Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 29 May 2015 10:55:30 -0400
From: "Larry W. Cashdollar" <larry0@...com>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect

Title: wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect
Author: Larry W. Cashdollar, @_larry0
Date: 2015-05-10
Download Site: https://wordpress.org/plugins/wow-moodboard-lite/
Vendor: mschot
Vendor Notified: 2015-05-19
Vendor Contact: https://profiles.wordpress.org/mschot/
Description: 
A mood board is a type of collage consisting of images, text, and samples of objects in a composition. They may be physical or digital, and can be "extremely effective" presentation tools.


Vulnerability:
wowproxy.php doesn’t require any authentication to the proxy images function.   Users can be misled to a malicious link
via this feature.

26 // Get the url of the image to be proxied
27 $url = ( isset( $_POST[ 'url' ] ) ) ? $_POST[ 'url' ] : ( isset( $_GET[ 'url    ' ] ) ? $_GET[ 'url' ] : false );

39 function proxyimages( $url )
40 {
41         header( "Location: ".$url );
42         exit;
43 }

CVEID: 2015-4070
OSVDB:122368
Exploit Code:
	• http://wp-site/wordpress/wp-content/plugins/wow-moodboard-lite/wowproxy.php?url=http://site_to_redirect
Advisory: http://www.vapid.dhs.org/advisory.php?v=120

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ