Reference: https://wpvulndb.com/vulnerabilities/8719
Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
Fixed in: 4.7.1

[!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
Reference: https://wpvulndb.com/vulnerabilities/8720
Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
Fixed in: 4.7.1

[!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Reference: https://wpvulndb.com/vulnerabilities/8721
Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
Fixed in: 4.7.1

[!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
Reference: https://wpvulndb.com/vulnerabilities/8730
Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
Fixed in: 4.7.2

[!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
Reference: https://wpvulndb.com/vulnerabilities/8765
Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
Reference: https://sumofpwn.nl/advisory/2016/w...lity_is_affected_by_cross_site_scripting.html
Reference: http://seclists.org/oss-sec/2017/q1/563
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
Fixed in: 4.7.3

[!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
Reference: https://wpvulndb.com/vulnerabilities/8766
Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
Fixed in: 4.7.3

[!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
Reference: https://wpvulndb.com/vulnerabilities/8807
Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
Reference: https://core.trac.wordpress.org/ticket/25239
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295

[!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
Reference: https://wpvulndb.com/vulnerabilities/8815
Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
Fixed in: 4.7.5

[!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
Reference: https://wpvulndb.com/vulnerabilities/8816
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
Fixed in: 4.7.5

[!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
Reference: https://wpvulndb.com/vulnerabilities/8817
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
Fixed in: 4.7.5

[!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
Reference: https://wpvulndb.com/vulnerabilities/8818
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
Reference: https://sumofpwn.nl/advisory/2016/c...gery_in_wordpress_connection_information.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
Fixed in: 4.7.5

[!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
Reference: https://wpvulndb.com/vulnerabilities/8819
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
Reference: https://hackerone.com/reports/203515
Reference: https://hackerone.com/reports/203515
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
Fixed in: 4.7.5

[!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
Reference: https://wpvulndb.com/vulnerabilities/8820
Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
Fixed in: 4.7.5

[!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
Reference: https://wpvulndb.com/vulnerabilities/8905
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
Fixed in: 4.8.2

[!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
Reference: https://wpvulndb.com/vulnerabilities/8906
Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
Reference: https://wpvulndb.com/vulnerabilities/8905
Fixed in: 4.7.5

[!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
Reference: https://wpvulndb.com/vulnerabilities/8910
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/41398
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
Fixed in: 4.8.2

[!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
Reference: https://wpvulndb.com/vulnerabilities/8911
Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Reference: https://core.trac.wordpress.org/changeset/41457
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
Fixed in: 4.8.2

[!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
Reference: https://wpvulndb.com/vulnerabilities/8941
Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
Reference: https://twitter.com/ircmaxell/status/923662170092638208
Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
Fixed in: 4.8.3

[+] WordPress theme in use: alorsa

[+] Name: alorsa
| Location: http://www.alrosa.ru/wp-content/themes/alorsa/
| Style URL: http://www.alrosa.ru/wp-content/themes/alorsa/style.css
| Theme Name: Alrosa

[+] Enumerating plugins from passive detection ...
| 1 plugin found:

[+] Name: sitepress-multilingual-cms
| Latest version: 2.0.4.1
| Last updated: 2011-06-05T13:40:00.000Z
| Location: http://www.alrosa.ru/wp-content/plugins/sitepress-multilingual-cms/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: sitepress-multilingual-cms - Full Path Disclosure
Reference: https://wpvulndb.com/vulnerabilities/6104
Fixed in: 3.1.7.2

[!] Title: WPML <= 3.1.7.2 - Multiple Vulnerabilities (Including SQLi)
Reference: https://wpvulndb.com/vulnerabilities/7843
Reference: http://seclists.org/bugtraq/2015/Mar/60
Reference: http://wpml.org/2015/03/wpml-security-update-bug-and-fix/
Reference: http://packetstormsecurity.com/files/130810/
Reference: http://klikki.fi/adv/wpml.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2314
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2791
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2792
Reference: https://www.exploit-db.com/exploits/36414/
Fixed in: 3.1.9

[!] Title: WPML 2.9.3-3.2.6 - Cross-Site Scripting (XSS) in Accept-Language Header
Reference: https://wpvulndb.com/vulnerabilities/8173
Reference: http://blog.secupress.fr/en/xss-wpml-header-405.html
Fixed in: 3.2.7


 
Последнее редактирование:
Войдите или зарегистрируйтесь для ответа.
Сверху Снизу