###################### # Exploit Title : WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip # Date : 2015-04-1
# Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/ # Tested on : Linux BackBox 4.0 / curl 7.35.0 ##################### # Info : The "upload_file()" ajax function is affected from unrestircted file upload vulnerability. ##################### Discovered By : Claudio Viviani http://www....
######################
# Exploit Title : WordPress Duplicator 0.5.14 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/
# Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip
# Date : 2015-04-08
# Tested on : Linux / Mozilla Firefox ######################
# Description
WordPress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability
Location file: /view/actions.php
This is the bugged ajax functions wp_ajax_duplicator_package_delete:
function duplicator_package_delete() {
DUP_Util::CheckPermissions('export');
try {
global $wpdb;
$json = array();
$post = stripslashes_deep($_POST);
$tblName = $wpdb->prefix ....
######################
# Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
# Software Link : https://mega.co.nz/#!DJAEBLBS!IBiukGo-pirelHmsRV80xZDHIvpqZKtTIqsD8YrMf7U
# Date : 2015-04-05
# Tested on : Linux / Mozilla Firefox
######################
# Description
WordPress All In One WP Security & Firewall 3.9.0 suffers from Blind SQL Injection vulnerability
There are some pages with wordpress esc_sql function....
######################
# Exploit Title : WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability
# Exploit Author : Claudio Viviani
# Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip
# Date : 2015-03-14
# Tested on : Linux BackBox 4.0 / curl 7.35.0
######################
# Description:
Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving....
___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ __ __ __ | Y .---.-.----| |--.-----| |_.-----| .---.-.----.-----.
|. | _ | _| <| -__| _| _ | | _ | __| -__|
|. \_/ |___._|__| |__|__|_____|____| __|__|___._|____|_____|
|: | | |__| |::....