作者: @Ambulong
jQuery-File-Upload 是 Github 上继 jQuery 之后最受关注的 jQuery 项目,该项目最近被披露出一个存在了长达三年之久的任意文件上传漏洞,该漏洞在随后发布的 v9.22.2 版本中被修复,但是在 VulnSpy 团队对代码的复查中发现了另外一个严重的命令执行漏洞,该漏洞允许攻击者通过上传恶意的图片文件来执行任意系统命令。
Exploit Remote Code Execution via jQuery-File-Upload <= 9.x (ImageMagick/Ghostscript)
Author: @Ambulong
jQuery-File-Upload is the second most starred jQuery project on GitHub, after the jQuery framework itself. The project was recently reported to have a three-year-old arbitrary file upload vulnerability that was fixed in the release of v9.22.2, but another serious command execution vulnerability was found in the VulnSpy team’s review of the code, this vulnerability allows attackers to execute arbitrary system commands by uploading malicious picture files.
Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit
Author: @Ambulong
WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites. This wide adoption makes it an interesting target for cyber criminals. RIPS Team disclosed an Arbitrary File Deletion Vulnerability at Jun. 26, 2018: WARNING: WordPress File Delete to Code Execution
phpMyAdmin 4.8.x 本地文件包含漏洞利用
作者: @Ambulong
今天ChaMd5安全团队公开了一个phpMyAdmin最新版中的本地文件包含漏洞:phpmyadmin4.8.1后台getshell。该漏洞利用不要求root帐号,只需能够登录 phpMyAdmin 便能够利用。在这篇文章中我们将使用VulnSpy的在线 phpMyAdmin 环境来演示该漏洞的利用。
phpMyAdmin 4.8.x LFI to RCE (Authorization Required)
Author: @Ambulong
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. In this article, we will use VulnSpy’s online phpMyAdmin environment to demonstrate the exploit of this vulnerability.
phpMyAdmin 4.7.x XSRF/CSRF Vulnerability (PMASA-2017-9) Exploit
Author: @Ambulong
phpMyAdmin is a well-known MySQL/MariaDB online management tool, phpMyAdmin team released the version 4.7.7 that addresses the CSRF vulnerability found by Barot. (PMASA-2017-9). The vulnerability allows an attacker to execute an arbitrary SQL statement silently by inducing an administrator to access malicious pages.
phpMyAdmin 4.7.x CSRF 漏洞利用
作者: Ambulong
phpMyAdmin是个知名MySQL/MariaDB在线管理工具,phpMyAdmin团队在4.7.7版本中修复了一个危害严重的CSRF漏洞(PMASA-2017-9),攻击者可以通过诱导管理员访问恶意页面,悄无声息地执行任意SQL语句。
Wordpress <= 4.8.2 SQL Injection POC
Author: @Ambulong
I found this vulnerability after reading slavco’s post, and reported it to Wordpress Team via Hackerone on Sep. 2nd, 2017. But, unfortunately, WordPress team didn’t pay attention to this report too.