Live DDoS Attack Map

This map is the fruit of collaboration between Google Ideas and Arbor Networks in an effort to raise awareness about distributed denial of service attacks in the world everyday.

Exploring the Data

The Digital Attack Map displays global DDoS activity on any given day. Attacks are displayed as dotted lines, scaled to size, and placed according to the source and destination countries of the attack traffic when known. Some features include:

Use the histogram at the bottom of the map to explore historical data.
Select a country to view DDoS activity to or from that country.
Use the color option to view attacks by class, duration, or source/destination port.
Use the news section to find online reports of attack activity from a specified time.
View the gallery to explore some examples of days with notable DDoS attacks.

About Us

Apakau, Inc. - based in Sunnyvale, CA - provides a service that helps enterprises around the globe achieve maximum performance and availability of their web and mobile applications. By ensuring ultra low latency of dynamic application data and APIs, Apakau eliminates delays that users - all over the world - experience on enterprise applications, on desktop as well as mobile devices.

Contact Us

info@apakau.com
+1 (415) 462-4934

415 Oakmead Pkwy
Sunnyvale, CA 94085

Friday, February 13, 2015

WordPress Video Gallery 2.7 SQL Injection

# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerabilitiey

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery

# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip

# Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss

# Date : 2015-02-11

# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox

######################

# Vulnerability Disclosure Timeline:

2015-02-08: Discovered vulnerability
2015-02-09: Vendor Notification
2015-02-10: Vendor Response/Feedback
2015-02-10: Vendor Send Fix/Patch
2015-02-11: Public Disclosure

# Description

Wordpress Video Gallery 2.7 suffers from SQL injection

######################

# PoC

http://target/wp-admin/admin-ajax.php?action=rss&type=video&vid=[SQLi]

#####################

# Fix/patch sended by apptha's developer

File: videogalleryrss.php

Change line n.47

from:

$vid = filter_input(INPUT_GET,'vid');
to:

$vid = intval(filter_input(INPUT_GET,'vid'));

#####################

Discovered By : Claudio Viviani
http://www.homelab.it
info@homelab.it
homelabit@protonmail.ch

https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################

Live Ddos View

Live DDoS Attack Map

Exploring the Data

About Us

Contact Us

Follow Us

Friday, February 13, 2015

WordPress Video Gallery 2.7 SQL Injection

No comments:

Post a Comment