root@bt:/pentest/web/wpscan# ruby wpscan.rb -u onlinelinkscan.com -e up
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1r425
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
[WARNING] The SVN repository is DEPRECATED, use the GIT one - http://github.com/wpscanteam/wpscan
| URL: http://onlinelinkscan.com
| Started on Wed Jan 2 13:44:52 2013
[!] The WordPress theme in use is Aggregate v2.3
[!] The WordPress 'http://onlinelinkscan.com/readme.html' file exists
[!] WordPress version 3.5 identified from meta generator
[+] Enumerating plugins from passive detection ... 3 found :
| Name: paid-memberships-pro
| Location: http://onlinelinkscan.com/$wp-plugins$/paid-memberships-pro/
| Name: bbpress
| Location: http://onlinelinkscan.com/$wp-plugins$/bbpress/
| Name: social-media-icons
| Location: http://onlinelinkscan.com/$wp-plugins$/social-media-icons/
[+] Enumerating installed plugins ...
Checking for 2302 total plugins... 100% complete.
[+] We found 15 plugins:
| Name: paid-memberships-pro
| Location: http://onlinelinkscan.com/$wp-plugins$/paid-memberships-pro/
| Directory listing enabled? Yes.
| Name: bbpress
| Location: http://onlinelinkscan.com/$wp-plugins$/bbpress/
| Directory listing enabled? No.
| Name: social-media-icons
| Location: http://onlinelinkscan.com/$wp-plugins$/social-media-icons/
| Directory listing enabled? Yes.
| Name: follow-me
| Location: http://onlinelinkscan.com/wp-content/plugins/follow-me/
| Directory listing enabled? Yes.
| Name: social-media-icons
| Location: http://onlinelinkscan.com/wp-content/plugins/social-media-icons/
| Directory listing enabled? Yes.
| Name: plugins
| Location: http://onlinelinkscan.com/wp-content/plugins/digg-digg/
| Directory listing enabled? Yes.
| Name: wp-to-twitter
| Location: http://onlinelinkscan.com/wp-content/plugins/wp-to-twitter/
| Directory listing enabled? Yes.
| Name: social-popup
| Location: http://onlinelinkscan.com/wp-content/plugins/social-popup/
| Directory listing enabled? Yes.
| Name: social-slider
| Location: http://onlinelinkscan.com/wp-content/plugins/social-slider/
| Directory listing enabled? Yes.
| Name: shortcode-exec-php
| Location: http://onlinelinkscan.com/wp-content/plugins/shortcode-exec-php/
| Directory listing enabled? Yes.
| Name: allow-php-in-posts-and-pages
| Location: http://onlinelinkscan.com/wp-content/plugins/allow-php-in-posts-and-pages/
| Directory listing enabled? Yes.
|
| [!] Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/17688/
| Name: paid-memberships-pro
| Location: http://onlinelinkscan.com/wp-content/plugins/paid-memberships-pro/
| Directory listing enabled? Yes.
| Name: share-this
| Location: http://onlinelinkscan.com/wp-content/plugins/share-this/
| Directory listing enabled? Yes.
| Name: bbpress
| Location: http://onlinelinkscan.com/wp-content/plugins/bbpress/
| Directory listing enabled? No.
| Name: wp-twitter-timeline
| Location: http://onlinelinkscan.com/wp-content/plugins/wp-twitter-timeline/
| Directory listing enabled? Yes.
[+] Enumerating usernames ...
We found the following 10 username/s :
admin
kovalsky09
RomualIo3
guestauthor
JohnSmith2223
jimmyb
testlogin
karthik.magapu
Shilpatest
TestShilpa
[+] Finished at Wed Jan 2 14:04:07 2013
root@bt:/pentest/web/wpscan#
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this informatio