oss-sec mailing list archives
wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect
From: "Larry W. Cashdollar" <larry0 () me com>
Date: Fri, 29 May 2015 10:55:30 -0400
Title: wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect Author: Larry W. Cashdollar, @_larry0 Date: 2015-05-10 Download Site: https://wordpress.org/plugins/wow-moodboard-lite/ Vendor: mschot Vendor Notified: 2015-05-19 Vendor Contact: https://profiles.wordpress.org/mschot/ Description: A mood board is a type of collage consisting of images, text, and samples of objects in a composition. They may be physical or digital, and can be "extremely effective" presentation tools. Vulnerability: wowproxy.php doesn’t require any authentication to the proxy images function. Users can be misled to a malicious link via this feature. 26 // Get the url of the image to be proxied 27 $url = ( isset( $_POST[ 'url' ] ) ) ? $_POST[ 'url' ] : ( isset( $_GET[ 'url ' ] ) ? $_GET[ 'url' ] : false ); 39 function proxyimages( $url ) 40 { 41 header( "Location: ".$url ); 42 exit; 43 } CVEID: 2015-4070 OSVDB:122368 Exploit Code: • http://wp-site/wordpress/wp-content/plugins/wow-moodboard-lite/wowproxy.php?url=http://site_to_redirect Advisory: http://www.vapid.dhs.org/advisory.php?v=120
Current thread:
- wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect Larry W. Cashdollar (May 29)