Posts

WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion Vulnerabilities

###################### # Exploit Title : WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion Vulnerabilities # Exploit Author : Claudio Viviani # Vendor Homepage : https://wordpress.org # Software Link : http://wordpress.org/wordpress-3.9.2.tar.gz # Date : 2014-07-11 # Tested on : Mozilla Firefox / WordPress 4.0 beta 1 # Mozilla Firefox / WordPress 4.0 beta 2 # Mozilla Firefox / WordPress 4.0 beta 3 # Mozilla Firefox / WordPress 3....

WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.codeasily.com/ # Software Link : http://downloads.wordpress.org/plugin/grand-media.zip # Date : 2014-08-01 # Tested on : Windows 7 / Mozilla Firefox ###################### # Description : Any authenticated user could upload php files (administrator by default). ###################### # Vulnerability Disclosure Timeline: 2014-08-01: Discovered vulnerability 2014-08-01: Vendor Notification (Twitter) 2014-08-01: Vendor Response/Feedback 2014-08-02: Vendor Fix/Patch 2014-08-02: Public Disclosure ###################### # PoC: POST Host=127....

WordPress Slider Revolution <= 4.1.4 Arbitrary File Download vulnerability

###################### # Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380 # Software Link : Premium plugin # Dork Google: revslider.php "index of" # Date : 2014-07-24 # Tested on : Windows 7 / Mozilla Firefox Linux / Mozilla Firefox ###################### # Description Wordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability ###################### # PoC http://victim/wp-admin/admin-ajax....

ARP Cache Poisoning o più comunemente ARP Spoofing

Introduzione Come ben sappiamo i computers all’interno di una rete LAN comunicano tra di loro usufruendo delle schede di rete collegate agli switch o hub. Lo switch è un dispositivo in grado di instradare i pacchetti di dati in modo logico, ovvero distribuisce al singolo pc i soli dati che ha richiesto (a livello di protocolli), evitando di fatto un invio su tutte le macchine (broadcast) come invece fa un hub....

WordPress Video Gallery 2.5 SQL Injection/XSS Vulnerabilities

###################### # Exploit Title : WordPress Video Gallery 2.5 SQL Injection and XSS Vulnerabilities # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : http://downloads.wordpress.org/plugin/contus-video-gallery.2.5.zip # Dork Google: inurl:/contus-video-gallery/hdflvplayer/hdplayer.swf (Click on "Repeat the search with the omitted results included") # Date : 2014-07-15 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1....