Introduzione E’ stata rilevato un nuovo attacco tramite exploit verso il demone IIS (Internet Information Server) dei sistemi operativi Windows.
In realtà la libreria vulnerabile si chiama HTTP.sys che viene utilizzata maggiormente dal demone ISS, ma non solo, teoricamente tutti i programmi che ne usufruiscono sono a rischio!
A cosa serve la libreria HTTP.sys?
Per farla breve e semplice la sua funzione è quella di elaborare richieste HTTP.
Tipologia di vulerabilità e Exploit Microsoft ha classificato questa vulnerabilità come Remote Code Execution, ma per adesso pubblicamente sono stati rilasciati exploit ti tipologia DoS:...
######################
# Exploit Title : WordPress Ajax Store Locator <= 1.2 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356
# Software Link : Premium
# Dork Google: inurl:ajax-store-locator
# index of ajax-store-locator # Date : 2015-03-29
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# Info:
The "sl_dal_searchlocation_cbf" ajax function is affected from SQL Injection vulnerability
"StoreLocation" var is not sanitized
##################### Discovered By : Claudio Viviani http://www....
######################
# Exploit Title : WordPress Video Gallery 2.8 SQL Injection Vulnerabilitiy
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense
# Date : 2015-04-04
# Tested on : Linux / Mozilla Firefox ###################### # Description Wordpress Video Gallery 2.8 suffers from SQL injection ###################### # Vulnerability Disclosure Timeline: 2015-04-04: Discovered vulnerability 2015-04-06: Vendor Notification 2015-04-07: Vendor Response/Feedback 2015-04-07: Vendor Send Fix/Patch (same version number) 2015-04-13: Public Disclosure ####################### Discovered By : Claudio Viviani http://www....
###################### # Exploit Title : WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip # Date : 2015-04-1
# Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/ # Tested on : Linux BackBox 4.0 / curl 7.35.0 ##################### # Info : The "upload_file()" ajax function is affected from unrestircted file upload vulnerability. ##################### Discovered By : Claudio Viviani http://www....
######################
# Exploit Title : WordPress Duplicator 0.5.14 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/
# Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip
# Date : 2015-04-08
# Tested on : Linux / Mozilla Firefox ######################
# Description
WordPress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability
Location file: /view/actions.php
This is the bugged ajax functions wp_ajax_duplicator_package_delete:
function duplicator_package_delete() {
DUP_Util::CheckPermissions('export');
try {
global $wpdb;
$json = array();
$post = stripslashes_deep($_POST);
$tblName = $wpdb->prefix ....