Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on September 01, 2015, 10:05:25 AM

Title: PHISH-website, outdated CMS, site probably compromised *.
Post by: polonus on September 01, 2015, 10:05:25 AM
See: https://www.virustotal.com/nl/url/a74319a03458df92108565ce4c41bbec9f5b74b5a72da98d6920d963da492f8c/analysis/1441093394/
and blaclisted external link/domain: -http://www.bialystokbiega.pl/
Web application details:
Application: WordPress 4.2.3 - -http://www.wordpress.org

Web application version:
WordPress version: WordPress 4.2.3
Wordpress Version 4.1 based on: -http://bialystokbiega.pl/wp-includes/js/autosave.js
All in One SEO Pack version:
WordPress directory: -http://bialystokbiega.pl/wp-content
WordPress theme: -http://bialystokbiega.pl/wp-content/themes/bialystokpolmaraton/
Wordpress internal path: /home/fundacjabb/ftp/bialystokbiega.pl/wp-content/themes/bialystokpolmaraton/index.php
WordPress Version
Version does not appear to be latest 4.3 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

ml-slider 3.3.3   latest release ( Update required
jquery-colorbox 4.6   latest release (4.6)
all-in-one-seo-pack   latest release (
the-countdown 1.1.6   latest release (1.1.6)

WordPress Theme
The theme has been found by examining the path /wp-content/themes/ *theme name* /
Warning User Enumeration is possible
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

 Bia 1.0http://r1media.pl -> http://toolbar.netcraft.com/site_report?url=http://r1media.pl

Re: -http://XXXXXXX/www.bialystokbiega.pl -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bialystokbiega.pl

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbialystokbiega.pl%2Fwp-content%2Fthemes%2Fbialystokpolmaraton%2Fjs%2Fhtml5.js
going to  -http://detraplift.blogspot.nl/js/cookiechoices.js
APO URL shortener malcode! *

polonus (volunteer website security analyst and website error-hunter)