Tags archives: security

 

0

WordPress NEX-Forms 3.0 SQL Injection inurlbr

# AUTOR SCRIPT: Cleiton Pinheiro / Nick: googleINURL # Exploit name: MINI 3xplo1t-SqlMap – WordPress NEX-Forms 3.0 SQL Injection Vulnerability # Type: SQL Injection # Email: inurlbr@gmail.com # Blog: http://blog.inurl.com.br # Twitter: https://twitter.com/googleinurl # Fanpage: https://fb.com/InurlBrasil # Pastebin http://pastebin.com/u/Googleinurl # GIT: https://github.com/googleinurl # PSS: http://packetstormsecurity.com/user/googleinurl # YOUTUBE: http://youtube.com/c/INURLBrasil # PLUS: http://google.com/+INURLBrasil # Who Discovered http://www.homelab.it/index.php/2015/04/21/wordpress-nex-forms-sqli [...]

 

0

WordPress NEX-Forms 3.0 SQL Injection SQLMAP

######################   # Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability   # Exploit Author : Claudio Viviani   # Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)     # Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/   # Software Link : https://downloads.wordpress.org/plugin/nex-forms-express-wp-form-builder.3.0.zip   # Dork Google: inurl:nex-forms-express-wp-form-builder # index of nex-forms-express-wp-form-builder   # Date : 2015-03-29 [...]

 

0

WordPress Add Link to Facebook Stored Cross Site Scripting

Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin   Author: Rohit Kumar   Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/   Severity: Medium   Version Affected: Version 1.215 and mostly prior to it.   Version Tested: Version 1.215   Version Patched : 1.215   Description:   Vulnerable Parameter 1. App ID 2. App Secret 3. Custom [...]

 

0

WordPress WP Statistics 9.1.2 Cross Site Scripting

=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin ===========================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/wp-statistics/ * Severity: Medium * Version Affected: 9.1.2 and mostly prior to it * Version Tested : [...]

 

0

WordPress MiwoFTP 1.0.5 CSRF Command Execution

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)     Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5   Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress.   Desc: MiwoFTP WP Plugin suffers from a cross-site request forgery remote code execution [...]

 

0

WordPress MiwoFTP 1.0.5 Cross Site Request Forgery

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit     Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5   Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress.   Desc: Input passed to the ‘selitems[]‘ parameter is not properly sanitised before being used [...]

 

0

WordPress Video Gallery 2.8 SQL Injection

######################   # Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery   # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip   # Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense     # Date : 2015-04-04   # Tested on : Windows 7 / Mozilla Firefox Linux / [...]

 

0

WordPress N-Media Website Contact Form 1.3.4 Shell Upload

######################   # Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability   # Exploit Author : Claudio Viviani     # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip   # Date : 2015-04-1   # Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/   # Tested on : Linux BackBox 4.0 [...]

 

0

WordPress Fusion Engage Local File Disclosure

Fusion Engage is a commercial wordpress plugin sold by internet marketer (and known scammer) Precious Ngwu to.. I’m actually not sure. Something to do with video embedding.   Anyway, it has a LFD. Here’s the relevant code..   function fe_get_sv_html(){ global $wpdb, $video_db, $ann_db;   print(file_get_contents($_POST['video']));   wp_die(); }add_action(‘wp_ajax_nopriv_fe_get_sv_html’, ‘fe_get_sv_html’);add_action(‘wp_ajax_fe_get_sv_html’, ‘fe_get_sv_html’);   So, you can [...]

 

0

WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection

######################   # Exploit Title : Wordpress Duplicator <= 0.5.14 – SQL Injection & CSRF   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/   # Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip   # Date : 2015-04-08   # Tested on : Linux / Mozilla Firefox   ######################   # Description   Wordpress [...]