WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #57451


Ignore:
Timestamp:
02/15/2023 12:23:48 AM (2 years ago)
Author:
sabernhardt
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #57451

    • Property Component changed from General to Export

  • Ticket #57451 – Description

    initial v1  
    22
    33Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing
     4
    45Steps To Reproduce:
    56
    671. Login to WordPress Backend as an Admin
    7 2. Go-to Tools > Export> Select what to export
     82. Go-to Tools > Export > Select what to export
    893. Select the Data you want to export. Capture this request using a web-proxy like BurpSuite
    9104. Since this is a GET request, Copy the URL to which request is made.
     
    1213
    1314The endpoint vulnerable:
    14 http://<your_wp.com>/wp-admin/export.php?download=true&content=all&cat=0&post_author=2&post_start_date=0&post_end_date=0&post_status=0&page_author=0&page_start_date=0&page_end_date=0&page_status=0&attachment_start_date=0&attachment_end_date=0&submit=Download+Export+File
     15`http://<your_wp.com>/wp-admin/export.php?download=true&content=all&cat=0&post_author=2&post_start_date=0&post_end_date=0&post_status=0&page_author=0&page_start_date=0&page_end_date=0&page_status=0&attachment_start_date=0&attachment_end_date=0&submit=Download+Export+File`
    1516
    1617Recommendations
     
    1920Impact
    2021Unauthorised File Download on an administrator's PC
    21 An attacker can write a script which sends 100s of GET requests at once to the endpoint, and share the script to another user, and when he donwloads 100 files at once, it shall also consume his disk space
     22An attacker can write a script which sends 100s of GET requests at once to the endpoint, and share the script to another user, and when he downloads 100 files at once, it shall also consume his disk space