Vuln. discovered

###################### # Exploit Title : WordPress BSK PDF Manager 1.3.2 Authenticated SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.bannersky.com/bsk-pdf-manager/ # Software Link : http://downloads.wordpress.org/plugin/bsk-pdf-manager.zip # Date : 2014-07-04 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Location : http://localhost/wp-content/plugins/compfight/compfight-search.php ###################### # Vulnerable code : [claudio@localhost ~]$ grep -R GET bsk-pdf-manager/ bsk-pdf-manager/inc/bsk-pdf-dashboard.php: if(isset($_GET['view']) && $_GET['view']){ bsk-pdf-manager/inc/bsk-pdf-dashboard....

###################### # Exploit Title : WordPress Compfight 1.4 Authenticated Cross Site Scripting # Exploit Author : Claudio Viviani - HomeLab IT # Vendor Homepage : http://wordpress.org/plugins/easy-banners/ # Software Link : http://downloads.wordpress.org/plugin/compfight.1.4.zip # Date : 2014-07-03 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://localhost/wp-content/plugins/compfight/compfight-search.php ###################### # Vulnerable code : if (!$search_value) { $input_text = 'Enter Keyword(s)'; } else { $input_text = $search_value; } if ($show_title) { $output ....