WordPress Plugin Vulnerabilities
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
Description
The plugin does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
Proof of Concept
1- Install and activate kk Star Ratings. 2- Go to the page that displays the star rating. 3- Using Burp and the Turbo Intruder extension, intercept the rating submission. 4- Send the request to Turbo Intruder using Action > Extensions > Turbo Intruder > Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add "%s" to the end of the connection header (e.g. "Connection: close %s"). 7- Use the code `examples/race.py`. 8- Click "Attack" at the bottom of the window. This will send multiple requests to the server at the same moment. 9- To see the updated total rates, reload the page you tested.
Affects Plugins
References
CVE
Classification
Type
RACE CONDITION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Mohammad Reza Omrani
Submitter
Mohammad Reza Omrani
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-11-06 (about 7 months ago)
Added
2023-11-06 (about 7 months ago)
Last Updated
2023-11-06 (about 7 months ago)