« previous next »
Pages: [1]   Go Down

Author Topic: Outdated CMS - nameserver issues and malicious download on website!  (Read 1386 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34067
  • malware fighter
Outdated CMS - nameserver issues and malicious download on website!
« on: June 21, 2015, 03:43:50 PM »
See: https://urlquery.net/report.php?id=1434893115120
and https://www.virustotal.com/en-gb/url/951a23ae7368d5d2f148249d9e384884415c6a4b4966f4ce644e403fb0daa147/analysis/#additional-info
Malicious files and potentially supicious file: http://quttera.com/detailed_report/www.doscar.com
References to blacklisted domain.
wp-content/plugins/jquery-updater/js/jquery-2.1.4.min.js?ver=2.1.4
Severity:   Potentially Suspicious
Reason:   Detected potentially suspicious content.
Details:   Detected potentially suspicious initialization of function pointer to JavaScript method eval <code> = eval; <code/>
Threat dump:   see pop-up on http://quttera.com/detailed_report/www.doscar.com
Threat dump MD5:   6C7172CF508F5403908529F166B9FC6B
File size[byte]:   84345
File type:   ASCII
Page/File MD5:   F9C7AFD05729F10F55B689F36BB20172
Scan duration[sec]:   2.747000
POC for vulnerable code - sanitised (version specific) allowing the attacker to insert Javascript code. ... discovered in the WordPress plugin BackWPup 2.1.4
Outdated WordPress Found   Security Updates   WordPress Under 4.2

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34067
  • malware fighter
Re: Outdated CMS - nameserver issues and malicious download on website!
« Reply #1 on: June 21, 2015, 03:59:01 PM »
In the WP analysis the following was foundto be insecure: version 4.01 - Version does not appear to be latest 4.2.2 - update now.
Plug-ins that need to be updated:    woocommerce 2.3.8   latest release (2.3.11) Update required
htxp://www.woothemes.com/woocommerce/
siteorigin-panels 2.1.1   latest release (2.1.2) Update required
htxp://siteorigin.com/page-builder/
wordpress-seo 2.1.1   latest release (2.2.1) Update required
htxps://yoast.com/wordpress/plugins/seo/

Theme: Novita 2.4http://newwpthemes.com/novita-free-wordpress-theme/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

User ID 1 : admin
User ID 2 : gerente  Threat - Brute Forece Attacks

For scripts and source code -> http://fetch.scritch.org/%2Bfetch/?url=www.doscar.com&useragent=Fetch+useragent&accept_encoding=
& http://vnseo.com/www.doscar.com

Website listed at Spam Cannibal.

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »