what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Rob Carr

WordPress Ninja Forms Unauthenticated File Upload

Posted May 27, 2016

Authored by Rob Carr, James Golovich | Site metasploit.com

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.

tags | exploit, web, arbitrary, php, file upload

advisories | CVE-2016-1209

SHA-256 | cc15398ab11d0e8cb5fd8ef9052046e7b29bea4c4d0c3133e418bc99ac79897b

Download | Favorite | View

WordPress Admin Shell Upload

Posted Feb 23, 2015

Authored by Rob Carr | Site metasploit.com

This Metasploit module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used.

tags | exploit

SHA-256 | a2b4ca412d9f29c4356c655f0f95dafeadc83a07afc9bdd472d5188927e91f03

Download | Favorite | View

Maarch LetterBox 2.8 Unrestricted File Upload

Posted Feb 12, 2015

Authored by Rob Carr | Site metasploit.com

This Metasploit module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of session and file validation in the file_to_index.php script. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

tags | exploit, web, php, file upload

advisories | CVE-2015-1587

SHA-256 | cd2b7f42e25ec82d510aeb7d6752ea48283d55ef832886d99f9df019f40f307e

Download | Favorite | View