From Dynamic to Static e WordPress non lo buchi più

Sorgente immagine: https://greggbanse.com/ Introduzione Alzi la mano chi non ha storto il naso leggendo il titolo di questo articolo? Sicuramente moltissimi ed è stata la mia stessa reazione quando mi sono imbattuto in un post dal titolo The Unhackable WordPress Blog scritto da Matthew Bryant (mandatory). Incuriosito dal titolo, volutamente provocatorio, ho continuato la lettura fino alla fine e sono rimasto molto entusiasta, in pratica il buon Matthew Bryant espone la sua teoria che si basa sul trovare un alto livello di sicurezza convertendo da dinamico a statico il CMS WordPress (e non solo)....

November 7, 2015 · 11 min · claudio

WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS

###################### # Exploit Title : WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS # Exploit Author : Claudio Viviani # Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive) # Vendor Homepage : https://wordpress.org/plugins/wp-fast-cache/ # Software Link : https://downloads.wordpress.org/plugin/wp-fast-cache.1.4.zip # Dork Google: index of wp-fast-cache # Date : 2015-05-11 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # Info WP Fast Cache is vulnerable to CSRF attacks, which can also be combined with stored/reflected XSS attacks (authenticated administrators only)....

May 27, 2015 · 1 min · claudio

WordPress Video Gallery 2.8 Unprotected Mail Page

###################### # Exploit Title : WordPress Video Gallery 2.8 Unprotected Mail Page # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip # Dork Google: index of "contus-video-gallery" # Date : 2015-04-05 # Tested on : Linux / Mozilla Firefox ###################### # Description Wordpress Video Gallery 2.8 suffers from Unprotected Mail Page. This vulnerability is exploitable to dos, phishing, mailbombing, spam... The "email" ajax action is callable from any guest visitor (/contus-video-gallery/hdflvvideoshare....

May 22, 2015 · 2 min · claudio

WordPress NEX-Forms 3.0 SQL Injection Vulnerability

###################### # Exploit Title : WordPress NEX-Forms 3.0 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive) # Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/ # Software Link : https://downloads.wordpress.org/plugin/nex-forms-express-wp-form-builder.3.0.zip # Dork Google: inurl:nex-forms-express-wp-form-builder # index of nex-forms-express-wp-form-builder # Date : 2015-03-29 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # Info: The "submit_nex_form" ajax function is affected from SQL Injection vulnerability ##################### Discovered By : Claudio Viviani http://www....

April 20, 2015 · 1 min · claudio

Simple WordPress Xml-rpc Brute Force written in bash with cURL

Simple WordPress Xml-rpc Brute Force written in bash with curl #!/bin/sh ##################### # # # Scripted By : Claudio Viviani # http://www.homelab.it # http://adf.ly/1F1MNw (Full HomelabIT Archive Exploit) # http://ffhd.homelab.it (Free Fuzzy Hashes Database) # # [email protected] # [email protected] # # https://www.facebook.com/homelabit # https://twitter.com/homelabit # https://plus.google.com/+HomelabIt1/ # https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww # ##################### url=$1 user=$2 wordlist=$3 if [ -z "$wordlist" ]; then echo "Usage: $0 http://TARGT username wordlist.txt" exit 1 elif [ !...

April 15, 2015 · 1 min · claudio