Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbFelipe Restrepo RodriguezWPVDB-ID:9B3C5412-8699-49E8-B60C-20D2085857FB
HistoryMar 19, 2021 - 12:00 a.m.

PhastPress < 1.111 - Open Redirect

2021-03-1900:00:00
Felipe Restrepo Rodriguez
wpscan.com
12
JSON

There is an open redirect in the plugin that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it’s possible to redirect the victim to any domain.

PoC

https://example.com/wp-content/plugins/phastpress/phast.php?service=scripts&amp;src;=https%3A%2F%2Fwpscan.com https://example.com/wp-content/plugins/phastpress/phast.php/c2VydmljZT1pbWFnZXMmc3JjPWh0dHBzJTNBJTJGJTJGd3BzY2FuLmNvbSZjYWNoZU1hcmtlcj0mdG9rZW49.q.png c2VydmljZT1pbWFnZXMmc3JjPWh0dHBzJTNBJTJGJTJGd3BzY2FuLmNvbSZjYWNoZU1hcmtlcj0mdG9rZW49 being the base64 of service=images&src;=https%3A%2F%2Fwpscan.com&cacheMarker;=&token;=

CPENameOperatorVersion
phastpresslt1.111

Related

prion 1
nuclei 1
wpexploit 1
cve 1
prion
prion
Open redirect
2021-04-05 19:15:00
nuclei
nuclei
WordPress PhastPress <1.111 - Open Redirect
2021-06-29 10:03:18
wpexploit
wpexploit
PhastPress < 1.111 - Open Redirect
2021-03-19 00:00:00
cve
cve
CVE-2021-24210
2021-04-05 19:15:00
JSON
Related for WPVDB-ID:9B3C5412-8699-49E8-B60C-20D2085857FB
prion1nuclei1wpexploit1cve1