exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Watu PRO 4.8.8.4 Cross Site Request Forgery

Watu PRO 4.8.8.4 Cross Site Request Forgery
Posted Sep 1, 2015
Authored by Tom Adams

Watu PRO version 4.8.8.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 19f0b88e7f288e4fa32ed534a2e38308e94cc58b4fc328aaa767081170ce39cf

Watu PRO 4.8.8.4 Cross Site Request Forgery

Change Mirror Download
Details
================
Software: Watu PRO
Version: 4.8.8.4
Homepage: http://calendarscripts.info/watupro/
Advisory report: https://security.dxw.com/advisories/csrf-in-watu-pro-allows-unauthenticated-attackers-to-delete-quizzes/
CVE: Awaiting assignment
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description
================
CSRF in Watu PRO allows unauthenticated attackers to delete quizzes

Vulnerability
================
An attacker able to convince an admin to visit a link of their choosing is able to delete quizzes.

Proof of concept
================
Assuming there is a quiz with ID 1, the following link will delete it when visited by a logged-in admin:
http://localhost/wp-admin/admin.php?page=watupro_exams&action=delete&quiz=1

Mitigations
================
This issue has been discussed with the author, who disagrees that there is an exploitable issue. We maintain that the above proof of concept demonstrates this issue. Nonetheless, the author has told us that they have made changes to address the problem in version 4.9.0.8 of this plugin. We have not verified these changes, so our recommendation is to upgrade to version 4.9.0.8 or later, and ideally conduct your own security assessment of this plugin.

Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/

Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf.

This vulnerability will be published if we do not receive a response to this report with 14 days.

Timeline
================

2015-08-11: Discovered
2015-08-11: Reported to Author via email
2015-08-11: Author responded
2015-08-26: Author reported fixed in version 4.9.0.8
2015-09-01: Published



Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.




Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close