Skip to content

Latest commit

 

History

History

vultarget

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
nginx
nginx
 
 
screenshots
screenshots
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

README.md

CVE-2019-9787 CSRF PoC

Overview

PoC of CSRF CVE-2019-9787 WordPress Version 5.1.1 CVE-2019-9787

Do not use this, EXCEPT for TEST purpose.

Installation

docker-compose up -d

Attack

  1. Access http://localhost:8080/wp-admin/install.php and install WordPress. you only have to create WP admin account.

  1. Access http://localhost:8080/?p=1#comments as a visitor, and post comment like "Hacker Attack http://localhost/".

  1. Click the link posted at 2.

  1. You will see the comment "CSRF Attack made Successfully!" is posted by user you currently logged in.