Tags archives: php

 

0

WordPress Fusion Engage Local File Disclosure

Fusion Engage is a commercial wordpress plugin sold by internet marketer (and known scammer) Precious Ngwu to.. I’m actually not sure. Something to do with video embedding.   Anyway, it has a LFD. Here’s the relevant code..   function fe_get_sv_html(){ global $wpdb, $video_db, $ann_db;   print(file_get_contents($_POST['video']));   wp_die(); }add_action(‘wp_ajax_nopriv_fe_get_sv_html’, ‘fe_get_sv_html’);add_action(‘wp_ajax_fe_get_sv_html’, ‘fe_get_sv_html’);   So, you can [...]

 

0

WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection

######################   # Exploit Title : Wordpress Duplicator <= 0.5.14 – SQL Injection & CSRF   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/   # Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip   # Date : 2015-04-08   # Tested on : Linux / Mozilla Firefox   ######################   # Description   Wordpress [...]

 

0

WordPress Windows Desktop And iPhone Photo Uploader File Upload

################################################################################################## #Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility #Author : Manish Kishan Tanwar AKA error1046 #Home Page : https://wordpress.org/plugins/i-dump-iphone-to-wordpress-photo-uploader/ #Download Link : https://downloads.wordpress.org/plugin/i-dump-iphone-to-wordpress-photo-uploader.1.8.zip #Date : 9/04/2015 #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi #Discovered At : Indishell Lab ##################################################################################################   //////////////////////// /// Overview: [...]

 

0

WordPress Shareaholic 7.6.0.3 Cross Site Scripting

# Exploit Title: Shareaholic 7.6.0.3 XSS # Date: 10-11-2014 # Software Link: https://wordpress.org/plugins/shareaholic/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # CVE: CVE-2014-9311 # Category: webapps   1. Description   ShareaholicAdmin::add_location is accessible for every registered user.   File: shareaholicshareaholic.php   add_action(‘wp_ajax_shareaholic_add_location’, array(‘ShareaholicAdmin’, ‘add_location’));     $_POST['location'] is not escaped.   [...]

 

 

0

Joomla Gallery WD SQL Injection

###################################################################### # Exploit Title: Joomla Gallery WD – SQL Injection Vulnerability # Google Dork: inurl:option=com_gallery_wd # Date: 29.03.2015 # Exploit Author: CrashBandicot (@DosPerl) # Vendor HomePage: http://web-dorado.com/ # Source Component : http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-wd # Tested on: Windows ######################################################################   parameter ‘theme_id’ in GET vulnerable   # Example : # Parameter: theme_id (GET) # Type: error-based # [...]

 

0

WordPress Revolution Slider File Upload

###################################################################### # Exploit Title: Wordpress Plugin Revolution Slider – Unrestricted File Upload # Google Dork: Y0ur Brain # Date: 27.03.2015 # Exploit Author: CrashBandicot (@DosPerl) # Vendor HomePage: http://revolution.themepunch.com/ # Version: old # Tested on: Windows ######################################################################     # Path of File : /wp-content/plugins/revslider/revslider_admin.php # Vulnerable File : revslider_admin.php   232. $action = self::getPostGetVar(“client_action”); [...]

 

0

WordPress Simple Ads Manager SQL Injection

#Vulnerability title: Wordpress plugin Simple Ads Manager – SQL Injection #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link: https://wordpress.org/plugins/simple-ads-manager/ #CVE ID: CVE-2015-2824 #Author: Le Hong Minh (minh.h.le () itas vn) & ITAS Team     ::PROOF OF CONCEPT::   —SQL INJECTION 1—   + REQUEST: [...]

 

0

WordPress videowhisper-video-conference-integration v4.91.8 Remote file upload v4.91.8

Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/support/plugin/videowhisper-video-conference-integration Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03-31, won’t fix. http://www.videowhisper.com/tickets_view.php?t=10019545-1427810822 Vendor Contact: http://www.videowhisper.com/tickets_submit.php Advisory: http://www.vapid.dhs.org/advisory.php?v=116 Description: From their site “VideoWhisper Video Conference is a modern web based multiple way video chat and real time file sharing tool. [...]

 

0

WordPress videowhisper-video-presentation v3.31.17 Remote file upload

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03-31 won’t fix, http://www.videowhisper.com/tickets_view.php?t=10019545-1427810822 Vendor Contact: http://www.videowhisper.com/tickets_submit.php Advisory: http://www.vapid.dhs.org/advisory.php?v=117 Description: from the site “VideoWhisper Video Consultation is a web based video communication solution designed for online video consultations, interactive live presentations, [...]