Security Blog by Claudio Viviani
Articolo che spiega come utilizzare i socket in python per elaborare i pacchetti del protocollo “Internet Protocol” ai fini di creare uno sniffer di rete.
In particolare verranno intercettate e loggate connessioni POP3 e IMAP.
Wordpress Download Manager 2.7.4 and below suffers from Remote Code Execution Vulnerability.
This exploit add a new Wordpress Administrator account.
Wordpress WP Symposium 14.11 suffers from Unauthenticated Shell Upload Vulnerability
The Wordpress Premium plugin WpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability. Wordpress WpDataTables Python Exploit
Joomla HD FLV Player 2.1.0.1 and below suffers from Arbitrary File Download Vulnerability. The “f” variable is not sanitized. Python Exploit.
Joomla HD FLV Player 2.1.0.1 and below suffers from SQL Injection Vulnerability. “id” variable is not sanitized
Tested on Wordpress 3.x/4.x with Python 2.4/2.6/2.7
Features:
1) Multithreading
2) http and https protocols
3) Random User Agent
Wordpress e Python: Articolo che spiega come eseguire il processo di login verso il cms Wordpress tramite il linguaggio Python.
Joomla RD Download Sql Injection suffers from Sql Injection vulnerability – Python Exploit
######################
# Exploit Title : Joomla Spider Contacts <= 1.3.6 SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://web-dorado.com/ # Software Link : http://web-dorado.com/?option=com_wdsubscriptions&view=dwnldfree&format=row&id=60 # Mirror Link : https://mega.co.nz/#!mJwlUahJ!fx7d1ZQszaD3-k66PjWQEBXQafJnEeRDEleN8jqbVOE # Dork Google: inurl:option=com_spidercontacts # Date : 2014-09-07 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ######################