« previous next »
Pages: [1]   Go Down

Author Topic: PHISH-website, outdated CMS, site probably compromised *.  (Read 1044 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
PHISH-website, outdated CMS, site probably compromised *.
« on: September 01, 2015, 10:05:25 AM »
See: https://www.virustotal.com/nl/url/a74319a03458df92108565ce4c41bbec9f5b74b5a72da98d6920d963da492f8c/analysis/1441093394/
and blaclisted external link/domain: -http://www.bialystokbiega.pl/
Web application details:
Application: WordPress 4.2.3 - -http://www.wordpress.org

Web application version:
WordPress version: WordPress 4.2.3
Wordpress Version 4.1 based on: -http://bialystokbiega.pl/wp-includes/js/autosave.js
All in One SEO Pack version: 2.2.7.1
WordPress directory: -http://bialystokbiega.pl/wp-content
WordPress theme: -http://bialystokbiega.pl/wp-content/themes/bialystokpolmaraton/
Wordpress internal path: /home/fundacjabb/ftp/bialystokbiega.pl/wp-content/themes/bialystokpolmaraton/index.php
WordPress Version
4.2.3
Version does not appear to be latest 4.3 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

ml-slider 3.3.3   latest release (3.3.4.1) Update required
https://www.metaslider.com
jquery-colorbox 4.6   latest release (4.6)
http://www.techotronic.de/plugins/jquery-colorbox/
all-in-one-seo-pack   latest release (2.2.7.1)
http://semperfiwebdesign.com
the-countdown 1.1.6   latest release (1.1.6)
http://zourbuth.com/

WordPress Theme
The theme has been found by examining the path /wp-content/themes/ *theme name* /
Warning User Enumeration is possible
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

-https://www.youtube.com/embed/yvyv1cbFQv4
 Bia 1.0http://r1media.pl -> http://toolbar.netcraft.com/site_report?url=http://r1media.pl

Re: -http://XXXXXXX/www.bialystokbiega.pl -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bialystokbiega.pl

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbialystokbiega.pl%2Fwp-content%2Fthemes%2Fbialystokpolmaraton%2Fjs%2Fhtml5.js
going to  -http://detraplift.blogspot.nl/js/cookiechoices.js
APO URL shortener malcode! *

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: September 06, 2015, 12:58:50 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »