Tags archives: php

 

0

Installare PHP7 su Debian Jessie

La distribuzione Debian 8 (Jessie) è stata pubblicata ormai da più di un anno. Di default, questa distro mette a disposizione la versione 5.6 di PHP che per molte situazioni è adeguata; ma per chi vuole sfruttare i benefici delle ultime novità e, perché no, un aumento decisamente visibile delle prestazioni, è arrivato il momento […]

 

0

Roundcube: risolvere l'errore Net_LDAP2_RootDSE::construct() must be public

Per rosolvere il seguente errore in roundcube PHP Fatal error: Access level to Net_LDAP2_RootDSE::__construct() must be public (as in class PEAR) in roundcubemail/vendor/pear-pear.php.net/Net_LDAP2/Net/LDAP2/RootDSE.php on line 238 Seguire i passi: cd <roundcube-root-folder> Installare composer.phar: curl -s https://getcomposer.org/installer | php copiare il template composer.json-dist in composer.json modificare il file composer.json, nella sezione "require" aggiungere la riga"pear-pear.php.net/net_ldap2": "~2.2.0",…

 

 

0

Joomla Content History SQL Injection Remote Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core'   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper   def initialize(info={}) super(update_info(info, 'Name' => "Joomla Content History SQLi Remote Code Execution", 'Description' => %q{ This module exploits a SQL injection vulnerability found in Joomla versions [...]

 

0

WordPress Ajax Load More PHP Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core'   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info(info, 'Name' => 'Wordpress Ajax Load More PHP Upload Vulnerability', 'Description' => %q{ This module exploits an arbitrary file upload in the [...]

 

0

WP Fastest Cache 0.8.4.8 Blind SQL Injection

# Exploit Title: WP Fastest Cache 0.8.4.8 Blind SQL Injection # Date: 11-11-2015 # Software Link: https://wordpress.org/plugins/wp-fastest-cache/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps   1. Description   For this vulnerabilities also WP-Polls needs to be installed.   Everyone can access wpfc_wppolls_ajax_request().   $_POST["poll_id"] is not escaped properly. [...]

 

0

WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting

###################################################################### # Exploit Title: Wordpress plugin neuvoo-jobroll 2.0 Reflected Cross-Site Scripting (RXSS) # Date: 05/11/2015 # Author: Mickael Dorigny @ Synetis # Vendor or Software Link: http://neuvoo.fr/fr # Version: 2.0 # Category: Reflected Cross Site Scripting # Google dork: # Tested on : Wordpress with neuvoo-jobroll 2.0 ######################################################################   Neuvoo description : ======================================================================   Neuvoo [...]

 

0

WordPress Font 7.5 Path Traversal

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 (Pending) CVSS: 6.3 (Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N) CWE: CWE-22   Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read access to system files such as /etc/passwd. Font is a WordPress plugin with over 40,000 active installs.   Vulnerability ================ The vulnerability is [...]

 

0

WordPress Pie Register 2.0.18 SQL Injection

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89   Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow SQL injection by admins leading to loss of database confidentiality. Pie Register is a WordPress plugin with over 10,000 active installs.   Vulnerabilities ================ [...]

 

0

WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/   Events Made Easy is a full-featured event management solution for WordPress. Events Made Easy supports public, private, draft and recurring events, locations management, RSVP (+ optional approval), Paypal, 2Checkout, FirstData and Google maps. With Events Made Easy you can [...]