exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from rastating

WordPress WPLMS Theme Privilege Escalation

Posted Aug 31, 2024

Authored by Evex, rastating | Site metasploit.com

The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated user of any user level to set any system option due to a lack of validation in the import_data function of /includes/func.php. The module first changes the admin e-mail address to prevent any notifications being sent to the actual administrator during the attack, re-enables user registration in case it has been disabled and sets the default role to be administrator. This will allow for the user to create a new account with admin privileges via the default registration page found at /wp-login.php?action=register.

tags | exploit, php

SHA-256 | 3114c995b0c2306901d1283939e44b371d069e27d3e312a12481be6528b00537

Download | Favorite | View

WordPress WP EasyCart Plugin Privilege Escalation

Posted Aug 31, 2024

Authored by rastating | Site metasploit.com

The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated users of any user level to set any system option via a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php. The module first changes the admin e-mail address to prevent any notifications being sent to the actual administrator during the attack, re-enables user registration in case it has been disabled and sets the default role to be administrator. This will allow for the user to create a new account with admin privileges via the default registration page found at /wp-login.php?action=register.

tags | exploit, php

advisories | CVE-2015-2673

SHA-256 | 82a443a84115c1e1dd2260df74ac66dd23800ff63bb525cbf98d193ffcf673c2

Download | Favorite | View

WordPress All-in-One Migration Export

Posted Aug 31, 2024

Authored by James Golovich, rastating | Site metasploit.com

This Metasploit module allows you to export Wordpress data (such as the database, plugins, themes, uploaded files, etc) via the All-in-One Migration plugin without authentication.

tags | exploit

SHA-256 | 9bdc122b893b2c4e99a62a27a708eeb673d8bcdfb2020c9ca3a67f16d7102653

Download | Favorite | View

WordPress Ultimate CSV Importer User Table Extract

Posted Aug 31, 2024

Authored by rastating, James Hooker | Site metasploit.com

Due to lack of verification of a visitors permissions, it is possible to execute the export.php script included in the default installation of the Ultimate CSV Importer plugin and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed passwords and email addresses for all users.

tags | exploit, php

SHA-256 | 5379251c063efce854746f3e41f1141fcad4e8abbd7239dfc0c51bb84f2fb588

Download | Favorite | View

WordPress Long Password Denial of Service

Posted Aug 31, 2024

Authored by Andres Rojas Guerrero, Javier Nieto Arevalo, rastating | Site metasploit.com

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled.

tags | exploit, remote, denial of service

advisories | CVE-2014-9016

SHA-256 | 42fcba1731c77d5cda678c7be995ec282e6c1c4bc17056f87826403d61243540

Download | Favorite | View