Most of CMS seems vulnerable to CSRF attacks these days, Ultimate
Wordpress auction plugin is really good concept, but suffering from CSRF
vulnerability which when exploited, attacker may add Fake Auction Bids
which obviously we don't want!!!!
Vulnerable URL:
http://127.0.0.1/wordpress-3.5.1/wordpress/wp-admin/admin.php?page=add-new-auction
Basically If you study source code closely there is no URL specified in FORM tag.
Vulnerable URL:
http://127.0.0.1/wordpress-3.5.1/wordpress/wp-admin/admin.php?page=add-new-auction
Basically If you study source code closely there is no URL specified in FORM tag.
 |
| No URL Available!! |
So in such cases page is submitting FORM information to itself!!! So
tried to craft CSRF exploit with same URL and worked well...
 |
| While CSRF Exploit Loading..... |
 |
| Fake Auction Added by Attacker |
I hope author will patch this soon, Aim is to make awareness about web
exploitation and how it is done in practical environment, so that
Application developer will be more careful while coding.
0 Response to "Ultimate WordPress Auction Plugin 1.0 - CSRF Vulnerability "
Post a Comment