WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

###################### # Exploit Title : WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip # Date : 2015-04-1 # Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/ # Tested on : Linux BackBox 4.0 / curl 7.35.0 ##################### # Info : The "upload_file()" ajax function is affected from unrestircted file upload vulnerability. ##################### Discovered By : Claudio Viviani http://www....

April 12, 2015 · 1 min · claudio

WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability

###################### # Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ # Software Link : https://mega.co.nz/#!DJAEBLBS!IBiukGo-pirelHmsRV80xZDHIvpqZKtTIqsD8YrMf7U # Date : 2015-04-05 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress All In One WP Security & Firewall 3.9.0 suffers from Blind SQL Injection vulnerability There are some pages with wordpress esc_sql function....

April 7, 2015 · 2 min · claudio

Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability

###################### # Exploit Title : Joomla Mac Gallery <= 1.5 Arbitrary File Download # Exploit Author : Claudio Viviani # Vendor Homepage : https://www.apptha.com # Software Link : https://www.apptha.com/downloadable/download/sample/sample_id/18 # Dork Google: inurl:option=com_macgallery # Date : 2014-09-17 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Info: # Joomla Mac Gallery suffers from Arbitrary File Download vulnerability # PoC Exploit: # http://localhost/index.php?option=com_macgallery&view=download&albumid=[../../filename] # "album_id" variable is not sanitized....

September 21, 2014 · 1 min · claudio