The 2015 Pwnie Nominee For Best Client-Side Bug

W3TotalFail

Credit: Mazin Ahmed

W3 Total Cache v0.9.4 is vulnerable to a critical Cross-Site Request Forgery issue. It occurs because of the invalidation of the CSRF token “_wpnonce”. This CSRF issue can be used to perform many actions, but the most significant action that has the biggest impact on users is redirecting users to malicious websites. This can be happened by using the feature of specify particular user-agents to be redirected to mobile site. By crafting an exploit that forces the victim to change the policy feature’s policy to redirect every user who visit the victim’s website to be redirected to a specific website that is specified by the attacker. This can be done by adding all the common keywords that is used on user-agents.

W3TotalFail