wpscan bankjateng

C:\WPScan>ruby wpscan.rb --url www.bankjateng.co.id --enumerate u


    __          _______   _____
    \ \        / /  __ \ / ____|
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team
                   Version 2.9.4-dev
      Sponsored by Sucuri - https://sucuri.net
  @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_

[i] It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]n
[i] The remote host tried to redirect to: http://bankjateng.co.id/
[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]
[+] URL: http://www.bankjateng.co.id/
[+] Started: Mon May 21 09:05:38 2018

[+] robots.txt available under: ‘http://www.bankjateng.co.id/robots.txt
[+] Interesting entry from robots.txt: http://www.bankjateng.co.id/wp-admin/admin-ajax.php
[+] Interesting header: SERVER: Apache/2.4.29 (Unix) OpenSSL/1.0.1e-fips
[+] Interesting header: X-CNECTION: close
[+] Interesting header: X-POWERED-BY: PHP/5.6.30
[+] This site has ‘Must Use Plugins’ (http://codex.wordpress.org/Must_Use_Plugins)
[+] XML-RPC Interface available under: http://www.bankjateng.co.id/xmlrpc.php
[!] Upload directory has directory listing enabled: http://www.bankjateng.co.id/wp-content/uploads/
[!] Includes directory has directory listing enabled: http://www.bankjateng.co.id/wp-includes/

[+] WordPress version 4.9.3 (Released on 2018-02-05) identified from meta generator, links opml
[!] 4 vulnerabilities identified from the version number

[!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Reference: https://wpvulndb.com/vulnerabilities/9021
Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
Reference: https://github.com/quitten/doser.py
Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389

[!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
Reference: https://wpvulndb.com/vulnerabilities/9053
Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
[i] Fixed in: 4.9.5

[!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
Reference: https://wpvulndb.com/vulnerabilities/9054
Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
[i] Fixed in: 4.9.5

[!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
Reference: https://wpvulndb.com/vulnerabilities/9055
Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
[i] Fixed in: 4.9.5

[+] WordPress theme in use: bb-theme-child - v1.0

[+] Name: bb-theme-child - v1.0
| Location: http://www.bankjateng.co.id/wp-content/themes/bb-theme-child/
[!] Directory listing is enabled: http://www.bankjateng.co.id/wp-content/themes/bb-theme-child/
| Style URL: http://www.bankjateng.co.id/wp-content/themes/bb-theme-child/style.css
| Referenced style.css: http://bankjateng.co.id/wp-content/themes/bb-theme-child/style.css
| Theme Name: Beaver Builder Child Theme
| Theme URI: http://www.wpbeaverbuilder.com
| Description: An example child theme that can be used as a starting point for custom development.
| Author: The Beaver Builder Team
| Author URI: http://www.fastlinemedia.com

[+] Detected parent theme: bb-theme - v1.6.1

[+] Name: bb-theme - v1.6.1
| Location: http://www.bankjateng.co.id/wp-content/themes/bb-theme/
| Changelog: http://www.bankjateng.co.id/wp-content/themes/bb-theme/changelog.txt
| Style URL: http://www.bankjateng.co.id/wp-content/themes/bb-theme/style.css
| Theme Name: Beaver Builder Theme
| Theme URI: http://www.wpbeaverbuilder.com/?utm_medium=bb-pro&utm_source=bb-theme&utm_campaign=themes-admin-page
| Description: A customizable theme with a simple yet robust set of theme options.
| Author: The Beaver Builder Team
| Author URI: http://www.wpbeaverbuilder.com/?utm_medium=bb-pro&utm_source=bb-theme&utm_campaign=themes-admin-page

[+] Enumerating plugins from passive detection …
[+] No plugins found

[+] Enumerating usernames …
[!] Stop User Enumeration plugin detected, results might be empty. However a bypass exists for v1.2.8 and below, see stop_user_enumeration_bypass.rb in C:/WPScan
[+] Identified the following 1 user/s:
±—±-------------±--------------------+
| Id | Login | Name |
±—±-------------±--------------------+
| 1 | calibreworks | calibreworks – Bank |
±—±-------------±--------------------+

[+] Finished: Mon May 21 09:15:00 2018
[+] Requests Done: 408
[+] Elapsed time: 00:09:22

download wpscan

Njer :batuk: afa afangan

jahat…

:meluncur

bank orang wak haha

nitip sendal swalow :ngacir: