[FD] Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0

2017-03-02 Thread Larry W. Cashdollar
Title: Remote file upload vulnerability in Wordpress Plugin Mobile App Native 
3.0
Vulnerability Date: 2017-02-27
Download: https://wordpress.org/plugins/zen-mobile-app-native/
Vendor: https://profiles.wordpress.org/zendkmobileapp/
Notified: 2017-02-27
Description: Mobile App WordPress plugin lets you turn your website into a 
full-featured mobile application in minutes using Mobile App Builder.
Vulnerability: The code in file ./zen-mobile-app-native/server/images.php 
doesn't require authentication or check that the user is allowed to upload 
content.
It also doesn't sanitize the file upload against executable code.

http://example.com/wordpress/wp-content/plugins/zen-mobile-app-native/server/images.php";
http://example.com/wordpress/wp-content/plugins/zen-mobile-app-native//server/images/8d5e957f297893487bd98fa830fa6413.php

https://github.com/lcashdol/Exploits/blob/master/mobile_plugin_exploit.sh

URL: http://www.vapidlabs.com/advisory.php?v=178
Credit: Larry W. Cashdollar, @_larry0

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


[FD] New BlackArch Linux ISOs (2017.03.01) released!

2017-03-02 Thread Black Arch
Dear list,


We've released the new BlackArch Linux ISOs along with many
improvements. They include more than 1700 tools now. The armv6h,
armv7h and aarch64 repositories are filled with about 1600 tools.


A short ChangeLog of the Live-ISOs:


   - add more than 50 new tools
   - update blackarch installer to version 0.3.3
   - fix several tools (dependencies, installs, ...)
   - include linux kernel 4.9.11
   - updated all system packages
   - updated all blackarch tools
   - updated menu entries for windows managers (awesome, fluxbox, openbox)


If you're not already familiar with BlackArch Linux, please read the
DESCRIPTION section below.



[ DOWNLOAD ]


You can download the new ISOs here: https://www.blackarch.org/downloads.html



[ DESCRIPTION ]


BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters
and security researchers. The BlackArch package repository is
compatible with existing Arch installs.


Here are some of BlackArch's features:


   - Support for i686, x86_64, armv6h, armv7h and aarch64 architectures
   - Over 1700 tools (constantly increasing)
   - Modular package groups
   - A live ISO with multiple window managers, including dwm, fluxbox,
openbox, awesome, wmii, i3 and spectrwm.
   - An 64bit OVA image ready to use with Virtualbox and VMware
   - An optional installer with the ability to build from source.


[ CONTACT ]


We mostly work on BlackArch Linux for our personal use. We share it in
the hopes that you will contribute by reporting bugs and sharing tools
and ideas.


We have a relaxed project structure. We welcome pull requests of all
sizes through any means, including Github[0] and email[1].


Also see our Twitter account[2] and IRC channel[3]. Although BlackArch
is the primary topic in the channel, we also have pleasant
conversations about other things. Come join us. It's a happy place.



[ THANKS ]


We wish to thank all of BlackArch's users, mirrors, and supporters.
Thanks for your help.



[ DONATIONS ]


Our initiative depends on donations in order to be able to pay the
server infrastructure and our expences. Therefore we ask for voluntary
donations.



[ REFERENCES ]


[0] https://www.github.com/BlackArch/ 
[1] blackarchlinux () gmail com
[2] https://twitter.com/blackarchlinux
[3] irc://irc.freenode.net/blackarch

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/