WPHardening - WPHardening fortification is a security tool for WordPress

WPHardening is a security tool for WordPress. Different tools to hardening WordPress. Usage $ python wphardening.py -h Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose Active verbose mode output results --update Check for WPHardeni...

WordPress Authentic Arbitrary File Download

|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress Authentic Theme Arbitrary File Download Vulnerability | | Google Dork: inurl:wp-content/themes/authentic | | Date : Date: 2014-09-07 | | Exploi...

WordPress Theme Acento - 'view-pdf.php?File' Arbitrary File Download

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : WordPress acento theme Arbitrary File Download Vulnerability Author : alieye vondor : http://www.wpbyexample.com/detail/acentocultural.com Contact : [email protected] Risk : High Class: Remote Date: 01/09/2014...

Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download

No description provided by source. WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405...

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...

HybridAuth install.php PHP Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HybridAuth install.php PHP Code Execution', 'Description' = %q This module exploits a PHP code execution vulnerability in HybridAuth...

HybridAuth install.php PHP Code Execution

This module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite th...

frontaccounting 1.12 build 31 - Remote File Inclusion Vulnerability

0x01漏洞简介 FrontAccounting 1.12 Build 31的config.php中存在PHP远程文件包含漏洞。远程攻击者可以借助pathtoroot参数中的一个URL，执行任意PHP代码。 0x02漏洞分析 漏洞代码位于config.php文件中，如下所示： includeonce$pathtoroot . "/configdb.php"; includeonce$pathtoroot . "/includes/lang/language.php"; 参数$pathtoroot没有进行正确的处理，导致了文件包含漏洞的产生。 0x03漏洞利用...

Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulns Remote Root Exploit

No description provided by source. !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX = v2.1 build 25399 Multiple Vulns Remote Root Exploit Date : 01-02-2012 Author :...

Flip 3.0 'config.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserve...

Magic Photo Storage Website include/config.php _config[site_path] Parameter Remote File Inclusion

No description provided by source...

Thatware <= 0.5.3 - Multiple Remote File Include Exploit

No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Thatware = 0.5.3 Multiple Remote File Include Exploit Download Script : http://sourceforge.net/projects/thatware/files Vuln : ./thatwarepath/config.php line 4 ?php include $rootpath.dbsettings.php; ? PoC :...

FreePBX config.php Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

ProManager 0.73 - (config.php) Local File Inclusion Vulnerability

No description provided by source. -------------------------------------- Pro Manager 0.73 Local File Inclusion Vuln -------------------------------------- http://www.sfr-fresh.com/unix/privat/proManager-0.73.tar.gz -------------------------------------- By : Stack email : Wanted...

mystats (hits.php) Multiple Vulnerabilities exploit

No description provided by source. myStats hits.php Multiple Remote Vulnerabilities Exploit url: http://mywebland.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk...

AdaptCMS 2.0.4 (config.php, question parameter) SQL Injection Vulnerability

No description provided by source. Exploit Title: AdaptCMS = 2.0.4 SQL Injection vulnerability Date: 26/10/2012 Exploit Author: Kallimero Vendor Homepage: http://www.adaptcms.com/ Software Link: http://www.insanevisions.com/page/3/Downloads/ Version: 2.0.4 Tested on: Debian Introduction...

Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download

No description provided by source. !/usr/bin/perl use LWP::Simple; Caedo HTTPd Server v 0.5.1 ALPHA Remote File Download Exploit Author : Zer0 Thunder if @ARGV 3 print\r\n; printCaedo HTTPd Server Remote File Download Exploit\r\n; printVuln Found and Exploited by Zer0 Thunder\r\n; print;...

phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PHPWebSite = 0.10.2 remote cmmnds xctn\r\n; echo - arbitrary local inclusion, works with magicquotesgpc = Off\r\n; echo by rgod, mail: [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; if $argc4...

Digitalus 1.10.0 Alpha2 - Arbitrary File Upload Vulnerability

No description provided by source. Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /\ \ \\ \ /\ /\ /\ \L\ \ \ \ \ \ \ \ /\ / \ \ \ /\ \\ \ \ \ \ \ ...

Kietu 2/3 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may...