CVE-2019-9787 PoC — WordPress 跨站请求伪造漏洞

Source

https://github.com/rkatogit/cve-2019-9787_csrf_poc

Associated Vulnerability

Title:WordPress 跨站请求伪造漏洞 (CVE-2019-9787)
Description:WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.

Readme

# CVE-2019-9787 CSRF PoC

## Overview
PoC of CVE-2019-9787 CSRF    
WordPress Version 5.0    
[refference](https://blog.ripstech.com/2019/wordpress-csrf-to-rce/)

Do not use this except for test purpose.

## Installation

```
$ docker-compose up -d
```

1. access http://localhost:8080/ and install WordPress. you only have to create WP admin account.   
2. access http://localhost:8080/?p=1#comments as a visitor, and post comment like "csrf site: http://localhost/".   
![comment ex](https://github.com/rkatogit/cve-2019-9787_csrf_poc/blob/images/1.png)


## Test
click the link posted at 2.    
![comment ex](https://github.com/rkatogit/cve-2019-9787_csrf_poc/blob/images/2.png)

you'll see the comment "csrf success" is posted by user you currently logged in.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →