1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Vulnerability Scan Alert: Oct. 2016

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Oct 9, 2016.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    below is a short list of plugins that hackers in europe were searching for on my domain. these plugins probably have known flaws so you should either update them pronto or remove them. i also included some security app links. :D

    /modules/mod_simplefileuploadv1.3/elements/udd.php

    /modules/productpageadverts/uploadimage.php

    /modules/simpleslideshow/uploadimage.php

    /modules/vtemslideshow/uploadimage.php

    /tiny_mce/plugins/tinybrowser/upload_file.php

    /uploadify/uploadify.php

    /wp-content/plugins/./simple-image-manipulator/controller/download.php

    /wp-content/plugins/all-in-one-seo-pack/aioseop_utility.php

    /wp-content/plugins/candidate-application-form/downloadpdffile.php

    /wp-content/plugins/complete-gallery-manager/frames/upload-images.php

    /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js

    /wp-content/plugins/dzs-zoomsounds/admin/admin.js

    /wp-content/plugins/formcraft/file-upload/server/php/upload.php

    /wp-content/plugins/gravityforms/js/gravityforms.js

    /wp-content/plugins/i-dump-iphone-to-wordpress-photo-uploader
    /uploader.php

    /wp-content/plugins/jquery-html5-file-upload/jquery-html5-file-upload.php

    /wp-content/plugins/landing-pages/tests/phantomjs/server.php

    /wp-content/plugins/recent-backups/download-file.php

    /wp-content/plugins/revslider/js/rev_admin.js

    /wp-content/plugins/revslider/temp/update_extract/revslider/db.php

    /wp-content/plugins/robotcpa/f.php
    (https://www.exploit-db.com/exploits/37252/)

    /wp-content/plugins/showbiz/js/showbiz_admin.js

    /wp-content/plugins/simple-ads-manager/js/slider/tmpl.js

    /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php

    /wp-content/plugins/woocommerce-product-options/includes/image-upload.php

    /wp-content/plugins/wp-easy-gallery-pro/admin/php.php

    /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php

    /wp-content/plugins/wp-mobile-detector/cache/db.php

    /wp-content/plugins/wp-symposium/server/php/jabqAxkifFpZxp.php

    /wp-content/plugins/wp-symposium/server/php/kstfAxviOFpZew.php

    /wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php

    /wp-content/plugins/wysija-newsletters/js/tinymce/tiny_mce.js

    /wp-content/themes/bold-headline/js/jquery.fittext.js

    /wp-content/themes/pinboard/404.php

    /wp-content/themes/u-design/scripts/script.js

    /wp-config.php.bak

    /wp-config.php.save

    /wp-config.php~

    ===

    Decrypt JS Packer Code:

    1. copy and paste the packed code into
    http://dean.edwards.name/unpacker/

    2. paste the decompressed code into
    http://jsbeautifier.org and read the results.

    ===

    Decode Base64:
    http://ottodestruct.com/decoder.php

    Website Malware and Security Scanner:
    http://sitecheck.sucuri.net/scanner/

    Website Security Check,
    http://www.unmaskparasites.com

    ===

    Security Add-Ons:

    1. Acunetix Scanner,
    http://wordpress.org/extend/plugins/wp-security-scan/

    2. Anti-Malware,
    https://wordpress.org/plugins/gotmls/

    3. Anti-Virus,
    http://wordpress.org/extend/plugins/antivirus/

    4. Bulletproof Security,
    http://wordpress.org/extend/plugins/bulletproof-security/

    5. Database Backup,
    http://wordpress.org/plugins/wp-database-backup/

    6. Exploit Scanner,
    https://wordpress.org/plugins/exploit-scanner/

    7. Firewall,
    http://wordpress.org/extend/plugins/wordpress-firewall-2/

    8. Login Lockdown,
    http://wordpress.org/extend/plugins/login-lockdown/

    9. Word Fence,
    http://wordpress.org/extend/plugins/wordfence/

    ===

    WP Theme Detecter:
    http://wpthemedetector.com
     
    • Thanks Thanks x 1
  2. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    6,422
    Likes Received:
    2,999
    Occupation:
    blog creator
    Location:
    UK
    that's why you should always keep plugins and themes up to date. Nothing new here really, it's always going on because WordPress is so popular.
     
  3. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    yep! the "panama papers" scandal never would've happened if they'd kept their plugins updated.
     
  4. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    6,422
    Likes Received:
    2,999
    Occupation:
    blog creator
    Location:
    UK
    they were lazy
     
  5. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    has a lot todo with wp being so popular, but also has a lot to do with the size of Wordpress - you can't write something that many moving parts without leaving a lot of holes. Also it's usually the addons getting targeted, because a very small percent of developers have any concept of security at all I've downloaded/installed more than a few apps that process raw user input with 0 input.

    Exploit-db is good to subscribe to for all of this, or atleast search your plugin trough them, to see if it's publicaly vulnerable.