WordPress PWG Random 1.11 CSRF / XSS

20 dicembre 2014 - Fonte: http://www.linuxfaidate.it

By ...

Leggi il seguito »

WordPress Twitter 0.7 CSRF / XSS

20 dicembre 2014 - Fonte: http://www.linuxfaidate.it

By ...

Leggi il seguito »

Sony cancels premiere of The Interview after hacker terrorist threats

17 dicembre 2014 - Fonte: http://www.mondounix.com

Sony cancels premiere of The Interview after hacker terrorist threats

SONY PICTURES has cancelled the New York premiere of controversial film The Interview after hackers who breached the firm's systems last month posted threats on text-sharing site Pastebin.

Sony has also told cinema owners that they can cancel screenings of the comedy after the group responsible for the hack threatened theatres that chose to show it.

The hacker group, which goes by the name of Guardians of Peace (GOP), posted the message on Tuesday, invoking the 9/11 terrorist attacks and warning cinemagoers to avoid seeing the movie, which is about an...

Leggi il seguito »

Senator: Backdoor for the Feds is a backdoor for hackers

16 dicembre 2014 - Fonte: http://www.mondounix.com

Senator Backdoor for the Feds is a backdoor for hackers

A US Senator is urging Congress to pass laws forbidding Uncle Sam's spies from forcing software and hardware makers to build backdoors.

In an op-ed posted in the LA Times, Sen. Ron Wyden (D-OR) said that there was no safe way to build backdoors into phones, tablets, computers and software without exposing them to hackers to exploit.

Wyden, who this month proposed a bill to ban government agencies from mandating backdoors, noted the mechanisms US agencies want to use for law enforcement and intelligence will double as open invitations for foreign agencies and criminals to pwn devices.

"The problem with this logic is that building a back...

Leggi il seguito »

WordPress SPNbabble 1.4.1 CSRF / XSS

16 dicembre 2014 - Fonte: http://www.mondounix.com
# Title: CSRF/XSS Vulnerability in SPNbabble WP Plugin 
# Author: Manideep K  
# CVE-ID:  CVE-2014-9339
# Plugin Homepage: https://wordpress.org/plugins/spnbabble/
# Version Affected: 1.4.1 (probably lower versions)
# Severity: High 
 
# About Plugin:
SPNbabble (http://spnbabble.sitepronews.com) allows users to create an account and post 140 character blogs with urls to send out messages to your followers. Through the professional setup of SPNbabble you can also auto connect to Twitter, Friendfeed, Plurk, Tumblr, Facebook, Zannel, Youare, Meemi & Utterli. This plugin once installed allows you to enter your SPNbabble user and password and you can choose which blog posts will be converted into mini blogs. Your blog turned into...

Leggi il seguito »

WordPress DandyID Services ID 1.5.9 CSRF / XSS

16 dicembre 2014 - Fonte: http://www.mondounix.com
# Title: CSRF/XSS Vulnerability in DandyID Services WP Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9335
# Plugin Homepage: https://wordpress.org/plugins/dandyid-services/
# Version Affected: 1.5.9 (probably lower versions)
# Severity: High 
 
# About Plugin:
DandyID is a free service that enables you to connect, manage, and share all of your online identities from a single location
 
# Description: 
# Vulnerable Parameter: email_address, sidebarTitle etc
# About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin...

Leggi il seguito »

WordPress twitterDash 2.1 CSRF / XSS

16 dicembre 2014 - Fonte: http://www.mondounix.com
**************************************************************************************
# Title: CSRF / Stored XSS Vulnerability in twitterDash Wordpress Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9368
# Plugin Homepage: https://wordpress.org/plugins/twitterdash/
# Version Affected: 2.1 (probably lower versions)
# Severity: High 
 
#About Plugin:
twitterDash adds a field on the Dashboard. In this field you find the last(you can define how many) updates on the friends timeline of your twitter(http://www.twitter.com) account.You will see your friends profile images, usernames and updates, all the links that they have posted are active and the "@username" links to that users timeline. Enable the update panel and you...

Leggi il seguito »

WordPress iTwitter WP 0.04 CSRF / XSS

16 dicembre 2014 - Fonte: http://www.mondounix.com
# Title: CSRF/XSS Vulnerability in iTwitter WP Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9336
# Plugin Homepage: https://wordpress.org/plugins/itwitter/
# Version Affected: 0.04 (probably lower versions)
# Severity: High 
 
# Description: 
# Vulnerable Parameter: itex_t_twitter_username, itex_t_twitter_userpass etc
# About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc. 
# Vulnerability...

Leggi il seguito »

WordPress Download Manager Unauthenticated File Upload

16 dicembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(
    info,
    'Name'           => 'Wordpress Download Manager (download-manager) Unauthenticated File Upload',
    'Description'    => %q{
      The WordPress download-manager plugin contains multiple unauthenticated file upload
      vulnerabilities which were fixed in version 2.7.5.
    },
    'Author'         =>
    [
      'Mickael Nadeau',    ...

Leggi il seguito »

WordPress WP Symposium 14.11 Shell Upload

14 dicembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability
#
#
# Vulnerability discovered by Claudio Viviani
#
# Exploit written by Claudio Viviani
#
#
# 2014-11-27:  Discovered vulnerability
# 2014-12-01:  Vendor Notification (Twitter)
# 2014-12-02:  Vendor Notification (Web Site) 
# 2014-12-04:  Vendor Notification (E-mail)
# 2014-12-11:  No Response/Feedback
# 2014-12-11:  Published
#
# Video Demo + Fix: https://www.youtube.com/watch?v=pF8lIuLT6Vs
#
# --------------------------------------------------------------------
#
# The upload function located on "/wp-symposium/server/file_upload_form.php " is protected:
#
#   if ($_FILES["file"]["error"] > 0)...

Leggi il seguito »