Security Blog by Claudio Viviani
Articolo che spiega come utilizzare i socket in python per elaborare i pacchetti del protocollo “Internet Protocol” ai fini di creare uno sniffer di rete.
In particolare verranno intercettate e loggate connessioni POP3 e IMAP.
Wordpress plugin “WP Marketplace” 2.4.0 suffers from Remote command Execution
Wordpress Download Manager 2.7.4 and below suffers from Remote Code Execution Vulnerability.
This exploit add a new Wordpress Administrator account.
Wordpress WP Symposium 14.11 suffers from Unauthenticated Shell Upload Vulnerability
The Wordpress Premium plugin WpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability. Wordpress WpDataTables Python Exploit
Tested on Wordpress 3.x/4.x with Python 2.4/2.6/2.7
Features:
1) Multithreading
2) http and https protocols
3) Random User Agent
Wordpress e Python: Articolo che spiega come eseguire il processo di login verso il cms Wordpress tramite il linguaggio Python.
Joomla RD Download Sql Injection suffers from Sql Injection vulnerability – Python Exploit
Creative Contact Form <= 0.9.7 (Wordpress) and <= 2.0.0 (Joomla) suffers from Unauthenticated Shell Upload Vulnerability.
In accordance with CVE-2014-3704 specifications, i write Drupal >= 7.0 <= 7.31 Sql Injection exploit. This exploit add a new Drupal administrator account (preserving original) via Sql Injection.