Wordpress CSRF Upload Bug

in utopian-io •  7 years ago  (edited)

Hi all I will tell you today the gap found on Wordpress. Although it may seem like a small open, shell installations can do a lot of damage to our site. We need to be careful about this.

Wordpress is the most widely used script in the world as you know it. It is generally based on all sites such as blog, News, magazine, corporate, and so on. This feature, which makes the wordattractive, has a lot of weakness.
With the latest update, CSRF weakness has occurred.

What is CSRF?
CSRF, which stands for Cross Site Reference forgery, is nowadays; The encoder is a security vulnerability that is caused by lack of coding information. This is caused by a code defect in the exposed software. This open is occurring continuously. There are different ways to close it.

How to find the CSRF Upload vulnerability in Wordpress?
Screenshot_1.png
First, you can list sites that will be affected by this vulnerability. You can notify these site owners if you want.

inurl:/wp-content/plugins/viral-optins/

by calling the code, you can list sites that will be affected by this vulnerability.

How do we tray the gap after finding these sites?
Screenshot_2.png

After the extension of the domain

/wp-content/plugins/viral-optins/api/uploader/file-uploader.php

We can follow the path to the address created by the hunger. If you came to this screen it means that your site also has a vulnerability in Wordpress csrf Upload.

How will you test it after you find the deficit?
Screenshot_3.png

In the code below, you write down the domain of the site that you think is the siteadresi.com writer. By opening this code in the new text document, we are saving. html

Screenshot_4.png

We can upload anything we want from this upload screen. Usually the photo is uploading, but attackers can hack our site by differentiating it. We have to be very careful about this.

How do I close this gap?
In fact, make sure this is updated to the latest versions of the plugins that you use fairly simply. Of course, the latest version of Wordpress must also be found. You can continuously track the latest versions from the WordPress.org site.
See you in a different article. :)



Posted on Utopian.io - Rewarding Open Source Contributors

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Your contribution cannot be approved because the contribution category you have chosen requires your post to be in English. See the Utopian Rules.
Welcome to utopian and thanks for contributing.
Kindly read our rules before posting to not occur in such rejection cases. We specify to only use English in posts. unless the repo specifies.
Thanks for contributing, but it is rejected.
You can contact us on Discord.
[utopian-moderator]

Thanks updated :)

Hey @sachincool, I just gave you a tip for your hard work on moderation. Upvote this comment to support the utopian moderators and increase your future rewards!

Hello @ahmetbozkurt, it seems to me you are finding it some how cumbersome understanding the platform. i strongly recommend that you go through and understand utopian rules before submitting any further contribution. Alternatively, you can simply contact us on discord for more information.
Please be very sure you follow what i recommended or we may take some nasty action if found not respecting utopian rules. Thank you.

[utopian-supervisors]