No 2. - flash-album-gallery: persistent XSS exploitet with help of XSRF leading to remote code execution.

Posted on Sa 27 Juli 2013 in Programming • Tagged with Exploit, Programming, Bug, Security, Xss, RceLeave a comment

PLUGIN: http://wordpress.org/plugins/flash-album-gallery/
AFFECTED VERSION: 3.01
DOWNLOADS: 840,714
RISK: MEDIUM/HIGH

The following blog post addresses a critical (chain) of security issues in the version 3.01 of flash-album-gallery
which eventually leads to remote code execution. The exploit is not completely automatically and needs a minimal amount
of social engineering. Nevertheless I rate the danger at a medium/high level {Probably even worse than a fully automatable SQL injection).

First of all, I need to say that the plugin code lacks a fair amount of ...

Continue reading

No 1. - wp-members: Interesting peristant XSS leading to remote code execution.

Posted on Fr 15 März 2013 in Security • Tagged with Security, ProgrammingLeave a comment

Hey you there!

Type: Stored cross site scripting
Risk: Medium to high
Affecting: http://wordpress.org/extend/plugins/wp-members/ Vendor site: http://rocketgeek.com

Preface

It has been quite some time since I took concern of my blog, although I would have had some content ready (maybe even worth) to be published. Around six weeks ago, I rummaged (wow - new word!) through endless lines of wordpress plugin code, in the hope to get my hands on some low hanging fruits (In the likely case you don't have a clue ...

Continue reading

Another wordpress catpcha implementation

Posted on Fr 25 Januar 2013 in Learning • Tagged with Programming, Learning, SecurityLeave a comment

Hey dear readership and dudelmatz :)

I'm kinda overworked and planned quite a while ago to release my own little captcha implementation to prevent this massive bulk of spam comments I receive on a daily base: It's obnoxious to scroll through this sheer amount of spam comments and delete them. You can't just masstrash them, because you might miss a legit comment and therefore you need to check every single one. I assume the spammer embrace this expected behaviour of a blogger, and therefore exploit it.

So I ...

Continue reading

GoogleScraper.py - A simple python module to parse google search results.

Posted on So 06 Januar 2013 in Programming • Tagged with Google, Scraping, Programming, SecurityLeave a comment

UPDATE on 18th February 2014:

This python module has now its own github repository!

The plugin can extract

  • All links
  • Link titles
  • The description/caption below the links

and has the following features:

  • Advanced proxy support for SOCKS4/4a/5 and HTTP PROXY
  • Multithreading
  • XPATH parsing
  • Supports almost all search parameters

Please note that this is by no means a permanent version! Heavy structural changes will be implemented in the near future (I'll experiment with asynchronous networking for instance). But on this site, I will always host a working ...

Continue reading

Linux/Unix privileges from a blackhats perspective

Posted on So 30 Dezember 2012 in Security • Tagged with Privilegeescalation, Unix, Security, FilepermissionsLeave a comment

Hey folks!

Had some difficulties understanding UNIX file permissions in all it's variations and eternal predisposition to misuse as adminman! Made a little PDF, the independent blog article will follow soon. It's just a pain in the ass to format all that LibreOffice into a nice wordpress format. Next time, I will just do it in plain ASCII 7 Bit style, goddamnit...

Hell, it's time to read some phrack stuff again :)

Download PDF here: blackhats_view )

Continue reading