Different ways of exploiting the flaw have been widely spread too Out of the thousands of plugins for the jQuery framework, one of the most popular has hosted for at least three years an oversight in the code that remained hidden for the cybersecurity and digital forensics community, despite the availability of tutorials explaining how it could […]
The goal of this volatility plugin is to extract a screenshot of all open X windows from a memory dump. Overview The plugin first dumps the X server memory mappings. These mappings are then given in input to a C program (loader), along with the output of Adam’s plugin. This C program mmaps (with the […]
Doesn’t matter if you’re a developer, designer or a writer, a good text editor always help you save time and make you work in a more efficient way. For example, the use of Sublime while programming because it includes some useful tools like ‘syntax highlighting’ and ‘auto-complete’ that every advanced text editor should have. The […]
Droopescan is a plugin-based scanner that aids security researchers in identifying issues with Drupal, SilverStripe, WordPress, Joomla (version enumeration & interesting URLs only), and Moodle (plugin & theme very limited). Installation Installation is easy using pip: apt-get install python-pip pip install droopescan Manual installation is as follows: git clone https://github.com/droope/droopescan.git cd droopescan pip install -r […]
There were thousands of UK and US government websites mining Monero including UK’s NHS and US’s Court. It has been raining on cryptocurrency in 2018 especially Bitcoin whose value touched the sky and made people millionaires in days. It also encouraged hackers and cybercriminals to take advantage of the situation and make easy money but the price for it […]
WPSploit is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins. It checks for: Cross-Site Scripting (XSS) SQL Injection File Download File Inclusion File Manipulation Command Execution PHP Code Execution Authorisation Open Redirect Cross-Site Request Forgery (CSRF) SSL/TLS Usage $ git clone https://github.com/m4ll0k/wpsploit.git $ cd wpsploit […]
SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API. SQLMap comes with a RESTful based server that will execute SQLMap scans. This plugin can start the API for you or connect to an already running API to perform a scan. Requirements: Jython 2.7 beta, due to the use of […]
A warning has been issued by researchers disclosing the identification of a backdoor in yet another WordPress plugin called Captcha. This plugin already has nearly 300,000 installations, which shows how popular it is among the users. However, when WordFence identified that a backdoor was added to it after an update was released on December 4. […]
A new plug-in called “Looking Glass” discovered in each instance of the new Firefox Quantum browser. It was turned off by default, but users were still scared to see a plugin they hadn’t installed. When they examined to see what “Looking Glass” did, they found a vague and ominous release notes “MY REALITY IS JUST DIFFERENT […]
This tool is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins. For more info click here. Usage $ git clone https://github.com/m4ll0k/wpsploit.git $ cd wpsploit $ python wpsploit.py plugin_file.php or $ wget https://raw.githubusercontent.com/m4ll0k/wp_sploit/master/wpsploit.py $ python wpsploit.py plugin_file.php Example $ wget https://plugins.svn.wordpress.org/analytics-for-woocommerce-by-customerio/trunk/admin/class-wccustomerio-admin.php $ python wpsploit.py class-wccustomerio-admin.php Download […]
Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as: Highlighting of reflection in the response tab. Test which symbols is allowed in this reflection. Analyze of reflection context. Content-Type whitelist. How to use After plugin install you just need to start work […]
21,000 Websites Affected after Exploiting of Three WordPress Plugins Zero-day – Solution: Update Those Plugins ASAP. Zero-day vulnerabilities are blessing for cybercriminals the most and this time around hackers have managed to exploit not one or two but three of them. Security firm Wordfence reported that the three exploited vulnerabilities have affected WordPress plugins but […]
For the past two and a half months, a WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites across the Internet. The backdoor code was found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2). The WordPress.org team has intervened and removed the plugin […]
An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, has been patched against a reflected cross-site scripting vulnerability. The vulnerability was found in the Product Vendors plugin, which allows an existing ecommerce site to support multiple vendors, products and payment options. Versions 2.0.35 and earlier are affected by this […]
##################################### Exploit Title: SQL Injection In WatuPRO (WordPress Plugin to Create Exams, Tests and Quizzes) Exploit Author: Manich Koomsusi Date: 03-07-2017 Software: WatuPRO Version: 5.5.1 Website: http://calendarscripts.info/watupro/ Tested on: WordPress 4.7.5 Software Link: https://1drv.ms/u/s!AhfkvGaDTn1bmgHSj9u_jQX8iME0 CVE: CVE-2017-9834 ##################################### Description ================================== SQL Injection in WatuPRO WordPress Plugin for create exams, Tests and Quizzes allow the attacker dump […]
SQL Injection Vulnerability Found in WordPress plugin, WP Statistics is one of the most popular WordPress plugins installed on 300,000 websites. The WordPress plugin makes it possible for administrators to monitor the statistics of the WordPress site without relying on external services and uses were attributed the data whenever possible to respect the privacy of […]
Security experts at Sucuri have discovered a SQL Injection vulnerability in WP Statistics, one of the most popular WordPress plugins. Security experts at Sucuri have discovered a SQL Injection vulnerability in WP Statistics, one of the most popular WordPress plugins, that is currently installed on over 300,000 websites. The SQL Injection vulnerability in WP Statistics could be exploited by attackers, with […]
A famous WordPress gallery plugin which has more than one million installations has these days patched a serious vulnerability which permits the exploitation of the website’s database. Plugins are the spine of the WordPress and they are what makes it so elegant, but it could also be a pain seeing that maximum of the plugins […]
The NextGen gallery has been plagued with a severe security flaw for the second time in consecutive years, and this time it is even worse. A web security firm- Sucuri discovered that the NextGen gallery for WordPress (WP) is affected by a severe SQL injection vulnerability and attackers can access the targeted website’s database within […]
The vulnerability can lead to attackers grabbing data from website database or user sensitive information. A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowing users to grab data from the victim’s website database, which may very well include sensitive user information. The discovery was made by researchers from Sucuri […]
Introduction The Google Forms WordPress Plugin fetches a published Google Form using a WordPress custom post or shortcode, removes the Google wrapper HTML and then renders it as an HTML form embedded in your blog post or page. A PHP Object injection vulnerability was found in the Google Forms WordPress Plugin, which can be used […]