Lucene search
K

4 matches found

0day.today
0day.today
added 2024/03/05 12:0 a.m.548 views

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition Vulnerability

Exploit Title: kk Star Ratings Extensions Turbo Intruder Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add "%s" to the end of the connection header e.g. "Connection: close %s". 7- Use the code examples/race.py. 8- Click "Attack" at th...

5.9CVSS5.8AI score0.00414EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/03/05 12:0 a.m.407 views

KK Star Ratings Race Condition

Exploit Title: kk Star Ratings Extensions Turbo Intruder Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add "%s" to the end of the connection header e.g. "Connection: close %s". 7- Use the code examples/race.py. 8- Click "Attack" at th...

5.9CVSS7.4AI score0.00414EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/03/05 12:0 a.m.553 views

kk Star Ratings &lt; 5.4.6 - Rating Tampering via Race Condition

Exploit Title: kk Star Ratings Extensions Turbo Intruder Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add "%s" to the end of the connection header e.g. "Connection: close %s". 7- Use the code examples/race.py. 8- Click "Attack" at th...

5.9CVSS5.8AI score0.00414EPSS
Exploits5
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.19 views

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. PoC 1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating...

5.9CVSS5.8AI score0.00414EPSS
Exploits5Affected Software1
Rows per page
Query Builder