Skip to main content

Posts

WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)

  |=========================================================================== | # Exploit Title : WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) | | # Category : Web Application | | # Software Link : https://wordpress.org/plugins/rss-for-yandex-turbo/ | | # Tested on : [ Windows ~> 10 , Kali Linux] | | # Version: 1.29 | | # Date : 2021-04-22 |=========================================================================== #Steps to reproduce vulnerability: 1. Install WordPress 5.6 2. Install and activate "RSS for Yandex Turbo" plugin. 3. Navigate to Setting >> Яндекс.Турбо >> Счетчики and enter the data into all the six user input field and submit the request. 4

WordPress XXE injection vulnerability could allow attackers to remotely steal host files

  An   XXE vulnerability  allows an attacker to interfere with an application’s processing of XML data. This can enable them to view files on the application server filesystem and interact with any back-end or external systems that the application itself can access. In this case, the XXE bug was present in WordPress versions 5.7 and below, and could allow for remote arbitrary file disclosure and  server-side request forgery  ( SSRF ). Restrictions The blog post caveats that this issue is only present in systems running affected WordPress installations on PHP 8. Additionally, the permissions to upload media files are needed,” SonarSource researchers explained in the blog post. On a standard WordPress installation this translates to having author privileges. However, combined with another vulnerability or a plugin allowing visitors to upload media files, it could be exploited with lower privileges.” The researchers disclosed the code vulnerability to the WordPress security team, who fixe

SMS and Call Bomber(BOMBitUP)

BOMBitUP: The Ultimate SMS Bomber By this app you can prank your friend.this app is for only fun. The app works really well, you can send upto 99 messages at one go per number. Your friends will be receiving various messages from Hike, Naaptol, Muffin API etc. They won’t even know that you are sending them messages. Remember, use this App only for fun and not revenge. Check instructions below. Instructions Download  the app from the given link Install  the App Enter  mobile number  or Choose from  contact Enter the number of SMS you wish to bomb Click the BOMBit button Enjoy!!!!! 😀

How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely

 This will allow us to control the webcam remotely, capturing snapshots from it. Why exactly would you want to hack into somebody's webcam? Maybe you suspect your significant other of having a fling. Or, maybe you're into blackmailing. Or, maybe you're just a creep. But the real purpose is to show just how easy it is, so you're aware that it can be done—and so you can protect yourself against it. Unlike just installing a command shell on the victim computer, the Meterpreter has the power to do numerous and nearly unlimited things on the target's computer. The key is to get the Meterpreter installed on their system first. I've shown how to do this in some of my previous articles , where you could get the victim to click on a link to our malicious website , send a malicious Microsoft Office document or Adobe Acrobat file , and more. So, now let's fire up Metasploit and install Meterpreter on the victim's system. Once we have don

How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite

Although you can use Tamper Data for this purpose, I want to introduce you to another tool that is built into Kali, Burp Suite. Step 1 Open THC-Hydra So, let's get started. Fire up Kali and open THC-Hydra from Applications -> Kali Linux -> Password Attacks -> Online Attacks -> hydra. Step 2 Get the Web Form Parameters To be able to hack web form usernames and passwords, we need to determine the parameters of the web form login page as well as how the form responds to bad/failed logins. The key parameters we must identify are the: IP Address of the website URL type of form field containing the username field containing the password failure message We can identify each of these using a proxy such as Tamper Data or Burp Suite. Step 3 Using Burp Suite Although we can use any proxy to do the job, including Tamper Data, in this post we will use Burp Suite. You can open Burp Suite by going to Applications -> Kali Linux -> Web Appl

Hack a Windows 7/8/10 Admin Account Password with Windows Magnifier

Greetings. This how-to on hacking Windows 7/8/10 etc. admin account passwords using Windows Magnifier is focused on adding, changing, or deleting an admin level account on a Windows 7/8/10 etc. Maybe you forgot or lost the password to your Windows Admin account, this guide will help with that. If you are trying to hack the computer lab at school then you will need a different method Disclaimer: This is for use on a PC that you own. Breaking into someone else's PC is considered a serious crime in most places. If you make a mistake or change something else, your Windows may become a non-boot. If so, just undo whatever you changed outside of the hack shown here, and it will back to normal. Need I say this is for Educational Purposes! You are responsible for your own thoughts and actions. Difficulty Level: 2/10 Prerequisites: Any Linux Live CD/DVD/USB with Live option (ex. Ubuntu Live, Linux Live, Kali , etc.). Abi

Crack Wi-Fi Passwords—For Beginners!

An internet connection has become a basic necessity in our modern lives. Wireless hotspots (commonly known as Wi-Fi) can be found everywhere! If you have a PC with a  wireless network card , then you must have seen many networks around you. Sadly, most of these networks are secured with a network security key. Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down. Cracking those Wi-Fi passwords is your answer to temporary internet access. This is a comprehensive guide which will teach even complete beginners how to crack WEP encrypted networks, easily. If it's WPA2-PSK passwords you need to crack, you can use  aircrack-ng  or  coWPAtty . Table of Contents How are wireless networks secured? What you'll need Setting up CommView for Wi-Fi Selecting the target network and capturing packets Waiting... Now the i