Iranonymous Find SQLi, Admin Page Bypass & Ajax File Download Bugs

7 years ago

Hackers of security group Iranonymous -Iranian Anonymous- have discover new file download admin page bypass and SQL Injection bugs:

  • WordPress Plugin N-Media 1.4 Arbitrary File Download Vulnerability
  • faracorp design Sql injection Vulnerability

WordPress Plugin N-Media 1.4 Arbitrary File Download Vulnerability

The “File Download” -Ajax- function is affected with an arbitrary file download vulnerability
See details here: https://cxsecurity.com/issue/WLB-2016110162
Discovered By: turk.Khan

Greetz:

Thanks to : MR.Khatar || ll_azab-siyah_ll || Blackwolf_Iran ||Ormazd ||Sh@d0w ||mohammad Pn ||Shdmehr || And All Of Iranian Anonymous

faracorp design Sql injection Vulnerability

Two issues discover in security of faracorp:

  1. sql in page course_view.php
  2. Admin page bypass
Discovered By: Ormazd

Thanks to : MR.Khatar ||Turk-Khan || Blackwolf_Iran ||ll_azab-siyah_ll ||Sh@d0w ||Hellish_PN ||And All Of Iranian Anonymous

All vulns find by Iranonymous is here
Home: Iranonymous.org

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *