Lucene search
Mohammad Reza OmraniWPEX-ID:6F481D34-6FEB-4AF2-914C-1F3288F69207HistoryNov 06, 2023 - 12:00 a.m.
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
2023-11-0600:00:00
Mohammad Reza Omrani
107
install activate intercept turbo intruder burp extension exploit race condition.
0.0005 Low
EPSS
Percentile
17.8%
Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
1- Install and activate kk Star Ratings.
2- Go to the page that displays the star rating.
3- Using Burp and the Turbo Intruder extension, intercept the rating submission.
4- Send the request to Turbo Intruder using Action > Extensions > Turbo Intruder > Send to turbo intruder.
5- Drop the initial request and turn Intercept off.
6- In the Turbo Intruder window, add "%s" to the end of the connection header (e.g. "Connection: close %s").
7- Use the code `examples/race.py`.
8- Click "Attack" at the bottom of the window. This will send multiple requests to the server at the same moment.
9- To see the updated total rates, reload the page you tested.Related
prion
prion
Race condition
2023-11-27 17:15:00
wpvulndb
wpvulndb
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
2023-11-06 00:00:00
openvas
openvas
WordPress kk Star Ratings Plugin < 5.4.6 Race Condition Vulnerability
2023-11-29 00:00:00
nvd
nvd
CVE-2023-4642
2023-11-27 17:15:08
packetstorm
packetstorm
KK Star Ratings Race Condition
2024-03-05 00:00:00
cvelist
cvelist
CVE-2023-4642 kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
2023-11-27 16:21:58
zdt
zdt
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition Vulnerability
2024-03-05 00:00:00
exploitdb
exploitdb
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
2024-03-05 00:00:00
cve
cve
CVE-2023-4642
2023-11-27 17:15:08