Archive for the ‘security’ tag

WordPressの脆弱性とexploitまとめ   no comments

Posted at 4:41 pm in computer,internet

知り合いがWordPressの脆弱性を突かれてサイトを書き換えられてしまったのでWordPressの脆弱性とexploitについてまとめてみました。ほとんどmilw0rmなのはそこにexploitがあるからですw

使ってないので本当にexploitできるのかなどについては不明なので質問しないでください。

2.3.3 SQL Ingection
http://websecurity.ro/blog/2008/03/28/trojan-dropper-in-a-webpage/
http://websecurity.ro/blog/2008/03/28/wordpress-233-probably-a-0day-exploit/
http://smackdown.blogsblogsblogs.com/2008/03/23/new-wordpress-233-exploitvulnerability-adds-spam-directory-wp-content1/

2.3.2 XML-RPCの悪用
http://www.frsirt.com/english/advisories/2008/0448
http://downloads.securityfocus.com/vulnerabilities/exploits/27633.php

2.3.1 Charset SQL Injection
http://milw0rm.com/exploits/4721

2.2 wp-app.php Remote SQL Injection
http://milw0rm.com/exploits/4113

2.2 xmlrpc.php Remote SQL Injection
http://milw0rm.com/exploits/4039

2.1.2 XMLRPC SQL Injection
http://www.milw0rm.com/exploits/3656

“wp-login.php” Authentication Process Information Disclosure
http://www.frsirt.com/english/advisories/2007/0062

2.0.6 SQL Injection
http://www.milw0rm.com/exploits/3109

2.0.6 xss
http://michaeldaw.org/md-hacks/wordpress-persistent-xss/
http://michaeldaw.org/md-hacks/wordpress-templatephp-exploit/

Plugin Spreadsheet 0.6 SQL Injection
http://www.milw0rm.com/exploits/5486

Plugin WP-Cal
http://www.milw0rm.com/exploits/4992

forum plugin 1.7.4
http://milw0rm.com/exploits/4939

Plugin wordTube 1.43 Remote File Inclusion
http://www.milw0rm.com/exploits/3825

Plugin myGallery 1.2.1 Remote File Inclusion
http://www.milw0rm.com/exploits/3814

exploitToolkit (2.2, 2.2.2, 2.0.5, 2.0.6, 2.1,PHP/5.2.4 for Apache 2.0.58 on Gentoo GNU/Linux.)
http://www.milw0rm.com/exploits/4397

WordPress Scanner v1.3c BETA
http://blogsecurity.net/cgi-bin/wp-scanner.cgi

LoginPassword Bruteforcer
http://www.darkc0de.com/bruteforce/friendsterbf.py

Written by bogus on 5月 11th, 2008

Tagged with ,