WordPress Video Gallery 2.7 SQL Injection

###################### # Exploit Title : WordPress Video Gallery 2.7 SQL Injection Vulnerabilitiy # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip # Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss # Date : 2015-02-10 # Tested on : Windows 7 / Mozilla Firefox Linux / Mozilla Firefox ###################### # Vulnerability Disclosure Timeline: 2015-02-08: Discovered vulnerability 2015-02-09: Vendor Notification 2015-02-10: Vendor Response/Feedback 2015-02-10: Vendor Send Fix/Patch 2015-02-10: Public Disclosure # Description Wordpress Video Gallery 2....

February 11, 2015 · 1 min · claudio

WordPress wpDataTables SQL Injection Vulnerability

###################### # Exploit Title : WordPress wpDataTables 1.5.3 and below SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Software Link : http://wpdatatables.com (Premium) # Date : 2014-11-22 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Description Wordpress wpDataTables 1.5.3 and below suffers from SQL injection vulnerability "table_id" variable is not sanitized. File: wpdatatables....

November 23, 2014 · 2 min · claudio

Joomla HD FLV Player SQL Injection Vulnerability

Info # Exploit Title : Joomla HD FLV Player 2.1.0.1 and below SQL Injection # # Exploit Author : Claudio Viviani # # Vendor Homepage : http://www.hdflvplayer.net/ # # Software Link : http://www.hdflvplayer.net/download_count.php?pid=5 # # Dork google 1: inurl:/component/hdflvplayer/ # Dork google 2: inurl:com_hdflvplayer # # Date : 2014-11-11 # # Tested on : BackBox 3.x/4.x # # Info: The variable "id" is not sanitized (again) # Over 80.000 downloads (statistic reported on official site) # # # Video Demo: http://youtu....

November 13, 2014 · 2 min · claudio

WordPress CP Multi View Event Calendar 1.01 Sql Injection

###################### # Exploit Title : WordPress CP Multi View Event Calendar 1.01 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip # Date : 2014-10-23 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Description CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability calid variable is not sanitized....

October 22, 2014 · 1 min · claudio

Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704

claudio@backbox3:~$ ./drupal.py -t http://127.0.0.1/drupal -u 4dm1n -p p4ssw0rd ______ __ _______ _______ _____ | _ \ .----.--.--.-----.---.-| | | _ || _ | _ | |. | \| _| | | _ | _ | | |___| _|___| |.| | |. | |__| |_____| __|___._|__| / |___(__ `-|. | |: 1 / |__| | | |: 1 | |: | |::.. . / | | |::.. . | |::.| `------' `---' `-------' `---' _______ __ ___ __ __ __ | _ ....

October 16, 2014 · 1 min · claudio