ИЩУ уязвимости CMS

[s0ld4t]

Доброго времени суток
Всем привет
:help: :help:
Кто знает где можно найти (купить) уязвимости CMS (wordpress, joomla, drupal)?
если кто нить знает, напишите здесь или стучите пожалуйста в жабу
всем спасибо
s0ld4t@jabber.ru

 

[BabaDook]

есть во всех cms уязвимости

 

[bravo]

_ttp://ru.1337day.com/

 

[DarckSol]

И как всегда, я дрочер MSF

msf > search wordpress

Matching Modules
================

  Name                                                          Disclosure Date  Rank      Description
  ----                                                          ---------------  ----      -----------
  auxiliary/admin/http/wp_custom_contact_forms                  2014-08-07      normal    WordPress custom-contact-forms Plugin SQL Upload
  auxiliary/admin/http/wp_easycart_privilege_escalation          2015-02-25      normal    WordPress WP EasyCart Plugin Privilege Escalation                                                                                                                 
  auxiliary/admin/http/wp_wplms_privilege_escalation            2015-02-09      normal    WordPress WPLMS Theme Privilege Escalation                                                                                                                         
  auxiliary/dos/http/wordpress_long_password_dos                2014-11-20      normal    WordPress Long Password DoS       
  auxiliary/dos/http/wordpress_xmlrpc_dos                        2014-08-06      normal    Wordpress XMLRPC DoS
  auxiliary/gather/wp_ultimate_csv_importer_user_extract        2015-02-02      normal    WordPress Ultimate CSV Importer User Table Extract
  auxiliary/gather/wp_w3_total_cache_hash_extract                                normal    W3-Total-Cache Wordpress-plugin 0.9.2.4 (or before) Username and Hash Extract
  auxiliary/scanner/http/wordpress_cp_calendar_sqli              2015-03-03      normal    CP Multi-View Calendar Unauthenticated SQL Injection Scanner
  auxiliary/scanner/http/wordpress_ghost_scanner                                  normal    WordPress XMLRPC GHOST Vulnerability Scanner
  auxiliary/scanner/http/wordpress_login_enum                                    normal    WordPress Brute Force and User Enumeration Utility
  auxiliary/scanner/http/wordpress_pingback_access                                normal    Wordpress Pingback Locator
  auxiliary/scanner/http/wordpress_scanner                                        normal    Wordpress Scanner
  auxiliary/scanner/http/wordpress_xmlrpc_login                                  normal    Wordpress XML-RPC Username/Password Login Scanner
  auxiliary/scanner/http/wp_contus_video_gallery_sqli            2015-02-24      normal    Contus Video Gallery Unauthenticated SQL Injection Scanner
  auxiliary/scanner/http/wp_dukapress_file_read                                  normal    WordPress DukaPress Plugin File Read Vulnerability
  auxiliary/scanner/http/wp_gimedia_library_file_read                            normal    WordPress GI-Media Library Plugin Directory Traversal Vulnerability
  auxiliary/scanner/http/wp_mobileedition_file_read                              normal    WordPress Mobile Edition File Read Vulnerability
  auxiliary/scanner/kademlia/server_info                                          normal    Gather Kademlia Server Information
  auxiliary/scanner/ssh/detect_kippo                                              normal    Kippo SSH Honeypot Detector
  exploit/osx/local/rootpipe                                    2015-04-09      great      Apple OS X Rootpipe Privilege Escalation
  exploit/unix/webapp/joomla_akeeba_unserialize                  2014-09-29      excellent  Joomla Akeeba Kickstart Unserialize Remote Code Execution
  exploit/unix/webapp/php_wordpress_foxypress                    2012-06-05      excellent  WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution
  exploit/unix/webapp/php_wordpress_infusionsoft                2014-09-25      excellent  Wordpress InfusionSoft Upload Vulnerability
  exploit/unix/webapp/php_wordpress_lastpost                    2005-08-09      excellent  WordPress cache_lastpostdate Arbitrary Code Execution
  exploit/unix/webapp/php_wordpress_optimizepress                2013-11-29      normal    WordPress OptimizePress Theme File Upload Vulnerability
  exploit/unix/webapp/php_wordpress_total_cache                  2013-04-17      excellent  Wordpress W3 Total Cache PHP Code Execution
  exploit/unix/webapp/php_xmlrpc_eval                            2005-06-29      excellent  PHP XML-RPC Arbitrary Code Execution
  exploit/unix/webapp/wp_admin_shell_upload                      2015-02-21      excellent  WordPress Admin Shell Upload
  exploit/unix/webapp/wp_advanced_custom_fields_exec            2012-11-14      excellent  WordPress Plugin Advanced Custom Fields Remote File Inclusion
  exploit/unix/webapp/wp_asset_manager_upload_exec              2012-05-26      excellent  WordPress Asset-Manager PHP File Upload Vulnerability
  exploit/unix/webapp/wp_creativecontactform_file_upload        2014-10-22      excellent  Wordpress Creative Contact Form Upload Vulnerability
  exploit/unix/webapp/wp_downloadmanager_upload                  2014-12-03      excellent  Wordpress Download Manager (download-manager) Unauthenticated File Upload
  exploit/unix/webapp/wp_easycart_unrestricted_file_upload      2015-01-08      excellent  WordPress WP EasyCart Unrestricted File Upload
  exploit/unix/webapp/wp_foxypress_upload                        2012-06-05      excellent  WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution
  exploit/unix/webapp/wp_google_document_embedder_exec          2013-01-03      normal    WordPress Plugin Google Document Embedder Arbitrary File Disclosure
  exploit/unix/webapp/wp_holding_pattern_file_upload            2015-02-11      excellent  WordPress Holding Pattern Theme Arbitrary File Upload
  exploit/unix/webapp/wp_inboundio_marketing_file_upload        2015-03-24      excellent  Wordpress InBoundio Marketing PHP Upload Vulnerability
  exploit/unix/webapp/wp_infusionsoft_upload                    2014-09-25      excellent  Wordpress InfusionSoft Upload Vulnerability
  exploit/unix/webapp/wp_lastpost_exec                          2005-08-09      excellent  WordPress cache_lastpostdate Arbitrary Code Execution
  exploit/unix/webapp/wp_nmediawebsite_file_upload              2015-04-12      excellent  Wordpress N-Media Website Contact Form Upload Vulnerability
  exploit/unix/webapp/wp_optimizepress_upload                    2013-11-29      normal    WordPress OptimizePress Theme File Upload Vulnerability
  exploit/unix/webapp/wp_photo_gallery_unrestricted_file_upload  2014-11-11      excellent  WordPress Photo Gallery Unrestricted File Upload
  exploit/unix/webapp/wp_pixabay_images_upload                  2015-01-19      excellent  WordPress Pixabay Images PHP Code Upload
  exploit/unix/webapp/wp_platform_exec                          2015-01-21      excellent  WordPress Platform Theme File Upload Vulnerability
  exploit/unix/webapp/wp_property_upload_exec                    2012-03-26      excellent  WordPress WP-Property PHP File Upload Vulnerability
  exploit/unix/webapp/wp_reflexgallery_file_upload              2012-12-30      excellent  Wordpress Reflex Gallery Upload Vulnerability
  exploit/unix/webapp/wp_revslider_upload_execute                2015-11-26      excellent  Wordpress RevSlider File Upload and Execute Vulnerability
  exploit/unix/webapp/wp_slideshowgallery_upload                2014-08-28      excellent  Wordpress SlideShow Gallery Authenticated File Upload
  exploit/unix/webapp/wp_symposium_shell_upload                  2014-12-11      excellent  WordPress WP Symposium 14.11 Shell Upload
  exploit/unix/webapp/wp_total_cache_exec                        2013-04-17      excellent  WordPress W3 Total Cache PHP Code Execution
  exploit/unix/webapp/wp_worktheflow_upload                      2015-03-14      excellent  Wordpress Work The Flow Upload Vulnerability
  exploit/unix/webapp/wp_wpshop_ecommerce_file_upload            2015-03-09      excellent  WordPress WPshop eCommerce Arbitrary File Upload Vulnerability
  exploit/unix/webapp/wp_wptouch_file_upload                    2014-07-14      excellent  Wordpress WPTouch Authenticated File Upload
  exploit/unix/webapp/wp_wysija_newsletters_upload              2014-07-01      excellent  Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload
  exploit/windows/browser/adobe_flashplayer_newfunction          2010-06-04      normal    Adobe Flash Player "newfunction" Invalid Pointer Use
  exploit/windows/fileformat/adobe_flashplayer_button            2010-10-28      normal    Adobe Flash Player "Button" Remote Code Execution
  exploit/windows/fileformat/adobe_flashplayer_newfunction      2010-06-04      normal    Adobe Flash Player "newfunction" Invalid Pointer Use
  exploit/windows/fileformat/ms12_005                            2012-01-10      excellent  MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
  exploit/windows/fileformat/winrar_name_spoofing                2009-09-28      excellent  WinRAR Filename Spoofing
  exploit/windows/ftp/easyftp_cwd_fixret                        2010-02-16      great      EasyFTP Server CWD Command Stack Buffer Overflow
  exploit/windows/http/sws_connection_bof                        2012-07-20      normal    Simple Web Server Connection Header Buffer Overflow
  post/windows/gather/credentials/razer_synapse                                  normal    Windows Gather Razer Synapse Password Extraction

msf > search joomla

Matching Modules
================

  Name                                                    Disclosure Date  Rank      Description
  ----                                                    ---------------  ----      -----------
  auxiliary/gather/joomla_weblinks_sqli                  2014-03-02      normal    Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read
  auxiliary/scanner/http/joomla_bruteforce_login                          normal    Joomla Bruteforce Login Utility
  auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner  2015-03-20      normal    Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
  auxiliary/scanner/http/joomla_gallerywd_sqli_scanner    2015-03-30      normal    Gallery WD for Joomla! Unauthenticated SQL Injection Scanner
  auxiliary/scanner/http/joomla_pages                                      normal    Joomla Page Scanner
  auxiliary/scanner/http/joomla_plugins                                    normal    Joomla Plugins Scanner
  auxiliary/scanner/http/joomla_version                                    normal    Joomla Version Scanner
  exploit/unix/webapp/joomla_akeeba_unserialize          2014-09-29      excellent  Joomla Akeeba Kickstart Unserialize Remote Code Execution
  exploit/unix/webapp/joomla_comjce_imgmanager            2012-08-02      excellent  Joomla Component JCE File Upload Remote Code Execution
  exploit/unix/webapp/joomla_media_upload_exec            2013-08-01      excellent  Joomla Media Manager File Upload Vulnerability
  exploit/unix/webapp/joomla_tinybrowser                  2009-07-22      excellent  Joomla 1.5.12 TinyBrowser File Upload Code Execution

msf > search drupal

Matching Modules
================

  Name                                          Disclosure Date  Rank      Description
  ----                                          ---------------  ----      -----------
  auxiliary/gather/drupal_openid_xxe            2012-10-17      normal    Drupal OpenID External Entity Injection
  auxiliary/scanner/http/drupal_views_user_enum  2010-07-02      normal    Drupal Views Module Users Enumeration
  exploit/multi/http/drupal_drupageddon          2014-10-15      excellent  Drupal HTTP Parameter Key/Value SQL Injection
  exploit/unix/webapp/php_xmlrpc_eval            2005-06-29      excellent  PHP XML-RPC Arbitrary Code Execution

PS: А вот приват или свои наработки вряд ли кто то продаст, ищи хаЦкера в партнёры.

 

[Dark Koder]

DarckSol, а MSF автоматически обновляет базу сплойтов? или при выходе новой версии он старую бросает, и надо вручную обновлять? (в составе Кали\Бактрак)

 

[DarckSol]

У меня всё обновляется через msfupdate

 

[makslogininfo]

Заходишь в кали, вводишь:
search exploit/(название cms,которая нужна)
Потом подбираешь нужный експлоит из списка и прописываешь:
use (название эксплоита)
Потом:
show options
И выставляешь нужные параметры через set
Например:
set RHOST site.ru
После того как все выставил:
exploit