Just another average website with vulnerable CMS!

Analysis of http://www.adrian-stolarski.pl/
WordPress Version
3.6.1
Version does not appear to be latest 4.4 - update now
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

w3-total-cache 0.9.2.4 latest release (0.9.4.1) Update required
http://www.w3-edge.com/wordpress-plugins/w3-total-cache/
all-in-one-seo-pack latest release (2.2.7.5)
http://semperfiwebdesign.com

Warning User Enumeration is possible :o

WOT alert: scorecard/adrian-stolarski.pl?utm_source=addon&utm_content=rw-viewsc
& http://toolbar.netcraft.com/site_report?url=http://www.adrian-stolarski.pl
Re: http://iframely.com/debug?uri=http%3A%2F%2Fwww.adrian-stolarski.pl%2F

Also condider: https://rateip.com/class/151.80.202.0/24
while observing: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.adrian-stolarski.pl%2F

Sucuri alerts: ISSUE DETECTED DEFINITION INFECTED URL
Internal Server Error 500-error?v1 -http://www.adrian-stolarski.pl/404testpage4525d2fdc ( View Payload )
Internal Server Error 500-error?v1 -http://www.adrian-stolarski.pl/404javascript.js ( View Payload )
Site error detected. Details: http://labs.sucuri.net/db/malware/500-error?v1
HTTP/1.1 500 Internal Server Error

2 malicious files: /jak-zachecic-dziecko-do-sprzatania/index.html
Severity: Malicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to malicious blacklisted domain -wielkikanion.pl *
&
/jak-zachecic-dziecko-do-sprzatania#comments
Severity: Malicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to malicious blacklisted domain -wielkikanion.pl *

  • Avast rightfully detects as JS-Injection A[Trj]

polonus (volunteer website security analyst and website error-hunter)

Also checked for this: Scan for HTML Injection
This scans a page for common XSS/HTML injection vulnerabilities.
Looking at -http://www.adrian-stolarski.pl/; 1 form(s) found.

HRMM; no injection found on:- http://www.adrian-stolarski.pl/; form 1
URL WAS =>-http://www.adrian-stolarski.pl?s=<h1>sentinel<%2Fh1>

polonus