11:03
0
Yorum
 |
| Kullanımı Oldukça basittir arkadaşlar İlk butondan serverimizi , ikinci butondan ise birleştireceğimiz dosyamızı seçiyoruz ve "Çıkart !" butonuna basıyoruz.Serverimiz Sorunsuz bir şekilde build olmuş oluyo Kesinlikle Server bozmaz bütün ratlarda denemiştir.Arşivlerinizde Kesinlikle yer alması gereken bir binder İndir |
10:45
0
Yorum
Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss
http://target/wp-admin/admin-ajax.php?action=rss&type=video&vid=[SQLi]######################
# Exploit Title : WordPress Video Gallery 2.7 SQL Injection Vulnerabilitiy
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss
# Date : 2015-02-10
# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox
######################
# Vulnerability Disclosure Timeline:
2015-02-08: Discovered vulnerability
2015-02-09: Vendor Notification
2015-02-10: Vendor Response/Feedback
2015-02-10: Vendor Send Fix/Patch
2015-02-10: Public Disclosure
# Description
Wordpress Video Gallery 2.7 suffers from SQL injection
######################
# PoC
http://target/wp-admin/admin-ajax.php?action=rss&type=video&vid=[SQLi]
#####################
# Fix/patch sent by apptha's developer
File: videogalleryrss.php
Change line n.47
from:
$vid = filter_input(INPUT_GET,'vid');
to:
$vid = intval(filter_input(INPUT_GET,'vid'));
#####################
Discovered By : Claudio Viviani
http://www.homelab.it
info@homelab.it
homelabit@protonmail.ch
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
######################
# Exploit Title : WordPress Video Gallery 2.7 SQL Injection Vulnerabilitiy
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss
# Date : 2015-02-10
# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox
######################
# Vulnerability Disclosure Timeline:
2015-02-08: Discovered vulnerability
2015-02-09: Vendor Notification
2015-02-10: Vendor Response/Feedback
2015-02-10: Vendor Send Fix/Patch
2015-02-10: Public Disclosure
# Description
Wordpress Video Gallery 2.7 suffers from SQL injection
######################
# PoC
http://target/wp-admin/admin-ajax.php?action=rss&type=video&vid=[SQLi]
#####################
# Fix/patch sent by apptha's developer
File: videogalleryrss.php
Change line n.47
from:
$vid = filter_input(INPUT_GET,'vid');
to:
$vid = intval(filter_input(INPUT_GET,'vid'));
#####################
Discovered By : Claudio Viviani
http://www.homelab.it
info@homelab.it
homelabit@protonmail.ch
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################
#####################
10:01
0
Yorum
© 2015 Kaptan White Hat is designed by Templateify
.png)
