####################################################################
# Exploit Title : WordPress 2013 TwentyThirteen Themes 5.0.3 Open Redirection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 15/01/2019
# Vendor Homepage : wordpress.org/themes/twentythirteen/
# Software Download Link : downloads.wordpress.org/theme/twentythirteen.2.7.zip
# Affected Versions : 2.7 and 5.03
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
####################################################################
# Impact :
*********
* This web application called as WordPress 2013 TwentyThirteen Themes 2.7 and 5.0.3 versions
accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.
This simplifies phishing attacks.
* An http parameter may contain a URL value and could cause the web application to redirect
the request to the specified URL. By modifying the URL value to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials. Because the server name in the
modified link is identical to the original site, phishing attempts have a more trustworthy appearance.
####################################################################
# Open Redirection Exploit :
****************************
/wp-content/themes/twentythirteen/redirect.php?click=bg&url=https://[REDIRECTION.gov]
####################################################################
# Example Vulnerable Sites :
**************************
[+] axrtbeatsi.ga/wp-content/themes/twentythirteen/redirect.php?click=bg&url=http://cxsecurity.com/
[+] frisbeegolfradat.fi/wp-content/themes/twentythirteen/redirect.php?click=bg&url=http://cxsecurity.com/
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################