kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Description The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.

PoC

1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating submission. 4- Send the request to Turbo Intruder using Action > Extensions > Turbo Intruder > Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add “%s” to the end of the connection header (e.g. “Connection: close %s”). 7- Use the code examples/race.py. 8- Click “Attack” at the bottom of the window. This will send multiple requests to the server at the same moment. 9- To see the updated total rates, reload the page you tested.