Exemplu raport

[Ovidiu Bokar]

Multumesc lui @Smokey pentru link, sper ca CPUul nu tia luato razna!

Scanarea sa rezumat la un nivel minim.

Legenda:
Rosu - vulnerabilitate absoluta, neaparat trebuie update si/sau configurare server
Albastru - plugin/module/addon trebuie update.

Rezultatul scanului este astfel:

PLUGINS & USERS
URL: http://lospa.ro/
Started: Mon Feb 23 22:14:07 2015
robots.txt available under: 'http://lospa.ro/robots.txt'
The WordPress 'http://lospa.ro/readme.html' file exists
Interesting header: LINK: <http://wp.me/5qUT2>; rel=shortlink
Interesting header: SERVER: Apache
Interesting header: X-POWERED-BY: PHP/5.4.34
XML-RPC Interface available under: http://lospa.ro/xmlrpc.php
WordPress version 4.1.1 identified from meta generator
WordPress theme in use: magazine-style - v1.5.8
Name: magazine-style - v1.5.8
Location: http://lospa.ro/wp-content/themes/magazine-style/
Readme: http://lospa.ro/wp-content/themes/magazine-style/readme.txt
Style URL: http://lospa.ro/wp-content/themes/magazine-style/style.css
Theme Name: Magazine Style
Theme URI: http://www.insertcart.com/magazine-style
Description: Magazine Style Theme is best WordPress theme design for personal and business With full features ...
Author: *** (intentionat scos)
Author URI: http://www.insertcart.com

Name: contact-form-7 - v4.1
Location: http://lospa.ro/wp-content/plugins/contact-form-7/
Directory listing is enabled: http://lospa.ro/wp-content/plugins/contact-form-7/

Title: Contact Form 7 3.5.3
Crafted File Extension Upload Remote Code Execution
Reference: http://packetstormsecurity.com/files/125018/
Reference: http://seclists.org/fulldisclosure/2014/Feb/0
Reference: http://osvdb.org/102776

Name: greenlemon-facebook-likebox
Location: http://lospa.ro/wp-content/plugins/greenlemon-facebook-likebox/

Name: jetpack - v3.3.2
Location: http://lospa.ro/wp-content/plugins/jetpack/
Directory listing is enabled: http://lospa.ro/wp-content/plugins/jetpack/

Name: newsletter
Location: http://lospa.ro/wp-content/plugins/newsletter/
Directory listing is enabled: http://lospa.ro/wp-content/plugins/newsletter/

Title: Newsletter
SQL Injection Vulnerability
Reference: http://1337day.com/exploit/20287
Fixed in: 3.0.9

Title: Newsletter 3.2.6 - "alert"
Cross-Site Scripting Vulnerability
Reference: http://packetstormsecurity.com/files/121634/
Reference: http://www.securityfocus.com/bid/59856
Reference: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php
Reference: http://secunia.com/advisories/53398
Reference: http://osvdb.org/93421
Fixed in: 3.2.7

Name: shutter-reloaded-plus - v0.6
Location: http://lospa.ro/wp-content/plugins/shutter-reloaded-plus/
Directory listing is enabled: http://lospa.ro/wp-content/plugins/shutter-reloaded-plus/

Name: wordpress-popular-posts - v3.2.1
Location: http://lospa.ro/wp-content/plugins/wordpress-popular-posts/

Name: wp-embed-facebook - v1.8.2
Location: http://lospa.ro/wp-content/plugins/wp-embed-facebook/

Name: wp-pagenavi - v2.87
Location: http://lospa.ro/wp-content/plugins/wp-pagenavi/
Directory listing is enabled: http://lospa.ro/wp-content/plugins/wp-pagenavi/

Name: wp-review - v3.2.9
Location: http://lospa.ro/wp-content/plugins/wp-review/
Directory listing is enabled: http://lospa.ro/wp-content/plugins/wp-review/

Name: youtube-embed-plus - v9.4
Location: http://lospa.ro/wp-content/plugins/youtube-embed-plus/

Name: all-in-one-seo-pack - v2.2.5.1
Location: http://lospa.ro/wp-content/plugins/all-in-one-seo-pack/
Directory listing is enabled: http://lospa.ro/wp-content/plugins/all-in-one-seo-pack/

*Enumerating usernames ...
*Identified the following 1 user/s:
+----+-------+-------+
| Id | Login | Name |
+----+-------+-------+
| 1 | lospa | Lospa |
+----+-------+-------+

FISIERE, DIRECTOARE, LINKURI, ROBOTS.TXT SI SITEMAP.XML

Scan Started: 23/2/2015 22:17:40
Domain http://lospa.ro/
Server Banner: Apache
Target IP: 46.105.117.131

CRAWLING
Directory check:
CODE: 200 URL: http://lospa.ro/IO/
CODE: 200 URL: http://lospa.ro/acc/
CODE: 200 URL: http://lospa.ro/acceso/
CODE: 200 URL: http://lospa.ro/ad/
CODE: 200 URL: http://lospa.ro/ado/
CODE: 200 URL: http://lospa.ro/admin/
CODE: 200 URL: http://lospa.ro/argentina/
CODE: 200 URL: http://lospa.ro/art/
CODE: 200 URL: http://lospa.ro/as/
CODE: 200 URL: http://lospa.ro/blog/
CODE: 200 URL: http://lospa.ro/blogg/
CODE: 200 URL: http://lospa.ro/blogger/
CODE: 200 URL: http://lospa.ro/ca/
CODE: 200 URL: http://lospa.ro/cart/
CODE: 200 URL: http://lospa.ro/community/
CODE: 200 URL: http://lospa.ro/contact/
CODE: 200 URL: http://lospa.ro/conta/
CODE: 200 URL: http://lospa.ro/de/
CODE: 200 URL: http://lospa.ro/di/
CODE: 200 URL: http://lospa.ro/dir/
CODE: 200 URL: http://lospa.ro/facebook/
CODE: 200 URL: http://lospa.ro/feed/
CODE: 200 URL: http://lospa.ro/fe/
CODE: 200 URL: http://lospa.ro/gallery/
CODE: 200 URL: http://lospa.ro/head/
CODE: 200 URL: http://lospa.ro/inc/
CODE: 200 URL: http://lospa.ro/inf/
CODE: 200 URL: http://lospa.ro/it/
CODE: 200 URL: http://lospa.ro/login/
CODE: 200 URL: http://lospa.ro/opt/
CODE: 200 URL: http://lospa.ro/pe/
CODE: 200 URL: http://lospa.ro/pers/
CODE: 200 URL: http://lospa.ro/pl/
CODE: 200 URL: http://lospa.ro/place/
CODE: 200 URL: http://lospa.ro/po/
CODE: 200 URL: http://lospa.ro/pro/
CODE: 200 URL: http://lospa.ro/race/
CODE: 200 URL: http://lospa.ro/re/
CODE: 200 URL: http://lospa.ro/rss/
CODE: 200 URL: http://lospa.ro/social/
CODE: 200 URL: http://lospa.ro/the/
CODE: 200 URL: http://lospa.ro/to/
CODE: 200 URL: http://lospa.ro/top/
CODE: 200 URL: http://lospa.ro/via/
CODE: 200 URL: http://lospa.ro/vlog/
CODE: 200 URL: http://lospa.ro/wp-admin/

File check:
CODE: 200 URL: http://lospa.ro/admin/index.php
CODE: 200 URL: http://lospa.ro/community/index.php
CODE: 200 URL: http://lospa.ro/favicon.ico

Check robots.txt:

Check sitemap.xml:

Scan Finished: 23/2/2015 22:32:31

 

[AlexH]

Directory listing is enabled dezactivezi din cpanel sau simplu adaugi un fisier index.html in folderele unde iti spune mai sus.

 

[Ovidiu Bokar]

Sau schimbi .htaccess per folder si fisier. Exemplu: fisierele primesc 644 iar folderele 755