CVE-2019-9787 PoC — WordPress 跨站请求伪造漏洞

Source

https://github.com/rkatogit/cve-2019-9787_csrf_poc

Associated Vulnerability

Title:WordPress 跨站请求伪造漏洞 (CVE-2019-9787)
Description:WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.

Readme

# CVE-2019-9787 CSRF PoC

## Overview
PoC of CVE-2019-9787 CSRF    
WordPress Version 5.0    
[refference](https://blog.ripstech.com/2019/wordpress-csrf-to-rce/)

Do not use this except for test purpose.

## Installation

```
$ docker-compose up -d
```

1. access http://localhost:8080/ and install WordPress. you only have to create WP admin account.   
2. access http://localhost:8080/?p=1#comments as a visitor, and post comment like "csrf site: http://localhost/".   
![comment ex](https://github.com/rkatogit/cve-2019-9787_csrf_poc/blob/images/1.png)


## Test
click the link posted at 2.    
![comment ex](https://github.com/rkatogit/cve-2019-9787_csrf_poc/blob/images/2.png)

you'll see the comment "csrf success" is posted by user you currently logged in.

File Snapshot


 [4.0K]  /data/pocs/05dfdd7b1883e2cd09609c331f68e0b8350231f6
├── [ 689]  docker-compose.yml
├── [4.0K]  nginx
│   ├── [ 262]  iframe-post.html
│   └── [ 105]  index.html
└── [ 766]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!