Security

WordPress Duplicator 0.5.14 SQL Injection Vulnerability

###################### # Exploit Title : WordPress Duplicator 0.5.14 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/ # Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip # Date : 2015-04-08 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability Location file: /view/actions.php This is the bugged ajax functions wp_ajax_duplicator_package_delete: function duplicator_package_delete() { DUP_Util::CheckPermissions('export'); try { global $wpdb; $json = array(); $post = stripslashes_deep($_POST); $tblName = $wpdb->prefix ....

WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability

###################### # Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ # Software Link : https://mega.co.nz/#!DJAEBLBS!IBiukGo-pirelHmsRV80xZDHIvpqZKtTIqsD8YrMf7U # Date : 2015-04-05 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress All In One WP Security & Firewall 3.9.0 suffers from Blind SQL Injection vulnerability There are some pages with wordpress esc_sql function....

WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving....

WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)

___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ __ __ __ | Y .---.-.----| |--.-----| |_.-----| .---.-.----.-----. |. | _ | _| <| -__| _| _ | | _ | __| -__| |. \_/ |___._|__| |__|__|_____|____| __|__|___._|____|_____| |: | | |__| |::....

WordPress Video Gallery 2.7 SQL Injection

###################### # Exploit Title : WordPress Video Gallery 2.7 SQL Injection Vulnerabilitiy # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip # Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss # Date : 2015-02-10 # Tested on : Windows 7 / Mozilla Firefox Linux / Mozilla Firefox ###################### # Vulnerability Disclosure Timeline: 2015-02-08: Discovered vulnerability 2015-02-09: Vendor Notification 2015-02-10: Vendor Response/Feedback 2015-02-10: Vendor Send Fix/Patch 2015-02-10: Public Disclosure # Description Wordpress Video Gallery 2....