漏洞概要

漏洞标题:
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 – CSV Injection

提交时间:
2018-06-25

危害等级:

相关厂商:

漏洞分类:
exp公布

关注度:
共 14 人关注

漏洞详情

EDB-ID: 44931 Author: Bhushan B. Patil Published: 2018-06-25
CVE:
CVE-2018-11525
Type: Webapps Platform: PHP

E-DB Verified:
<a href="javascript:void(0);" data-trigger="focus" data-toggle="popover" data-placement="top" data-content='We make an effort to verify exploits (verifty) in our labs, when possible. A “non verified” exploit (marked by a clock icon clock) simply means we did not have the opportunity to test the exploit internally.’>
Waiting verification

Exploit:

Download Exploit Code Download

/

View Raw

Vulnerable App:
N/A
# Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
# Google Dork: N/A
# Date: 2018-06-24
# Exploit Author: Bhushan B. Patil
# Software Link: https://wordpress.org/plugins/woo-order-export-lite/
# Affected Version: 1.5.4 and before
# Category: Plugins and Extensions
# Tested on: WiN7_x64
# CVE: CVE-2018-11525

# 1. Application Description:
# The plugin helps you to easily export WooCommerce order data. Export any custom field assigned 
# to orders/products/coupons is easy and you can select from various formats to export the data 
# in such as CSV, XLS, XML and JSON.

# 2. Technical Description:
# Advanced Order Export For WooCommerce plugin version 1.5.4 and before are affected by the vulnerability
# Remote Command Execution using CSV Injection. This allows a public user to inject commands as a part of 
# form fields and when a user with higher privilege exports the form data in CSV opens the file on their machine,
# the command is executed.

# 3. Proof Of Concept:
 
Enter the payload @SUM(1+1)*cmd|' /C calc'!A0 in the form fields and submit.

# When high privileged user logs into the application to export form data in CSV and opens the file.
# Formula gets executed and calculator will get popped in his machine.

发表评论

电子邮件地址不会被公开。 必填项已用*标注