wordpress

WordPress Video Gallery 2.8 SQL Injection Vulnerability

###################### # Exploit Title : WordPress Video Gallery 2.8 SQL Injection Vulnerabilitiy # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip # Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense # Date : 2015-04-04 # Tested on : Linux / Mozilla Firefox ###################### # Description Wordpress Video Gallery 2.8 suffers from SQL injection ###################### # Vulnerability Disclosure Timeline: 2015-04-04: Discovered vulnerability 2015-04-06: Vendor Notification 2015-04-07: Vendor Response/Feedback 2015-04-07: Vendor Send Fix/Patch (same version number) 2015-04-13: Public Disclosure ####################### Discovered By : Claudio Viviani http://www....

WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

###################### # Exploit Title : WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip # Date : 2015-04-1 # Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/ # Tested on : Linux BackBox 4.0 / curl 7.35.0 ##################### # Info : The "upload_file()" ajax function is affected from unrestircted file upload vulnerability. ##################### Discovered By : Claudio Viviani http://www....

WordPress Duplicator 0.5.14 SQL Injection Vulnerability

###################### # Exploit Title : WordPress Duplicator 0.5.14 SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/ # Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip # Date : 2015-04-08 # Tested on : Linux / Mozilla Firefox ###################### # Description WordPress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability Location file: /view/actions.php This is the bugged ajax functions wp_ajax_duplicator_package_delete: function duplicator_package_delete() { DUP_Util::CheckPermissions('export'); try { global $wpdb; $json = array(); $post = stripslashes_deep($_POST); $tblName = $wpdb->prefix ....

WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving....

WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)

___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ __ __ __ | Y .---.-.----| |--.-----| |_.-----| .---.-.----.-----. |. | _ | _| <| -__| _| _ | | _ | __| -__| |. \_/ |___._|__| |__|__|_____|____| __|__|___._|____|_____| |: | | |__| |::....