Posts

Showing posts from September, 2011

Wordpress TimThumb Exploit (Remote Code Execution)

Image
A lot of wordpress themes use timthumb script to resize images. From version 1.15 to 1.33 timthumb allows external domains such as flickr.com to display remote images on your website . More detailed information here: - Wordpress timthum hack - Zero Day vulnerability in many wordpress themes Resources: - TimThumb version used - Vulnerable wordpress theme - List of vulnerable wordpress themes

Joomla Plugin Exploit + PHP Malware

Image
Garden Store has a vulnerable version (1.1.7) of virtuemart (Joomla plugin) and through a blind sql injection we can retrieve administrator credentials. We edit the main template and place into the footer tag a simple piece of code properly obfuscated to get user's credit cards data. Reference: - virtuemart exploit found by TecR0c & mr_me - joomla hash cracker - php obfuscator - dopost  source code - getcc source code

Why this blog

Image
Hi People, I've decide to open this blog because not always i can explain all thought a video and the relative description box. Remember... i'm NOT an expert or a regular blogger and i make videos only for fun. I have also a twitter account @SecObscurity . See you soon. ~SecurityObscurity