Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on August 29, 2015, 10:13:55 PM

Title: Word Press issues on PHISH website.
Post by: polonus on August 29, 2015, 10:13:55 PM

See: http://urlquery.net/report.php?id=1440877595314

Wordpress Version 4.1 based on: -http://medidasdefe.com/wp-includes/js/autosave.js
WordPress theme: -http://medidasdefe.com/wp-content/themes/mh-magazine-lite/
Wordpress internal path: -/home/medidas/public_html/wp-content/themes/mh-magazine-lite/index.php
Current: The following plugins were detected by reading the HTML source of the WordPress sites front page.

custom-share-buttons-with-floating-sidebar   latest release (2.0)
http://www.mrwebsolution.in/
wordpress-popular-posts   latest release (3.3.1)
http://wordpress.org/extend/plugins/wordpress-popular-posts

http://quttera.com/detailed_report/medidasdefe.com#collapseEight
List of blacklisted external links: 58
List of referenced blacklisted domains/hosts: 1
-medidasdefe.com
contact-form-email   latest release (1.2)
easy-social-icons   latest release (1.2.4.1)
http://www.cybernetikz.com

WordPress Theme

The theme has been found by examining the path /wp-content/themes/ *theme name* /

Warning User Enumeration is possible and Directory Indexing Enabled for content/uploads.

 MH Magazine lite 1.8.8http://www.mhthemes.com/themes/mh/magazine-lite/

Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fmedidasdefe.com

See: https://www.virustotal.com/nl/url/7690bc3ce986f6e7cacc02b4aa2038c12fdc0d60b242009d2828dbdc7b6865c6/analysis/

Avast Online Security does not flag. Civic Event Calender PHISH!


polonus

Title: Re: Word Press issues on PHISH website.
Post by: polonus on August 29, 2015, 10:45:46 PM

Analyzing further on the Modernizr code there, consider non-deterministic UglifyJS compression race conditions
: https://gist.github.com/tkazec/5863030

pol