WordPress Reflex Gallery 3.1.3 Shell Upload

21 marzo 2015 - Fonte: http://www.mondounix.com
  # Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload
  # TIPE:          Arbitrary File Upload
  # Google DORK:   inurl:"wp-content/plugins/reflex-gallery/"
  # Vendor:        https://wordpress.org/plugins/reflex-gallery/
  # Tested on:     Linux
  # Version:       3.1.3 (Last)
  # EXECUTE:       php exploit.php www.alvo.com.br shell.php
  # OUTPUT:        Exploit_AFU.txt
  # POC            http://i.imgur.com/mpjXaZ9.png
  # REF COD        http://1337day.com/exploit/23369
  <form method = "POST" action = "" enctype = "multipart/form-data" >
  <input type...

Leggi il seguito »

Adobe Flash Player PCRE Regex Logic Error

18 marzo 2015 - Fonte: http://www.mondounix.com
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking
  CLASSID =  'd27cdb6e-ae6d-11cf-96b8-444553540000'
  include Msf::Exploit::Powershell
  include Msf::Exploit::Remote::BrowserExploitServer
  def initialize(info={})
      'Name'           => "Adobe Flash Player PCRE Regex Vulnerability",
      'Description'    => %q{
        This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error
        in the PCRE engine, specifically in the handling of the \c...

Leggi il seguito »

[Networking – LAB] Simple GRE Tunnel + IpSEC on Cisco router

15 marzo 2015 - Fonte: http://www.stefanolaguardia.eu

Tunnel GRE + IpSEC TopologyToday I was reviewing GRE tunnels and their interaction with IpSEC and I decided to create a very simple and small Lab in GNS3 to have a little bit of practice with it. At the end of the article you will find the Topology file for GNS3 so you can follow the steps showed in this post.

The goal is to have 2 branches exchanging Routing updates (we will use EIGRP) over a...

Leggi il seguito »

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

14 marzo 2015 - Fonte: http://www.mondounix.com
*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security

Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id
Parameters XSS Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),

*Advisory Details:*

*(1) Vendor & Product...

Leggi il seguito »

WordPress Huge IT Slider 2.6.8 SQL Injection

14 marzo 2015 - Fonte: http://www.mondounix.com
Advisory ID: HTB23250
Product: Huge IT Slider WordPress Plugin
Vendor: Huge-IT
Vulnerable Version(s): 2.6.8 and probably prior
Tested Version: 2.6.8
Advisory Publication:  February 19, 2015  [without technical details]
Vendor Notification: February 19, 2015 
Vendor Patch: March 11, 2015 
Public Disclosure: March 12, 2015 
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2015-2062
Risk Level: Medium 
CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
Advisory Details:

Leggi il seguito »

WordPress Pie Register 2.0.14 Cross Site Scripting

12 marzo 2015 - Fonte: http://www.mondounix.com
[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability
[+]Date: 09/03/2015
[+]Affected Version:All
Pie Register 2.x suffers, from an XSS vulnerability.
[+]Proof Of Concept:
global $piereg_dir_path;
include_once( PIEREG_DIR_NAME."/classes/invitation_code_pagination.php");
if(isset($_POST['notice']) && $_POST['notice'] ){
  echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '.</strong></p></div>';
}elseif(isset($_POST['error']) && $_POST['error'] ){
  echo '<div id="error" class="error fade"><p><strong>'...

Leggi il seguito »

WordPress Fraction Theme 1.1.1 Privilege Escalation

12 marzo 2015 - Fonte: http://www.mondounix.com
WordPress Fraction Theme 1.1.1 Previlage Escalation
[-] Theme Link:
[-] Affected Version:
Version: 1.1.1
[-] Vulnerability Description:
This vulnerability allows an attacker to escalate privileges on the site
and have an admin account which may lead to a full site takeover
the vulnerability is in /fraction-theme/functions/ajax.php there is this
function called "ot_save_options":
function ot_save_options() {
    $fields = $_REQUEST;

Leggi il seguito »

Apple corregge un nuovo exploit del Team TaiG con iOS 8.2, cresce la curiositá per Raz0r8

10 marzo 2015 - Fonte: http://www.biteyourapple.net

Il rilascio di iOS 8.2 si è svolto “secondo il copione” a partire dalle ore seguenti la conclusione del KeynoteSpring Forward” ma assieme alle già anticipate novità è arrivata anche una notizia piuttosto inattesa: a dispetto delle ottimistiche dichiarazioni del Team TaiG, Apple sembrerebbe aver giocato d’anticipo.


Leggi il seguito »

WordPress Plugin Google Analytics by Yoast Stored XSS

9 marzo 2015 - Fonte: http://www.mondounix.com
Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
. contents:: Table Of Content
Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
Author: Kaustubh G. Padwad, Rohit Kumar.
Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytics/
Severity: Medium
Version Affected: Version 5.3.2 and mostly prior to it
Version Tested : Version 5.3.2
version patched:
Vulnerable Parameter
Current UA-Profile
Manually enter your UA code
Label for those links
Set path for internal links to track as outbound links:
Subdomain tracking:
Extensions of files to track as downloads:
About Vulnerability
This plugin is vulnerable to...

Leggi il seguito »

ocPortal 9.0.16 Multiply XSS Vulnerabilities

9 marzo 2015 - Fonte: http://www.mondounix.com
# Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities
# Google Dork: "Copyright (c) ocPortal 2011 "
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://ocportal.com/
# Vendor contacted: 22-2-2015
# Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htm
# Version: 9.0.16
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64
ocPortal ->
Version:                9.0.16
Type:                   XSS
Severity:               Critical
Info Exploit:           There are MANY possibilities to execute XSS on the new released ocPortal.
All XSS attacks are done by a new registered user, so no extra rights are given. It's all standard.

Leggi il seguito »