Tags archives: php

 

0

Joomla Content History SQL Injection Remote Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper   def initialize(info={}) super(update_info(info, ‘Name’ => “Joomla Content History SQLi Remote Code Execution”, ‘Description’ => %q{ This module exploits a SQL injection vulnerability found in Joomla versions […]

 

0

WordPress Ajax Load More PHP Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info(info, ‘Name’ => ‘Wordpress Ajax Load More PHP Upload Vulnerability’, ‘Description’ => %q{ This module exploits an arbitrary file upload in the […]

 

0

WP Fastest Cache 0.8.4.8 Blind SQL Injection

# Exploit Title: WP Fastest Cache 0.8.4.8 Blind SQL Injection # Date: 11-11-2015 # Software Link: https://wordpress.org/plugins/wp-fastest-cache/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps   1. Description   For this vulnerabilities also WP-Polls needs to be installed.   Everyone can access wpfc_wppolls_ajax_request().   $_POST[“poll_id”] is not escaped properly. […]

 

0

WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting

###################################################################### # Exploit Title: Wordpress plugin neuvoo-jobroll 2.0 Reflected Cross-Site Scripting (RXSS) # Date: 05/11/2015 # Author: Mickael Dorigny @ Synetis # Vendor or Software Link: http://neuvoo.fr/fr # Version: 2.0 # Category: Reflected Cross Site Scripting # Google dork: # Tested on : Wordpress with neuvoo-jobroll 2.0 ######################################################################   Neuvoo description : ======================================================================   Neuvoo […]

 

0

WordPress Font 7.5 Path Traversal

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 (Pending) CVSS: 6.3 (Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N) CWE: CWE-22   Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read access to system files such as /etc/passwd. Font is a WordPress plugin with over 40,000 active installs.   Vulnerability ================ The vulnerability is […]

 

0

WordPress Pie Register 2.0.18 SQL Injection

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89   Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow SQL injection by admins leading to loss of database confidentiality. Pie Register is a WordPress plugin with over 10,000 active installs.   Vulnerabilities ================ […]

 

0

WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/   Events Made Easy is a full-featured event management solution for WordPress. Events Made Easy supports public, private, draft and recurring events, locations management, RSVP (+ optional approval), Paypal, 2Checkout, FirstData and Google maps. With Events Made Easy you can […]

 

0

WordPress mTheme-Unus Local File Inclusion

####################################### # Exploit Title: Wordpress themes mTheme-Unus LFI Vulnerability # # Date: 2015-09-27 # Exploit Author: FullSecurity.org # Google Dork: ilnurl:/wp-content/themes/mTheme-Unus/ # Vendor Homepage: https://wordpress.org/ # Tested on : Kali Linux ######################################## Description : Wordpress Themes mTheme-Unus not filtering data so we can get the configration file in the path < site.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php>   # Exploite […]

 

0

Joomla JNews SQL Injection

# Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management.   ################################################################################################## # Exploit Title: [Joomla component com_jnews – SQL injection] # Google Dork: [inurl:option=com_jnews] # Date: [2015-10-29] # Exploit Author: [Omer Ramić] # Twitter: https://twitter.com/sp_omer # Vendor Homepage: [http://www.joobi.co/] # Software Link: [http://www.joobi.co/index.php?option=com_content&view=article&id=8652&Itemid=3031] # Version: [8.5.1] & […]

 

0

Come installare Oxwall su un VPS Linux

Oxwall è una piattaforma opensource per realizzare social networking, che è molto flessibile e molto facile da usare. È scritto in PHP ed utilizza MySQL come database per memorizzare i dati. Molti plugin sono disponibili nel deposito Oxwall, al fine di migliorare la funzionalità di base della piattaforma di social networking. Oggi, vi mostro come …

L’articolo Come installare Oxwall su un VPS Linux sembra essere il primo su Blog italiano su linux e l’open-source.