42e75482b6
4 changes to exploits/shellcodes/ghdb Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition Neontext Wordpress Plugin - Stored XSS
27 lines
No EOL
1.1 KiB
Text
27 lines
No EOL
1.1 KiB
Text
# Exploit Title: kk Star Ratings < 5.4.6 - Rating Tampering via Race
|
|
Condition
|
|
# Google Dork: inurl:/wp-content/plugins/kk-star-ratings/
|
|
# Date: 2023-11-06
|
|
# Exploit Author: Mohammad Reza Omrani
|
|
# Vendor Homepage: https://github.com/kamalkhan
|
|
# Software Link: https://wordpress.org/plugins/kk-star-ratings/
|
|
# WPScan :
|
|
https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207/
|
|
# Version: 5.4.6
|
|
# Tested on: Wordpress 6.2.2
|
|
# CVE : CVE-2023-4642
|
|
|
|
# POC:
|
|
1- Install and activate kk Star Ratings.
|
|
2- Go to the page that displays the star rating.
|
|
3- Using Burp and the Turbo Intruder extension, intercept the rating
|
|
submission.
|
|
4- Send the request to Turbo Intruder using Action > Extensions > Turbo
|
|
Intruder > Send to turbo intruder.
|
|
5- Drop the initial request and turn Intercept off.
|
|
6- In the Turbo Intruder window, add "%s" to the end of the connection
|
|
header (e.g. "Connection: close %s").
|
|
7- Use the code `examples/race.py`.
|
|
8- Click "Attack" at the bottom of the window. This will send multiple
|
|
requests to the server at the same moment.
|
|
9- To see the updated total rates, reload the page you tested. |