crawler based on weak security of wpforms

.gitignore

@@ -0,0 +1 @@
+**/data

import/api/wpforms-crawler/.gitignore

@@ -0,0 +1,2 @@
+config.sh
+data*

import/api/wpforms-crawler/README.md

@@ -0,0 +1,3 @@
+[wpforms](https://wpforms.com/) uses an counter for `ENTRY_ID`s and seems to be vulnerable against CSRF :(
+
+Once we have obtained a cookie, crawling is trivial…

import/api/wpforms-crawler/config.sh

@@ -0,0 +1,27 @@
+## common
+
+DATA_DIR="./data"
+
+## download
+
+START=500  #57
+END=500  #1000
+
+WP_ADMIN_URL='https://example.com/wp-admin/admin.php'
+FORM_ID=16993
+NONCE='caffeeeeee'
+AUTHORIZATION_HEADER='authorization: Basic Base64EncodedDataaaaaaaaaa=='
+COOKIE_HEADER='cookie: wordpress_sec_thisCopiedFromTheBrower; wordpress_logged_in_; some_other_cookies'
+
+## HEADERS_THAT_SEEM_TO_BE_NOT_REQUIRED
+#-H 'authority: example.com' \
+#-H 'upgrade-insecure-requests: 1' \
+#-H 'cache-control: max-age=0' \
+
+## merge
+
+OUT="/tmp/example.csv"
+
+## setup
+
+[ -d $DATA_DIR ] || mkdir $DATA_DIR

import/api/wpforms-crawler/download.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+source ./config.sh
+
+function download() {
+  ENTRY=$1
+  OUT="${DATA_DIR}/${ENTRY}.csv"
+  echo $ENTRY
+  curl "${WP_ADMIN_URL}?page=wpforms-tools&view=export&action=wpforms_tools_single_entry_export_download&form=${FORM_ID}&entry_id=${ENTRY}&export_options%5B0%5D=csv&nonce=${NONCE}" \
+    -H "$COOKIE_HEADER" \
+    -H "$AUTHORIZATION_HEADER" \
+    --compressed | tee $OUT
+}
+
+
+for i in $(seq $START $END); do
+  download $i || exit
+done

import/api/wpforms-crawler/merge.sh

@@ -0,0 +1,8 @@
+## quick and dirty! TODO: replace grep -v
+
+source ./config.sh
+
+(cd $DATA_DIR; head -n1 $(ls | head -n1)) > $OUT
+cat $DATA_DIR/* | grep -v 'Name,Land,Straße,Hausnummer' >> $OUT
+
+wc -l $OUT