WordPress Ajax Store Locator SQL Injection Vulnerability

###################### # Exploit Title : WordPress Ajax Store Locator <= 1.2 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356 # Software Link : Premium # Dork Google: inurl:ajax-store-locator # index of ajax-store-locator # Date : 2015-03-29 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # Info: The "sl_dal_searchlocation_cbf" ajax function is affected from SQL Injection vulnerability "StoreLocation" var is not sanitized ##################### Discovered By : Claudio Viviani http://www....

April 15, 2015 · 1 min · claudio

WordPress Video Gallery 2.8 SQL Injection Vulnerability

###################### # Exploit Title : WordPress Video Gallery 2.8 SQL Injection Vulnerabilitiy # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip # Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense # Date : 2015-04-04 # Tested on : Linux / Mozilla Firefox ###################### # Description Wordpress Video Gallery 2.8 suffers from SQL injection ###################### # Vulnerability Disclosure Timeline: 2015-04-04: Discovered vulnerability 2015-04-06: Vendor Notification 2015-04-07: Vendor Response/Feedback 2015-04-07: Vendor Send Fix/Patch (same version number) 2015-04-13: Public Disclosure ####################### Discovered By : Claudio Viviani http://www....

April 13, 2015 · 1 min · claudio

WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

###################### # Exploit Title : WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip # Date : 2015-04-1 # Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/ # Tested on : Linux BackBox 4.0 / curl 7.35.0 ##################### # Info : The "upload_file()" ajax function is affected from unrestircted file upload vulnerability. ##################### Discovered By : Claudio Viviani http://www....

April 12, 2015 · 1 min · claudio

WordPress Duplicator 0.5.14 SQL Injection Vulnerability

###################### # Exploit Title : WordPress Duplicator 0.5.14 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/ # Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip # Date : 2015-04-08 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability Location file: /view/actions.php This is the bugged ajax functions wp_ajax_duplicator_package_delete: function duplicator_package_delete() { DUP_Util::CheckPermissions('export'); try { global $wpdb; $json = array(); $post = stripslashes_deep($_POST); $tblName = $wpdb->prefix ....

April 10, 2015 · 2 min · claudio

WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability

###################### # Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ # Software Link : https://mega.co.nz/#!DJAEBLBS!IBiukGo-pirelHmsRV80xZDHIvpqZKtTIqsD8YrMf7U # Date : 2015-04-05 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress All In One WP Security & Firewall 3.9.0 suffers from Blind SQL Injection vulnerability There are some pages with wordpress esc_sql function....

April 7, 2015 · 2 min · claudio