WordPress Reflex Gallery 3.1.3 Shell Upload

21 marzo 2015 - Fonte: http://www.mondounix.com
<?php
 
/*
  # Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload
  # TIPE:          Arbitrary File Upload
  # Google DORK:   inurl:"wp-content/plugins/reflex-gallery/"
  # Vendor:        https://wordpress.org/plugins/reflex-gallery/
  # Tested on:     Linux
  # Version:       3.1.3 (Last)
  # EXECUTE:       php exploit.php www.alvo.com.br shell.php
  # OUTPUT:        Exploit_AFU.txt
  # POC            http://i.imgur.com/mpjXaZ9.png
  # REF COD        http://1337day.com/exploit/23369
 
--------------------------------------------------------------------------------
  <form method = "POST" action = "" enctype = "multipart/form-data" >
  <input type...

Leggi il seguito »

Adobe Flash Player PCRE Regex Logic Error

18 marzo 2015 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking
 
  CLASSID =  'd27cdb6e-ae6d-11cf-96b8-444553540000'
 
  include Msf::Exploit::Powershell
  include Msf::Exploit::Remote::BrowserExploitServer
 
  def initialize(info={})
    super(update_info(info,
      'Name'           => "Adobe Flash Player PCRE Regex Vulnerability",
      'Description'    => %q{
        This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error
        in the PCRE engine, specifically in the handling of the \c...

Leggi il seguito »

Epic Google snafu leaks hidden whois data for 280,000 domains

14 marzo 2015 - Fonte: http://www.mondounix.com

Epic Google snafu leaks hidden whois data for 280,000 domains

Google leaked the complete hidden whois data attached to more than 282,000 domains registered through the company's Google Apps for Work service, a breach that could bite good and bad guys alike.

The 282,867 domains counted by Cisco Systems' researchers account for 94 percent of the addresses Google Apps has registered through a partnership with registrar eNom. Among the services is one that charges an additional $6 per year to shield from public view all personal information included in domain name whois records. Rather than being published publicly, the information is promised to remain in the hands of eNom except when...

Leggi il seguito »

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

14 marzo 2015 - Fonte: http://www.mondounix.com
*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id
Parameters XSS Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*
v.1.0.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]

*Advisory Details:*

*(1) Vendor & Product...

Leggi il seguito »

WordPress Huge IT Slider 2.6.8 SQL Injection

14 marzo 2015 - Fonte: http://www.mondounix.com
Advisory ID: HTB23250
Product: Huge IT Slider WordPress Plugin
Vendor: Huge-IT
Vulnerable Version(s): 2.6.8 and probably prior
Tested Version: 2.6.8
Advisory Publication:  February 19, 2015  [without technical details]
Vendor Notification: February 19, 2015 
Vendor Patch: March 11, 2015 
Public Disclosure: March 12, 2015 
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2015-2062
Risk Level: Medium 
CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

WordPress Pie Register 2.0.14 Cross Site Scripting

12 marzo 2015 - Fonte: http://www.mondounix.com
[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 09/03/2015
[+]Type:WebApp
[+]Risk:High
[+]Affected Version:All
[+]Overview:
Pie Register 2.x suffers, from an XSS vulnerability.
 
[+]Proof Of Concept:
 
[PHP]
global $piereg_dir_path;
include_once( PIEREG_DIR_NAME."/classes/invitation_code_pagination.php");
 
if(isset($_POST['notice']) && $_POST['notice'] ){
  echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '.</strong></p></div>';
}elseif(isset($_POST['error']) && $_POST['error'] ){
  echo '<div id="error" class="error fade"><p><strong>'...

Leggi il seguito »

WordPress Fraction Theme 1.1.1 Privilege Escalation

12 marzo 2015 - Fonte: http://www.mondounix.com
------------------------------------------------------------------------------
WordPress Fraction Theme 1.1.1 Previlage Escalation
------------------------------------------------------------------------------
 
[-] Theme Link:
 
http://themeforest.net/item/fraction-multipurpose-news-magazine-theme/8655281
 
[-] Affected Version:
 
Version: 1.1.1
 
[-] Vulnerability Description:
 
This vulnerability allows an attacker to escalate privileges on the site
and have an admin account which may lead to a full site takeover
the vulnerability is in /fraction-theme/functions/ajax.php there is this
function called "ot_save_options":
 
function ot_save_options() {
    $fields = $_REQUEST;
    foreach($fields...

Leggi il seguito »

WordPress Plugin Google Analytics by Yoast Stored XSS

9 marzo 2015 - Fonte: http://www.mondounix.com
Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
 
. contents:: Table Of Content
 
Overview
 
Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
Author: Kaustubh G. Padwad, Rohit Kumar.
Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytics/
Severity: Medium
Version Affected: Version 5.3.2 and mostly prior to it
Version Tested : Version 5.3.2
version patched:
Description
 
Vulnerable Parameter
 
Current UA-Profile
Manually enter your UA code
Label for those links
Set path for internal links to track as outbound links:
Subdomain tracking:
Extensions of files to track as downloads:
About Vulnerability
 
This plugin is vulnerable to...

Leggi il seguito »

ocPortal 9.0.16 Multiply XSS Vulnerabilities

9 marzo 2015 - Fonte: http://www.mondounix.com
# Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities
# Google Dork: "Copyright (c) ocPortal 2011 "
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://ocportal.com/
# Vendor contacted: 22-2-2015
# Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htm
# Version: 9.0.16
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64
 
ocPortal ->
Version:                9.0.16
Type:                   XSS
Severity:               Critical
Info Exploit:           There are MANY possibilities to execute XSS on the new released ocPortal.
 
All XSS attacks are done by a new registered user, so no extra rights are given. It's all standard.
 
#######################################################
Events/Calendar,...

Leggi il seguito »

Betster (PHP Betoffice) Authentication Bypass and SQL Injection

9 marzo 2015 - Fonte: http://www.mondounix.com
<?php
/*
 
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O .. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /        
  / XXXXXX /
 (________(          
  `------'
 
 Exploit Title   : Betster (PHP Betoffice) Authentication Bypass and SQL Injection
 Date            : 6 March 2015
 Exploit Author  : CWH Underground
 Discovered By   : ZeQ3uL
 Site            : www.2600.in.th
 Vendor Homepage : http://betster.sourceforge.net/
 Software Link   : http://downloads.sourceforge.net/project/betster/betster-1.0.4.zip
 Version...

Leggi il seguito »