See: -https://www.smartblockcloud.com/
Qualified as a High Risk Site.
Misconfiguration: User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.
Username Name
ID: 1 smartblockcloud smartblockcloud
ID: 2 not found
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
irectory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
Path Tested Status
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
WordPress Version
4.9.3
Version does not appear to be latest - Update Now
Wordpress - 4.9.3
7.5
WPVDB-ID:9171
WordPress <= 5.0 - PHP Object Injection via Meta Data
7.5
WPVDB-ID:9912
WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
7.5
WPVDB-ID:10004
WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
7.5
WPVDB-ID:9230
WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
6.8
WPVDB-ID:9913
WordPress <= 5.2.3 - Admin Referrer Validation
6.8
WPVDB-ID:9222
WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
6.5
WPVDB-ID:9100
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
6.5
WPVDB-ID:9054
WordPress 3.7-4.9.4 - Use Safe Redirect for Login
5.8
WPVDB-ID:9053
WordPress 3.7-4.9.4 - Remove localhost Default
5.8
WPVDB-ID:9169
WordPress <= 5.0 - Authenticated File Delete
5.5
WPVDB-ID:10201
WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated
5.5
WPVDB-ID:9973
WordPress <= 5.3 - Authenticated Improper Access Controls in REST API
5
WPVDB-ID:9909
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
5
WPVDB-ID:9911
WordPress <= 5.2.3 - JSON Request Cache Poisoning
5
WPVDB-ID:9174
WordPress <= 5.0 - User Activation Screen Search Engine Indexing
5
WPVDB-ID:9021
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
5
WPVDB-ID:9867
WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
4.3
WPVDB-ID:10205
WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache
4.3
WPVDB-ID:10202
WordPress < 5.4.1 - Unauthenticated Users View Private Posts
4.3
WPVDB-ID:9910
WordPress <= 5.2.3 - Stored XSS in Style Tags
4.3
WPVDB-ID:9055
WordPress 3.7-4.9.4 - Escape Version in Generator Tag
4.3
WPVDB-ID:9173
WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
4.3
WPVDB-ID:9170
WordPress <= 5.0 - Authenticated Post Type Bypass
4
WPVDB-ID:9172
WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
3.5
WPVDB-ID:10203
WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer
3.5
WPVDB-ID:9908
WordPress <= 5.2.3 - Stored XSS in Customizer
3.5
WPVDB-ID:9175
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
3.5
WPVDB-ID:10206
WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads
3.5
WPVDB-ID:9976
WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content
3.5
WPVDB-ID:10207
WordPress < 5.4.1 - Stored Cross-Site Scripting (XSS) in Customizer
0
WPVDB-ID:9975
WordPress <= 5.3 - Authenticated Stored XSS via Crafte
SERVER DETAILS
Web Server:
Apache
IP Address:
95.170.72.184 -> https://www.shodan.io/host/95.170.72.184
Hosting Provider:
TRANSIP-AS Amsterdam, the Netherlands, NL TransIP DNS
Shared Hosting:
247 sites found Various domains on one and the same IP address creates an additional risk.
Title:
Smart Block Cloud #8211; Stuk gaan aan DDOS is voor pleps zonder smart block chain technology
3 issues
Issues found during a high level analysis of the target site. It is recommended that further active scanning be undertaken for a more accurate assessment.
Retirable jQuery libfraries detected:
Retire.js
jquery 1.12.4 Found in -https://www.smartblockcloud.com/wp-includes/js/jquery/jquery.js?ver=1.12.4<br>Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Medium Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Netcraft risk grade 1 red out of 10:
https://sitereport.netcraft.com/?url=https://www.smartblockcloud.comAdvanced gtracker score = -2 here:
https://webcookies.org/cookies/www.smartblockcloud.com/30724231?671312The page loads 9 third-party JavaScript files and 14 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised
Suspicious pattern detected in: -https://www.smartblockcloud.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
DOM-XSS number of sources found: 41
DOM-XSS number of sinks found: 17
related to -Results from scanning URL: -https://www.google.com/recaptcha/api.js?hl=en
Number of sources found: 0
Number of sinks found: 1
&
Results from scanning URL: -https://s1.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyClNz8wr1i+uzCtJrMjITM/IAeKS1CJMEWP94uSizIISoOIM5/yiVL2sYh19yo1yKiotzgjISczMAxpon2traGpuYGRgYmlhmgUAFLxAeg==
Number of sources found: 40
&
Results from scanning URL: //stats.wp dot com/w.js?61
Number of sources found: 13
Number of sinks found: 3
For instance this link: -http://smartblockcloud.com/2018/01/31/stuxnet/ server created an error
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
