Oauth2 con le Google api Php Client

26 marzo 2015 - Fonte: http://michelepierri.it

In questo articolo mostro un veloce snippet di codice PHP per utilizzare il protocollo ...

Leggi il seguito »

Installare Composer per PHP su Wamp

25 marzo 2015 - Fonte: http://michelepierri.it

In questo breve how-to spiego come installare COMPOSER per PHP all’interno del nostro sistema Apache, Mysql e Php.

SISTEMI MICROSOFT BASED

Queste regole andranno bene framework che state usando (WAMP, XAMPP ecc.ecc.).

Per prima cosa occorre controllare che la variabile d’ambiente PHP sia impostata correttamente. Per controllar ciò basterà aprire una console e digitare php seguito da un invio.

In caso positivo entreremo nella console PHP, contrariamente verrà mostrato un messaggio riportante un comando non riconosciuto.

Impostiamo la variabile d’ambiente

Effettuiamo i seguenti passaggi: click dx su Risorse del computer -> Proprietà -> Impostazioni di sistema avanzate -> Variabili d’ambiente

Dal...

Leggi il seguito »

WordPress Reflex Gallery 3.1.3 Shell Upload

21 marzo 2015 - Fonte: http://www.mondounix.com
<?php
 
/*
  # Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload
  # TIPE:          Arbitrary File Upload
  # Google DORK:   inurl:"wp-content/plugins/reflex-gallery/"
  # Vendor:        https://wordpress.org/plugins/reflex-gallery/
  # Tested on:     Linux
  # Version:       3.1.3 (Last)
  # EXECUTE:       php exploit.php www.alvo.com.br shell.php
  # OUTPUT:        Exploit_AFU.txt
  # POC            http://i.imgur.com/mpjXaZ9.png
  # REF COD        http://1337day.com/exploit/23369
 
--------------------------------------------------------------------------------
  <form method = "POST" action = "" enctype = "multipart/form-data" >
  <input type...

Leggi il seguito »

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

14 marzo 2015 - Fonte: http://www.mondounix.com
*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id
Parameters XSS Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*
v.1.0.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]

*Advisory Details:*

*(1) Vendor & Product...

Leggi il seguito »

WordPress Huge IT Slider 2.6.8 SQL Injection

14 marzo 2015 - Fonte: http://www.mondounix.com
Advisory ID: HTB23250
Product: Huge IT Slider WordPress Plugin
Vendor: Huge-IT
Vulnerable Version(s): 2.6.8 and probably prior
Tested Version: 2.6.8
Advisory Publication:  February 19, 2015  [without technical details]
Vendor Notification: February 19, 2015 
Vendor Patch: March 11, 2015 
Public Disclosure: March 12, 2015 
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2015-2062
Risk Level: Medium 
CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

WordPress Pie Register 2.0.14 Cross Site Scripting

12 marzo 2015 - Fonte: http://www.mondounix.com
[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 09/03/2015
[+]Type:WebApp
[+]Risk:High
[+]Affected Version:All
[+]Overview:
Pie Register 2.x suffers, from an XSS vulnerability.
 
[+]Proof Of Concept:
 
[PHP]
global $piereg_dir_path;
include_once( PIEREG_DIR_NAME."/classes/invitation_code_pagination.php");
 
if(isset($_POST['notice']) && $_POST['notice'] ){
  echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '.</strong></p></div>';
}elseif(isset($_POST['error']) && $_POST['error'] ){
  echo '<div id="error" class="error fade"><p><strong>'...

Leggi il seguito »

WordPress Fraction Theme 1.1.1 Privilege Escalation

12 marzo 2015 - Fonte: http://www.mondounix.com
------------------------------------------------------------------------------
WordPress Fraction Theme 1.1.1 Previlage Escalation
------------------------------------------------------------------------------
 
[-] Theme Link:
 
http://themeforest.net/item/fraction-multipurpose-news-magazine-theme/8655281
 
[-] Affected Version:
 
Version: 1.1.1
 
[-] Vulnerability Description:
 
This vulnerability allows an attacker to escalate privileges on the site
and have an admin account which may lead to a full site takeover
the vulnerability is in /fraction-theme/functions/ajax.php there is this
function called "ot_save_options":
 
function ot_save_options() {
    $fields = $_REQUEST;
    foreach($fields...

Leggi il seguito »

WordPress Plugin Google Analytics by Yoast Stored XSS

9 marzo 2015 - Fonte: http://www.mondounix.com
Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
 
. contents:: Table Of Content
 
Overview
 
Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
Author: Kaustubh G. Padwad, Rohit Kumar.
Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytics/
Severity: Medium
Version Affected: Version 5.3.2 and mostly prior to it
Version Tested : Version 5.3.2
version patched:
Description
 
Vulnerable Parameter
 
Current UA-Profile
Manually enter your UA code
Label for those links
Set path for internal links to track as outbound links:
Subdomain tracking:
Extensions of files to track as downloads:
About Vulnerability
 
This plugin is vulnerable to...

Leggi il seguito »

ocPortal 9.0.16 Multiply XSS Vulnerabilities

9 marzo 2015 - Fonte: http://www.mondounix.com
# Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities
# Google Dork: "Copyright (c) ocPortal 2011 "
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://ocportal.com/
# Vendor contacted: 22-2-2015
# Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htm
# Version: 9.0.16
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64
 
ocPortal ->
Version:                9.0.16
Type:                   XSS
Severity:               Critical
Info Exploit:           There are MANY possibilities to execute XSS on the new released ocPortal.
 
All XSS attacks are done by a new registered user, so no extra rights are given. It's all standard.
 
#######################################################
Events/Calendar,...

Leggi il seguito »

Betster (PHP Betoffice) Authentication Bypass and SQL Injection

9 marzo 2015 - Fonte: http://www.mondounix.com
<?php
/*
 
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O .. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /        
  / XXXXXX /
 (________(          
  `------'
 
 Exploit Title   : Betster (PHP Betoffice) Authentication Bypass and SQL Injection
 Date            : 6 March 2015
 Exploit Author  : CWH Underground
 Discovered By   : ZeQ3uL
 Site            : www.2600.in.th
 Vendor Homepage : http://betster.sourceforge.net/
 Software Link   : http://downloads.sourceforge.net/project/betster/betster-1.0.4.zip
 Version...

Leggi il seguito »