WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal

26 gennaio 2015 - Fonte: http://www.mondounix.com
 Mogwai Security Advisory MSA-2015-01
----------------------------------------------------------------------
  Title:              WP Pixarbay Images Multiple Vulnerabilities
  Product:            Pixarbay Images (Wordpress Plugin)
  Affected versions:  2.3
  Impact:             high
  Remote:             yes
  Product link:       https://wordpress.org/plugins/pixabay-images/
  Reported:           14/01/2015
  by:                 Hans-Martin Muench (Mogwai, IT-Sicherheitsberatung Muench)
 
 
Vendor's Description of the Software:
----------------------------------------------------------------------
Pixabay Images is a WordPress plugin that let's you pick CC0 public domain pictures from Pixabay and insert them with just...

Leggi il seguito »

WordPress CIP4 Folder Download 1.10 Local File Inclusion

19 gennaio 2015 - Fonte: http://www.mondounix.com
# Exploit Title: CIP4 Folder Download Widget LFI
# Google Dork: index of :/cip4-folder-download-widget
# Date: 13-01-2015
# Exploit Author: Ben khlifa Fahmi (XTnR3v0lt)
# Vendor Homepage: http://community.cip4.org
# Software Link: https://wordpress.org/plugins/cip4-folder-download-widget/
# Version: 1.10
# Tested on: Ubuntu 14.04
 
Dork : 
inurl:/wp-content/plugins/cip4-folder-download-widget/
 
Exploit : 
http://localhost/[wordpress]/wp-content/plugins/cip4-folder-download-widget/cip4-download.php?target=wp-config.php&info=wp-config.php
 
Ben khlifa Fahmi - Founder & CEO of Tunisian Cyber Army
Greetz to : Joseph - Michou - hackerXben - RaisoMos - Lola - All muslim hackers world wide

(8)

...

Leggi il seguito »

WordPress Slideoptinprox Cross Site Scripting

14 gennaio 2015 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress slideoptinprox Plugin Cross site  
scripting vulnerability
|
|[*] Google Dork: inurl:"/wp-content/plugins/slideoptinprox/"
|
|[*] Date : Date: 2015-01-08
|
|[*] Exploit Author: Ashiyane Digital Security Team
|
|[*]Vendor Homepage : https://pluginu.com/slideoptinprox/
|
|[*] Tested on: Windows 8.1,Kali Linux
|
|-------------------------------------------------------------------------|
|
|[*] Location :
[localhost]/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=[XSS]
|
|-------------------------------------------------------------------------|
|[*]...

Leggi il seguito »

WordPress Simple Security Plugin XSS vulnerabilities

14 gennaio 2015 - Fonte: http://www.mondounix.com
Advisory ID: HTB23244
Product: Simple Security WordPress Plugin
Vendor: MyWebsiteAdvisor 
Vulnerable Version(s): 1.1.5 and probably prior
Tested Version: 1.1.5
Advisory Publication:  December 17, 2014  [without technical details]
Vendor Notification: December 17, 2014 
Public Disclosure: January 14, 2015 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9570
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

WordPress WP Unique Article Header Image 1.0 CSRF / XSS

14 gennaio 2015 - Fonte: http://www.mondounix.com
**************************************************************************************
# Title: CSRF / Stored XSS Vulnerability in WP Unique Article Header Image Wordpress Plugin 
# Author: Manideep K  
# cve-id : CVE-2014-9400
# Plugin Homepage: https://wordpress.org/plugins/wp-unique-article-header-image/
# Version Affected: 1.0  (probably lower versions)
# Severity: High 
 
# Description: 
Vulnerable Parameter: gt_default_header and gt_homepage_header
# Vulnerability Class:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29          
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
# About Vulnerability:  This plugin is vulnerable to a combination...

Leggi il seguito »

WordPress WP Limit Posts Automatically 0.7 CSRF / XSS

14 gennaio 2015 - Fonte: http://www.mondounix.com
# Title: CSRF / Stored XSS Vulnerability in WP Limit Posts Automatically Wordpress Plugin 
# Author: Manideep K  
# cve-id: CVE-2014-9401
# Plugin Homepage: https://wordpress.org/plugins/wp-limit-posts-automatically/
# Version Affected: 0.7 (probably lower versions)
# Severity: High 
 
# Description: 
# Vulnerable Parameter:  all text fields to name - lpa_post_letters
# About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically...

Leggi il seguito »

WordPress TweetScribe 1.1 CSRF / XSS

14 gennaio 2015 - Fonte: http://www.mondounix.com
**************************************************************************************
# Title: CSRF / Stored XSS Vulnerability in TweetScribe Wordpress Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9399
# Plugin Homepage: https://wordpress.org/plugins/tweetscribe/
# Version Affected: 1.1  (probably lower versions)
# Severity: High 
 
# Description: 
Vulnerable Parameter: tweetscribe_username
Vulnerability Class: 
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29          
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
# About Vulnerability:  This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked...

Leggi il seguito »

WordPress Twitter LiveBlog 1.1.2 CSRF / XSS

14 gennaio 2015 - Fonte: http://www.mondounix.com
# Title: CSRF / Stored XSS Vulnerability in Twitter LiveBlog Wordpress Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9398 
# Plugin Homepage: https://wordpress.org/plugins/twitter-liveblog/
# Version Affected: 1.1.2 (probably lower versions)
# Severity: High 
 
# Description: 
# Vulnerable Parameter:  mashtlb_twitter_username etc
# About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies...

Leggi il seguito »

WordPress Simplelife 1.2 CSRF / XSS

14 gennaio 2015 - Fonte: http://www.mondounix.com
**************************************************************************************
# Title: CSRF / Stored XSS Vulnerability in Simplelife Wordpress Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9395
# Plugin Homepage: https://wordpress.org/plugins/simplelife/
# Version Affected:  1.2 (probably lower versions)
# Severity: High 
 
# Description: 
Vulnerable Parameter: multiple fields such as simplehoverback, simplehovertext , flickrback etc
Vulnerability Class: 
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29          
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
# About Vulnerability:  This plugin is vulnerable to a combination of CSRF/XSS...

Leggi il seguito »

WordPress twimp-wp Cross Site Request Forgery / Cross Site Scripting

14 gennaio 2015 - Fonte: http://www.mondounix.com
# Title: CSRF / Stored XSS Vulnerability in twimp-wp Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9397
# Plugin Homepage: https://wordpress.org/plugins/twimp-wp/
# Version Affected: (probably lower versions)
# Severity: High 
 
# Description: 
# Vulnerable Parameter: all text boxes , to name one - id & parameter:"message_format"
# About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's...

Leggi il seguito »