« previous next »
Pages: [1]   Go Down

Author Topic: Sucuri misses the WP vulnerabilities here?  (Read 1031 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
Sucuri misses the WP vulnerabilities here?
« on: July 06, 2015, 06:03:24 PM »
See: https://sitecheck.sucuri.net/results/rainwaterzone.com
Quttera's also: http://quttera.com/detailed_report/rainwaterzone.com
IP malware history: https://www.virustotal.com/nl/ip-address/204.152.255.2/information/
http://www.liveipmap.com/204.152.255.2
WP theme:  Blue Mix 4.01htxp://heatmaptheme.com
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

User ID 1 : admin
User ID 2 : None

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled

Detected: http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en   http   www.google.com   /coop/cse/brand   n/a   form=cse-search-box&lang=en         2015-07-06 17:56:40            
http://pagead2.googlesyndication.com/pagead/show_ads.js   http   pagead2.googlesyndication.com   /pagead/show_ads.js   n/a            2015-07-06 17:56:40            

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »