HomeLab IT

WordPress Video Gallery 2.8 SQL Injection Vulnerability

###################### # Exploit Title : WordPress Video Gallery 2.8 SQL Injection Vulnerabilitiy # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip # Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense # Date : 2015-04-04 # Tested on : Linux / Mozilla Firefox ###################### # Description Wordpress Video Gallery 2.8 suffers from SQL injection ###################### # Vulnerability Disclosure Timeline: 2015-04-04: Discovered vulnerability 2015-04-06: Vendor Notification 2015-04-07: Vendor Response/Feedback 2015-04-07: Vendor Send Fix/Patch (same version number) 2015-04-13: Public Disclosure ####################### Discovered By : Claudio Viviani http://www....

WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

###################### # Exploit Title : WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip # Date : 2015-04-1 # Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/ # Tested on : Linux BackBox 4.0 / curl 7.35.0 ##################### # Info : The "upload_file()" ajax function is affected from unrestircted file upload vulnerability. ##################### Discovered By : Claudio Viviani http://www....

WordPress Duplicator 0.5.14 SQL Injection Vulnerability

###################### # Exploit Title : WordPress Duplicator 0.5.14 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/ # Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip # Date : 2015-04-08 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability Location file: /view/actions.php This is the bugged ajax functions wp_ajax_duplicator_package_delete: function duplicator_package_delete() { DUP_Util::CheckPermissions('export'); try { global $wpdb; $json = array(); $post = stripslashes_deep($_POST); $tblName = $wpdb->prefix ....

WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability

###################### # Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ # Software Link : https://mega.co.nz/#!DJAEBLBS!IBiukGo-pirelHmsRV80xZDHIvpqZKtTIqsD8YrMf7U # Date : 2015-04-05 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress All In One WP Security & Firewall 3.9.0 suffers from Blind SQL Injection vulnerability There are some pages with wordpress esc_sql function....

WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving....