Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
All - it is probably bad form to respond to my own post, but I've seen some
folk dismiss this out of hand on social media so I wanted to provide two
VERY QUICK proof of concept examples. These were just put together in 10
minutes.
http://owned.lab6.com/~gossi/research/public/packager/
There's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
## Advisory Information
Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL:
Yes this is a pretty good find. I can also confirm it works on iOS 8.3 (12F69)
with Safari.
DW
Sent from my iPad
On Jul 2, 2015, at 9:33 AM, Mustafa Al-Bassam m...@musalbas.com wrote:
That's pretty neat. Played around with this and made a few discoveries.
1. It shows a valid certificate
I played around with the code to see if can change it to avoid using the
fork bomb. Here's what I came up with
https://gist.github.com/ptantiku/d37c364cd13bb31a1ee6
It seems to need at least 500 threads to update the URL at 5ms for this to
work (tested on Chrome x64 43.0.2357.130, Linux, locally).
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
Vendor
--
https://www.snorby.org/
Version
---
2.6.2
Description
---
During my research and testing of