# Exploit Title : LibrettoCMS 2.2.2 Malicious File Upload
# Date : 14 June 2013
# Exploit Author : CWH Underground
# Site : www.2600.in.th
# Vendor Homepage : http://libretto.artwebonline.com/
# Software Link : http://jaist.dl.sourceforge.net/project/librettocms/librettoCMS_v.2.2.2.zip
# Version : 2.2.2
# Tested on : Window and Linux
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
#####################################################
DESCRIPTION
#####################################################
LibrettoCMS...
Leggi il seguito »
Libretto CMS 2.2.2 Shell Upload
WordPress NextGEN Gallery 1.9.12 Shell Upload
15 giugno 2013 - Fonte: http://www.mondounix.com
##############################################################
- S21Sec Advisory -
##############################################################
Title: NextGEN Gallery 1.9.12 Arbitrary File Upload
ID: S21SEC-046-en
CVE ID: CVE-2013-3684
Severity: High
Status: Fixed
History: 27.May.2013 Vulnerability discovered
28.May.2013 Vendor informed
12.Jun.2013 Fix released
Authors: Marcos Agüero (maguero@s21sec.com)
URL: http://www.s21sec.com/images/labs/advisories/s21sec-046-en.txt
Release: Public
[ SUMMARY ]
NextGEN Gallery is a WordPress gallery plugin that offers sophisticated...
Leggi il seguito »
Moxiecode Image Manager 3.1.5 Shell Upload
21 maggio 2013 - Fonte: http://www.mondounix.com
I want to warn you about vulnerabilities in Moxiecode Image Manager (MCImageManager). This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Code Execution on IIS and Apache web servers. ------------------------- Affected products: ------------------------- Vulnerable are Moxiecode Image Manager 3.1.5 and previous versions. ------------------------- Affected vendors: ------------------------- Moxiecode http://www.moxiecode.com ---------- Details: ---------- Arbitrary File Uploading (WASC-31): http://site/path/tiny_mce/plugins/imagemanager/pages/im/index.html Execution...
Leggi il seguito »
Drupal Htmlarea 4.7.x-1.x Shell Upload
9 maggio 2013 - Fonte: http://www.mondounix.com
# Title: Drupal Htmlarea Modules (4.7.x-1.x) / Arbitary File Upload Vulnerabilities
# Author: Net.Edit0r
# Contact: Net.Edit0r[at]Att[dot]Net
# Vendor: https://drupal.org/project/htmlarea
# Software Link: http://ftp.drupal.org/files/projects/htmlarea-4.7.x-1.x-dev.zip
# Version: 4.7.x-1.x (The new version of the module is vulnerable fix)
# Tested on: Linux
- About the Software:
Allows Drupal to use the HTMLArea WYSIWYG formatter to replace text area fields.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1) File Upload Vulnerabilities in "/insert_image.php"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Vulnerable Code Snippet :
every use...
Leggi il seguito »
Joomla Janissaries Civicrm Shell Upload
28 aprile 2013 - Fonte: http://www.mondounix.com
<?php
/*
----------------------------------------------------------------------------
.__ .__
_____ |__|___.__._____ ____ | |__ __ __ ____ ____
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /
\/ \/ \/ \/ \/ \//_____/
-----------------------------------------------------------------------------
* Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread
* Coded by Miyachung
* Stay away from lamers o.O
* Contact: miyachung@hotmail.com
* Special Thanks : B127Y
*...
Leggi il seguito »
CMSLogik 1.2.1 Shell Upload
22 aprile 2013 - Fonte: http://www.mondounix.com
#!/usr/bin/python # # CMSLogik 1.2.1 (upload_file_ajax()) Shell Upload Exploit # # # Vendor: ThemeLogik # Product web page: http://www.themelogik.com/cmslogik # Affected version: 1.2.1 and 1.2.0 # # Summary: CMSLogik is built on a solid & lightweight framework # called CodeIgniter, and design powered by Bootstrap. This # combination allows for greater security, extensive flexibility, # and ease of use. You can use CMSLogik for almost any niche that # your project might fall into. # # Desc: The vulnerability is caused due to the improper verification # of uploaded files in '/application/controllers/support.php' script # thru the 'upload_file_ajax()' function. This can be exploited to # execute arbitrary PHP code by uploading...
Leggi il seguito »
PHPBoost 4.0 Shell Upload
13 marzo 2013 - Fonte: http://www.mondounix.com
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1...
Leggi il seguito »
WiFilet 1.2 CSRF / LFI / Shell Upload
27 febbraio 2013 - Fonte: http://www.mondounix.com
Title: ====== WiFilet v1.2 iPad iPhone - Multiple Web Vulnerabilities Date: ===== 2013-02-22 References: =========== http://www.vulnerability-lab.com/get_content.php?id=867 VL-ID: ===== 867 Common Vulnerability Scoring System: ==================================== 6.3 Introduction: ============= WiFilet will makes your iPhone/iPad a mobile disk,you can use browsers upload or download files between iPhone/iPad and PC through WIFI. * Easily sync musics between computers and play them directly. * Easily browse photo libraries via a web browser. * Simple & handy UI * Progress of the uploading files * Open files(like images,word,excel,ppt etc.) directly...
Leggi il seguito »
chillyCMS 1.3.0 Shell Upload / Access Bypass
17 febbraio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: chillyCMS 1.3.0 Multiple Vulnerabilities
# Google Dork: "powered by chillyCMS"
# Date: 15 February 2013
# Exploit Author: Abhi M Balakrishnan
# Vendor Homepage: http://chillycms.bplaced.net/
# Software Link: http://chillycms.bplaced.net/chillyCMS/media/files/chillyCMS_full.zip
# Version: 1.3.0
# Tested on: uWAMP 2.1 (PHP 5.2.17, MySQL 5.5.9), Windows 8
# Video: http://www.youtube.com/watch?v=6B3rND9S75g
# Vulnerability
Failure to Restrict URL Access
chillyCMS uses 302 redirects to restrict access to the unautorized pages.
# Exploit
Step 1: Create a rule in No-Redirect Add-on: ^http://localhost/chillyCMS/
Step 2: Access http://localhost/chillyCMS/admin/
#...
Leggi il seguito »
OpenEMR 4.1.1 Shell Upload
14 febbraio 2013 - Fonte: http://www.mondounix.com
<?php /* OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Desc: The vulnerability is caused due to the improper verification of uploaded files in '/library/openflashchart/php-ofc-library/ofc_upload_image.php' script thru the 'name' parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. ================================================================================ /library/openflashchart/php-ofc-library/ofc_upload_image.php: ------------------------------------------------------------- 21:...
Leggi il seguito »
