PoC of CSRF CVE-2019-9787 WordPress Version 5.1.1 CVE-2019-9787
Do not use this, EXCEPT for TEST purpose.
docker-compose up -d
- Access http://localhost:8080/wp-admin/install.php and install WordPress. you only have to create WP admin account.
- Access http://localhost:8080/?p=1#comments as a visitor, and post comment like "Hacker Attack http://localhost/".
- Click the link posted at 2.
- You will see the comment "CSRF Attack made Successfully!" is posted by user you currently logged in.
