« previous next »
Pages: [1]   Go Down

Author Topic: Malicious and phishing website alerted!  (Read 1140 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Malicious and phishing website alerted!
« on: December 01, 2015, 06:47:49 PM »
Flagged for phishing: http://urlquery.net/report.php?id=1448990887449
Flagged twice: https://www.virustotal.com/nl/url/d7afe89a877985e818a52b18024853cc0d6628b3f0e2a6efe5b013dd335f2005/analysis/1448991716/

ISSUE DETECTED   DEFINITION   VULNERABLE HEADER
Outdated WordPress Found   Security Updates   WordPress Under 4.2
WordPress Version
4.0.8
Version does not appear to be latest 4.3.1 - update now.

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-job-manager-resumes 1.8.1   
revslider   
sitepress-multilingual-cms   
wp-live-chat-support   latest release (5.0.11)
http://www.wp-livechat.com
wp-job-manager-embeddable-job-widget 1.0.2   
js_composer   
wp-job-manager 1.22.3   latest release (1.23.13) Update required
https://wpjobmanager.com/
wp-job-manager-applications 1.5.2   
wordpress-popup   latest release (4.7.1.1)
http://premium.wpmudev.org/project/the-pop-over-plugin/
newsletter   latest release (4.0.6)
http://www.thenewsletterplugin.com/plugins/newsletter
contact-form-7 4.1.2   latest release (4.3.1) Update required
http://contactform7.com/

Warning User Enumeration is possible

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
The first two user ID's were tested to determine if user enumeration is possible.


-http://bacltd.ro
Detected libraries:
jquery-migrate - 1.2.1 : -http://bacltd.ro/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.1 : -http://bacltd.ro/wp-includes/js/jquery/jquery.js?ver=1.11.1
jquery.prettyPhoto - 3.1.4 : http://bacltd.ro/wp-content/themes/richer/framework/js/plugins.js?ver=1.0
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
2 vulnerable libraries detected

polonus

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »