=============================================================================== PROBE RESULTS: formationenligne.bf -> formationenligne.org Date: 2026-03-04 =============================================================================== DOMAIN: formationenligne.bf (redirects to formationenligne.org) TYPE: Online Training Center (OTC) - Burkina Faso education/e-learning IP: 213.186.33.5 (OVHcloud shared hosting) STATUS: LIVE - WordPress fully exposed DNS RESOLUTION: 213.186.33.5 (OVH shared hosting) CONNECTIVITY: - HTTP formationenligne.bf => 301 redirect to http://formationenligne.org/ - HTTP formationenligne.org => HTTP 200 - HTTPS: Not available (HTTP 000) CMS: WordPress with LearnPress LMS SITE NAME: "Online Training Center" DESCRIPTION: "Centre de formation en ligne" URL: http://formationenligne.org SEO PLUGIN: All in One SEO v4.8.4.1 =============================================================================== WORDPRESS API - FULLY EXPOSED (NO AUTHENTICATION) =============================================================================== USERS ENUMERATED: ID 1: admin (slug: admin) - main administrator ID 2: Envato Theme (slug: theme) - theme demo account Author enumeration: ?author=1 -> /author/admin/, ?author=2 -> /author/theme/ IDs 3-20: HTTP 404 (only 2 users) POSTS DUMPED: 45 posts (all in single page) Content: Academic programs, scholarships, newsletters, COVID-19 updates Date range: 2015-10-14 through 2025-03-05 Sample titles: - Masters des filieres commerciales et de gestion - Master en Gestion Administrative Comptable et Financiere - Master en Management et Gestion des projets et Programmes - Master en Suivi Evaluation des projets et Programmes - Bourses d'etudes 2023 - Situation nationale au Burkina et les cours en ligne - Rentree academique des cycles de Licence - RENTREE DU 15 AVRIL 2020, Licence PAGES DUMPED: 100 pages (full page 1) Includes: Login, Register, Profile, Checkout, Courses, Instructors, Become A Teacher, Book Appointment, scholarship applications per year, European diploma programs, certificate programs MEDIA DUMPED: 152 items (page 1: 98, page 2: 54) Types: images (PNG, JPG), ZIP archives, DOCX documents SENSITIVE FILES FOUND IN MEDIA: - Plugin backup ZIPs (WPBakery, Fancy Elementor) - potential vuln info - Scholarship application forms (DOCX) with personal data fields - Enrollment forms (Fiche d'inscription) - Financial aid request forms - GeoIP databases (GeoIP.dat, GeoIPv6.dat, GeoLite2-Country.mmdb) CATEGORIES: 39 categories covering diplomas, certificates, academic programs TAGS: 136 total (100 page 1 + 36 page 2) COMMENTS: 0 (empty) SEARCH INDEX: 100 items enumerated STATUSES: Standard WP statuses TAXONOMIES: Standard + custom TYPES: Standard + custom post types =============================================================================== EXPOSED NAMESPACES AND ROUTES =============================================================================== Namespaces: oembed/1.0, aioseo/v1, learnpress/v1, wp/v2, wp-site-health/v1, wp-block-editor/v1, wp-abilities/v1 Total routes: 270 INTERESTING ROUTES DISCOVERED: /learnpress/v1/users - LMS user management /learnpress/v1/users/change-password - Password change endpoint /learnpress/v1/users/reset-password - Password reset endpoint /learnpress/v1/users/delete - User deletion endpoint /aioseo/v1/settings/export - SEO settings export /aioseo/v1/settings/import - SEO settings import /aioseo/v1/plugins/deactivate - Plugin deactivation /aioseo/v1/plugins/install - Plugin installation /aioseo/v1/plugins/upgrade - Plugin upgrade /aioseo/v1/reset-settings - Settings reset /wp/v2/plugins - Plugin management /wp/v2/themes - Theme management /wp/v2/settings - Site settings /wp/v2/users/*/application-passwords - Application password management LearnPress API: /learnpress/v1/users => HTTP 200 (empty array - 2 bytes) /learnpress/v1/courses => HTTP 200 (empty array - 2 bytes) /learnpress/v1/lessons => HTTP 401 (auth required) /learnpress/v1/quizzes => HTTP 401 (auth required) /learnpress/v1/orders => HTTP 401 (auth required) =============================================================================== DIRECTORY LISTING - wp-content/uploads/ FULLY EXPOSED =============================================================================== Directory listing enabled on: http://formationenligne.org/wp-content/uploads/ Years with content: 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024, 2025, 2026 Special directories: aioseo-logs/ - Contains: aioseo-bad-bot-blocker.log (0 bytes) js_composer/ - WPBakery Page Builder assets revslider/ - Revolution Slider assets - homepage_slider/ (slides, layers, woodslide images) - one_third/ (class photos, test photos, university student photos) - page_slider/ (reading slide images) Standalone files in uploads root: GeoIP.dat (1.2M) - MaxMind GeoIP database GeoIPv6.dat (2.3M) - MaxMind GeoIPv6 database GeoLite2-Country.mmdb (3.8M) - MaxMind GeoLite2 database woocommerce-placeholder-*.png - WooCommerce placeholders 2026 uploads: fancy-elementor-gallery-box-1.3.6-*.zip (plugin backup) 2025/03: Enrollment forms (DOCX) =============================================================================== SECURITY FINDINGS =============================================================================== EXPOSED FILES: robots.txt => HTTP 200 (171 bytes) Content: Disallow /wp-admin/, Allow admin-ajax.php, 2 sitemaps sitemap.xml => HTTP 200 (root sitemap index, 4 sub-sitemaps) readme.html => HTTP 200 (7425 bytes) - WordPress default readme wp-login.php => HTTP 200 (15768 bytes) - Login page accessible wp-content/uploads/ => HTTP 200 (directory listing!) wp-cron.php => HTTP 200 (0 bytes) - WP cron accessible feed/ => HTTP 200 (21357 bytes) - RSS feed feed/atom/ => HTTP 200 (22960 bytes) - Atom feed BLOCKED/PROTECTED: .git/HEAD => HTTP 403 (OVH WAF) .git/config => HTTP 403 (OVH WAF) .env => HTTP 403 (OVH WAF) server-status => HTTP 403 (Apache mod_status blocked) xmlrpc.php => HTTP 405 (method not allowed - partially hardened) wp-config.php.bak => HTTP 404 wp-config.php~ => HTTP 404 wp-config.php.save/.old/.orig => HTTP 404 wp-content/debug.log => HTTP 404 wp/v2/settings => HTTP 401 (auth required) wp/v2/plugins => HTTP 401 (auth required) wp/v2/themes => HTTP 401 (auth required) SITEMAPS DOWNLOADED: sitemap.xml - root index (4 sub-sitemaps) post-sitemap.xml - 45 post URLs (26KB) page-sitemap.xml - 100 page URLs (43KB) addl-sitemap.xml - 1 URL (root) post_tag-sitemap.xml - tag URLs =============================================================================== DATA COLLECTED (FILES SAVED) =============================================================================== WordPress API JSON dumps: wp-json.json (326KB) - Full API root with all routes wp-json-wp-v2-users.json (1.4KB) - 2 users wp-json-wp-v2-posts.json (654KB) - 45 posts with full content wp-json-wp-v2-pages.json (1.3MB) - 100 pages with full content wp-json-wp-v2-media.json (384KB) - 98 media items page 1 media-page2.json - 54 media items page 2 wp-json-wp-v2-categories.json (29KB) - 39 categories wp-json-wp-v2-tags.json (62KB) - 100 tags page 1 tags-page2.json - 36 tags page 2 wp-json-wp-v2-search.json (47KB) - 100 search results wp-json-wp-v2-statuses.json (193B) - Post statuses wp-json-wp-v2-taxonomies.json (2.6KB) - Taxonomies wp-json-wp-v2-types.json (6.7KB) - Post types user-1.json, user-2.json - Individual user profiles Security/info files: sec-robots.txt, sec-sitemap.xml, sec-readme.html sec-wp-login.php, sec-wp-content-uploads (directory listing HTML) extra-feed, extra-feed-atom (RSS/Atom feeds) extra-wp-json-oembed-1.0, extra-wp-json-wp-site-health-v1 Sitemaps: post-sitemap.xml, page-sitemap.xml, addl-sitemap.xml, post_tag-sitemap.xml Upload directory listings: uploads-{2013..2026}.html - Yearly directory listings uploads-2025-{01..12}.html - Monthly listings for 2025 uploads-2026-{01..03}.html - Monthly listings for 2026 uploads-aioseo-logs.html, uploads-js-composer.html, uploads-revslider.html revslider-{homepage_slider,one_third,page_slider}.html TOTAL DATA: ~5.8MB across 77 files =============================================================================== RISK ASSESSMENT: HIGH =============================================================================== 1. FULL WP REST API exposed without authentication 2. User enumeration possible (admin account confirmed) 3. Directory listing on uploads (13 years of files browsable) 4. LearnPress LMS endpoints exposed (user management routes visible) 5. Plugin backup ZIPs in uploads (version disclosure, potential vuln source) 6. GeoIP database files exposed 7. Scholarship forms with personal data fields downloadable 8. No HTTPS (HTTP only) 9. xmlrpc.php exists (returns 405 but endpoint is present) 10. All 270 API routes enumerable ===============================================================================