WordPress InBoundio Marketing Shell Upload

30 marzo 2015 - Fonte: http://www.mondounix.com
<?php
###########################################
#-----------------------------------------#
#[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]#
#-----------------------------------------#
#     *----------------------------*      #
#  K  |....##...##..####...####....|  .   #
#  h  |....#...#........#..#...#...|  A   #
#  a  |....#..#.........#..#....#..|  N   #
#  l  |....###........##...#.....#.|  S   #
#  E  |....#.#..........#..#....#..|  e   #
#  D  |....#..#.........#..#...#...|  u   #
#  .  |....##..##...####...####....|  r   #
#     *----------------------------*      #
#-----------------------------------------#
#[ Copyright (c) 2015 | Dz Offenders Cr3w]#
#-----------------------------------------#
###########################################
#...

Leggi il seguito »

WordPress AB Google Map Travel CSRF / XSS

30 marzo 2015 - Fonte: http://www.mondounix.com
===============================================================================
CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin 
===============================================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/ab-google-map-travel/
* Severity: HIGH
* Version Affected: Version 3.4  and mostly prior to it
* Version Tested : Version  3.4
* version patched: 
 
Description 
===========
 
Vulnerable Parameter  
--------------------
 
* Latitude:
* Longitude:
*...

Leggi il seguito »

WordPress Ajax Search Pro Remote Code Execution

30 marzo 2015 - Fonte: http://www.mondounix.com
------------------------------------------------------------------------------
WordPress ajax-search-pro Plugin Remote Code Execution
------------------------------------------------------------------------------
 
[-] Plugin Link:
 
http://codecanyon.net/item/ajax-search-pro-for-wordpress-live-search-plugin/3357410
 
also affected:
    https://wordpress.org/plugins/ajax-search-lite/
    https://wordpress.org/plugins/related-posts-lite/
 
[-] Vulnerability Description:
 
This vulnerability allows any registered user to execute arbitrary functions
vulnerability code:
 
add_action('wp_ajax_wpdreams-ajaxinput', "wpdreams_ajaxinputcallback");
if (!function_exists("wpdreams_ajaxinputcallback"))...

Leggi il seguito »

WordPress Reflex Gallery 3.1.3 Shell Upload

21 marzo 2015 - Fonte: http://www.mondounix.com
<?php
 
/*
  # Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload
  # TIPE:          Arbitrary File Upload
  # Google DORK:   inurl:"wp-content/plugins/reflex-gallery/"
  # Vendor:        https://wordpress.org/plugins/reflex-gallery/
  # Tested on:     Linux
  # Version:       3.1.3 (Last)
  # EXECUTE:       php exploit.php www.alvo.com.br shell.php
  # OUTPUT:        Exploit_AFU.txt
  # POC            http://i.imgur.com/mpjXaZ9.png
  # REF COD        http://1337day.com/exploit/23369
 
--------------------------------------------------------------------------------
  <form method = "POST" action = "" enctype = "multipart/form-data" >
  <input type...

Leggi il seguito »

Velocizzare Chrome: la guida definitiva da CyberCity

15 marzo 2015 - Fonte: http://www.cybercityblog.net

Come tutti ben sappiamo, ultimamente Chrome è rallentato anche se con vari aggiornamenti pare si stia finalmente riprendendo. Ciò ha comportato un calo di download e il passaggio a browser alternativi, scelta non facile per la stragrande maggioranza di utenti, specie i meno pratici, che hanno dovuto prendere familiarità con un nuovo prodotto. Ovviamente il browser che ci ha più guadagnato è Firefox. Ricordiamoci però che molti utenti, pur di attendere non anno abbandonato quello che è comunque restato il browser più scaricato al mondo. Vediamo adesso come velocizzare Chrome.

Consigli fondamentali
  • Eliminare la home page sostituendola con l’apertura di una scheda vuota (...

    Leggi il seguito »

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

14 marzo 2015 - Fonte: http://www.mondounix.com
*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id
Parameters XSS Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*
v.1.0.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]

*Advisory Details:*

*(1) Vendor & Product...

Leggi il seguito »

WordPress Huge IT Slider 2.6.8 SQL Injection

14 marzo 2015 - Fonte: http://www.mondounix.com
Advisory ID: HTB23250
Product: Huge IT Slider WordPress Plugin
Vendor: Huge-IT
Vulnerable Version(s): 2.6.8 and probably prior
Tested Version: 2.6.8
Advisory Publication:  February 19, 2015  [without technical details]
Vendor Notification: February 19, 2015 
Vendor Patch: March 11, 2015 
Public Disclosure: March 12, 2015 
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2015-2062
Risk Level: Medium 
CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

WordPress Pie Register 2.0.14 Cross Site Scripting

12 marzo 2015 - Fonte: http://www.mondounix.com
[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 09/03/2015
[+]Type:WebApp
[+]Risk:High
[+]Affected Version:All
[+]Overview:
Pie Register 2.x suffers, from an XSS vulnerability.
 
[+]Proof Of Concept:
 
[PHP]
global $piereg_dir_path;
include_once( PIEREG_DIR_NAME."/classes/invitation_code_pagination.php");
 
if(isset($_POST['notice']) && $_POST['notice'] ){
  echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '.</strong></p></div>';
}elseif(isset($_POST['error']) && $_POST['error'] ){
  echo '<div id="error" class="error fade"><p><strong>'...

Leggi il seguito »

WordPress Plugin Google Analytics by Yoast Stored XSS

9 marzo 2015 - Fonte: http://www.mondounix.com
Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
 
. contents:: Table Of Content
 
Overview
 
Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
Author: Kaustubh G. Padwad, Rohit Kumar.
Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytics/
Severity: Medium
Version Affected: Version 5.3.2 and mostly prior to it
Version Tested : Version 5.3.2
version patched:
Description
 
Vulnerable Parameter
 
Current UA-Profile
Manually enter your UA code
Label for those links
Set path for internal links to track as outbound links:
Subdomain tracking:
Extensions of files to track as downloads:
About Vulnerability
 
This plugin is vulnerable to...

Leggi il seguito »

WordPress WP All 3.2.3 Shell Upload

5 marzo 2015 - Fonte: http://www.mondounix.com
------------------------------------------------------------------------------
WordPress WP All Import Plugin RCE
------------------------------------------------------------------------------
 
[-] Vulnerability Author:
 
James Golovich ( @Pritect )
 
[-] Exploit Author
 
Evex ( @Evex_1337 )
 
[-] Plugin Link:
 
https://wordpress.org/plugins/wp-all-import/
 
[-] Affected Version:
 
Version <= 3.2.3
 
 
[-] Vulnerability Description:
 
 
    Retrieve any file on the system that ends in .txt
    Retrieve any file on the system that ends in .html
    Retrieve any value from the postmeta table
    Upload arbitrary files to system
 
 
Reference:
http://www.pritect.net/blog/wp-all-import-3-2-3-pro-4-0-3-vulnerability-breakdown
 
 
[-]...

Leggi il seguito »