wordpress

WordPress Huge-IT Image Gallery 1.0.1 SQL Injection

###################### # Exploit Title : WordPress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://huge-it.com/ # Software Link : http://downloads.wordpress.org/plugin/gallery-images.zip (Fixed) Mirror Link : https://mega.co.nz/#!3EoUzSQI!yrl75XQsp1ggxDCjW-wq7yUxLdbLu0WHPNFcJAxJOHs # Date : 2014-08-25 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Location : http://localhost/wp-content/plugins/gallery-images/admin/gallery_func.php ###################### # Vulnerable code : function editgallery($id) { global $wpdb; if(isset($_GET["removeslide"])){ if($_GET["removeslide"] !...

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://tribulant.com # Software Link : http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip # Date : 2014-08-09 # Tested on : Windows 7 / Mozilla Firefox ###################### # Description : Any user could upload php files (administrator by default). ###################### # Location http://127.0.0.1/wp-content/plugins/slideshow-gallery/views/admin/slides/save.php ###################### # PoC Exploit: POST Host=127.0.0.1 User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31....

WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection

###################### # Exploit Title : WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://gb-plugins.com/ # Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip # Date : 2014-08-09 # Tested on : Linux / sqlmap 1.0-dev-5b2ded0 Linux / Mozilla Firefox ###################### # Location : http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php ###################### # Vulnerable code : if(isset($_POST['selected_group'])){ global $gb_post_type, $gb_group_table, $wpdb; $my_group_id = $_POST['selected_group']; $my_group = $wpdb->get_results( "SELECT groups FROM $gb_group_table WHERE id = "....

WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion Vulnerabilities

###################### # Exploit Title : WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion Vulnerabilities # Exploit Author : Claudio Viviani # Vendor Homepage : https://wordpress.org # Software Link : http://wordpress.org/wordpress-3.9.2.tar.gz # Date : 2014-07-11 # Tested on : Mozilla Firefox / WordPress 4.0 beta 1 # Mozilla Firefox / WordPress 4.0 beta 2 # Mozilla Firefox / WordPress 4.0 beta 3 # Mozilla Firefox / WordPress 3....

WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability

###################### # Exploit Title : WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.codeasily.com/ # Software Link : http://downloads.wordpress.org/plugin/grand-media.zip # Date : 2014-08-01 # Tested on : Windows 7 / Mozilla Firefox ###################### # Description : Any authenticated user could upload php files (administrator by default). ###################### # Vulnerability Disclosure Timeline: 2014-08-01: Discovered vulnerability 2014-08-01: Vendor Notification (Twitter) 2014-08-01: Vendor Response/Feedback 2014-08-02: Vendor Fix/Patch 2014-08-02: Public Disclosure ###################### # PoC: POST Host=127....