This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.
e2abac98d6f8c708eef84b5e166ca4e1WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.
1688b6eaa86b161c91dd0d6b4158f460Whitepaper called Clickjacking for Shells. Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. In this presentation, the author demonstrates step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking.
92e4924002079bb3c456c65201f796abURLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
3393672839100e9ba0d1c3ee6f039cf0GGGooglescan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google's search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of GGGooglescan is to make automated searches possible by avoiding the search activity that is detected as bot behavior.
63316923251b7dbc84d7455f7fdd9515WhatWeb is a next-generation web scanner. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, identifies version numbers, email addresses, account ID's, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability.
c1bdbc4a6d757f2aa3172b2c8c8c8be9WhatWeb is a next-generation web scanner. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, identifies version numbers, email addresses, account ID's, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability.
5a8714352496703d61c87da0b2ad24a3WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 300 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
87c63c591654687a22528083df043d04WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
416c645fb4fca7f2bcc489f321576dcbWhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
6150f6a4fabd058a47a5b08fd145874aWhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
e622cb2806821268938f92106b8416daWhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. Written in Ruby for Linux. Flexible plugin architecture with over 70 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
b74e3f7eb1c8f6f67596aa3d5e5fedadThis is the Next Generation Web Scanning Presentation. It includes a methodology to scan the webspace of an entire nation using some new tools and techniques. WhatWeb, bing-ip2hosts, gggooglescan and basedomainname are open source security tools developed by MorningStar Security that were published during the first presentation of this at the KIWICON III conference in December, 2009.
090485e6b4862cdca4def67149177914This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
bd1e9d1c26d6e72311d2d11d93f376b6Document on how to research and develop plugins for WhatWeb to identify content management systems, web application frameworks, etc. As an example it includes how to research and write a plugin for the SilverStripe CMS. The document covers passive plugin development only and is accurate for WhatWeb version 0.4.
d331823d3f9e09966b74a115e985316cWhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. Written in Ruby for Linux. Flexible plugin architecture with over 70 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
e1e415bb7cb2c76ff4489232fff5a668GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country. Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries.
edae9618c3413be8e380f1e10b5b91ddWhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. Written in Ruby for Linux. Flexible plugin architecture with over 60 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
c46b1945dcd5539244f36eaea1e3940dThis tool can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. Written in Ruby for Unix. Recognizes all countries, top level domains and second level domains.
39866a94872ae4c8ca2613704b6731c9This tool enumerates hostnames and URLs from Google. It features antibot avoidance, search within a country, custom search appliance, output either hostnames or URLs, and custom search depth. Written in Bash for Linux.
e53dab2a6f19c40c475aedb99e3d6166This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
95a86caabda6489b1620a72b85f4fc8fCute News version 1.4.6 and UTF-8 Cute News suffer from cross site request forgery, cross site scripting, file path disclosure, local file inclusion, authentication bypass, and php command injection vulnerabilities.
5dcec16d5b818f21db12e4efcd7d78a0Open Auto Classifieds versions 1.5.9 and below remote file upload exploit.
60be759a5fa90e8d8b62337c4b81eea7Open Auto Classifieds versions 1.5.9 and below suffer from a remote SQL injection vulnerability.
0046f36c4f6db5ecfbf3953e01d02b90UrlCrazy is for the study of domainname typos and URL hijacking. It generates domainname typo permutations then tests them to learn if they are in use, estimates their popularity and more. Typo types supported are: Character Omission, Adjacent Character Swap, Adjacent Character Replacement, Adjacent Character Insertion, Missing Dot, Strip Dashes, Singular or Pluralise. Urlcrazy is written in Ruby.
76e29d066377625acb84ab32096ae538
© 2012 Packet Storm. All rights reserved.
%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fauthor%2F6819%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1143345060.1338161420.1338161420.1338161420.1%3B%2B__utmz%3D32867617.1338161420.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed