Skip to content

Search:

  • DVWA
    • DVWA – Setup
    • DVWA – File Upload + Bonus XSS
    • DVWA – Command Injection
    • DVWA – SQL injection + Blind + Bonus XSS
    • DVWA – XSS Reflected
  • Exploits
    • WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)
    • WordPress Download Manager Remote Code Execution (Add WP Admin)
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload
    • Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704
    • IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit
    • Gnu Bash 4.3 and below Cgi Scan + Remote Command Injection Exploit
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit + Demo
    • Joomla Spider Contacts 1.3.6 Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • NRPE <= 2.15 Remote Command Execution Exploit
  • Vuln. discovered
    • WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS
    • WordPress Video Gallery 2.8 Unprotected Mail Page
    • WordPress NEX-Forms 3.0 SQL Injection Vulnerability
    • WordPress Ajax Store Locator SQL Injection Vulnerability
    • WordPress Video Gallery 2.8 SQL Injection Vulnerability
    • WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability
    • WordPress Duplicator 0.5.14 SQL Injection Vulnerability
    • WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability
    • WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability
    • WordPress Video Gallery 2.7 SQL Injection
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress Ajax Store Locator Arbitrary File Download Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • WordPress wpDataTables SQL Injection Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress CP Multi View Event Calendar 1.01 Sql Injection
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • Joomla Spider Contacts 1.3.6 SQL Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • WordPress Spider Facebook 1.0.8 Authenticated SQL Injection
    • WordPress Huge-IT Image Gallery 1.0.1 SQL Injection
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability
    • Joomla Spider video player 2.8.3 SQL Injection
    • WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection
    • WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion
    • WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability
    • WordPress Slider <= 4.1.4 Arbitrary File Download vulnerability
    • WordPress Video Gallery 2.5 SQL Injection/XSS Vulnerabilities
    • WordPress Gallery Objects 0.4 SQL Injection
    • WordPress Tidio Gallery 1.1 Shell Upload and XSS Vulnerabilities
    • WordPress Download Manager 2.6.8 Shell Upload Vulnerability
    • WordPress BSK PDF Manager 1.3.2 SQL Injection
    • WordPress Compfight <= 1.4 Authenticated Reflected XSS Vulnerability
  • Tools
    • WordBRUTEpress v1.1 – WordPress Brute Force
    • aLFIscanner v1.0 – An0th3r LFI sC4Nn3r
  • Penetration Testing
  • Security
  • Recommended Links
    • Decoder’s Blog
    • Fabio Natalucci
    • Andrea Draghetti
    • Voidsec
    • KNX Security
    • g0blin Research

HomeLab IT

Security Blog by Claudio Viviani

Tag: python

16 agosto 201511 giugno 2017

Come creare uno sniffer di rete in Python

Posted in Python, Security by claudio Leave a Comment on Come creare uno sniffer di rete in Python

Articolo che spiega come utilizzare i socket in python per elaborare i pacchetti del protocollo “Internet Protocol” ai fini di creare uno sniffer di rete.
In particolare verranno intercettate e loggate connessioni POP3 e IMAP.

Read More
24 marzo 201515 aprile 2015

WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)

Posted in archive_exploit, Exploits, Wordpress by claudio Leave a Comment on WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)

Wordpress plugin “WP Marketplace” 2.4.0 suffers from Remote command Execution

Read More
13 dicembre 201416 aprile 2015

WordPress Download Manager Remote Code Execution Vulnerability (Add WP Admin)

Posted in archive_exploit, Exploits, Python, Wordpress by claudio Leave a Comment on WordPress Download Manager Remote Code Execution Vulnerability (Add WP Admin)

Wordpress Download Manager 2.7.4 and below suffers from Remote Code Execution Vulnerability.
This exploit add a new Wordpress Administrator account.

Read More
11 dicembre 201416 aprile 2015

WordPress WP Symposium Shell Upload Vulnerability

Posted in archive_exploit, Exploits, Python, Vuln. discovered, Wordpress by claudio 1 commento su WordPress WP Symposium Shell Upload Vulnerability

Wordpress WP Symposium 14.11 suffers from Unauthenticated Shell Upload Vulnerability

Read More
23 novembre 201416 aprile 2015

WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability

Posted in archive_exploit, Exploits, Python, Security, Vuln. discovered, Wordpress by claudio 8 commenti su WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability

The Wordpress Premium plugin WpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability. Wordpress WpDataTables Python Exploit

Read More
3 novembre 201413 aprile 2015

WordPress Brute Force Multithreading

Posted in Python, Tools, Wordpress by claudio 5 commenti su WordPress Brute Force Multithreading

Tested on Wordpress 3.x/4.x with Python 2.4/2.6/2.7
Features:

1) Multithreading
2) http and https protocols
3) Random User Agent

Read More
2 novembre 20142 novembre 2014

WordPress e Python: Come autenticarsi al famoso CMS con python

Posted in Python, Wordpress by claudio Leave a Comment on WordPress e Python: Come autenticarsi al famoso CMS con python

Wordpress e Python: Articolo che spiega come eseguire il processo di login verso il cms Wordpress tramite il linguaggio Python.

Read More
29 ottobre 201416 aprile 2015

Joomla RD Download Sql Injection

Posted in archive_exploit, Exploits, Joomla, Python, Vuln. discovered by claudio 1 commento su Joomla RD Download Sql Injection

Joomla RD Download Sql Injection suffers from Sql Injection vulnerability – Python Exploit

Read More
24 ottobre 201416 aprile 2015

WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload Vulnerability

Posted in archive_exploit, Exploits, Joomla, Wordpress by claudio 1 commento su WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload Vulnerability

Creative Contact Form <= 0.9.7 (Wordpress) and <= 2.0.0 (Joomla) suffers from Unauthenticated Shell Upload Vulnerability.

Read More
17 ottobre 201416 aprile 2015

Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704

Posted in archive_exploit, Exploits by claudio Leave a Comment on Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704

In accordance with CVE-2014-3704 specifications, i write Drupal >= 7.0 <= 7.31 Sql Injection exploit. This exploit add a new Drupal administrator account (preserving original) via Sql Injection.

Read More

Navigazione articoli

Articoli meno recenti

Supporta il Blog, acquista i prodotti Amazon da qui:

HomeLab IT Amazon Banner

About

Questo blog nasce con l'intento di archiviare i miei appunti/TEST.
I post tratteranno principalmente di sicurezza informatica ma con lo sguardo verso tutto il panorama IT .

Internet รจ condivisione, non scordiamolo mai....
↑
Proudly powered by imrohan