exploit the possibilities

phpwind 8.7 Open Redirect

phpwind 8.7 Open Redirect
Posted May 25, 2015
Authored by Jing Wang

phpwind version 8.7 suffers from an open redirection vulnerability.

tags | exploit
MD5 | a11eba7259e1565d96690df3bb114752

phpwind 8.7 Open Redirect

Change Mirror Download
*phpwind v8.7 Unvalidated Redirects and Forwards Web Security
Vulnerabilities*



Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security
Vulnerabilities
Product: phpwind
Vendor: phpwind
Vulnerable Versions: v8.7
Tested Version: v8.7
Advisory Publication: May 24, 2015
Latest Update: May 24, 2015
Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect')
[CWE-601]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [School of Physical and Mathematical
Sciences (SPMS), Nanyang Technological University (NTU), Singapore]
(@justqdjing)





*Caution Details:*


*(1) Vendor & Product Description:*


*Vendor:*
phpwind



*Product & Vulnerable Versions:*
phpwind
v8.7



*Vendor URL & Download:*
Product can be obtained from here,
http://www.phpwind.net/thread/166





*Product Introduction Overview:*
"Today, the country's 200,000 worth of small sites, there are nearly
100,000 community site uses phpwind, has accumulated more than one million
sites use phpwind, there are 1,000 new sites every day use phpwind. These
community sites covering 52 types of trades every day one million people
gathered in phpwind build community, issued 50 million new information,
visit more than one billion pages. National Day PV30 million or more in
1000 about a large community, there are more than 500 sites selected
phpwind station software provided, including by scouring link Amoy
satisfaction, a daily e-commerce and marketing groups, and other on-line
product vigorously increase in revenue for the site. Excellent partners,
such as Xiamen fish, of Long Lane, Erquan network, Kunshan forum, the North
Sea 360, Huizhou West Lake, Huashang like.

phpwind recent focus on strengthening community media value, expand
e-commerce applications community. phpwind focus on small sites to explore
the value of integration and applications, we believe that the website that
is community, the community can provide a wealth of applications to meet
people access to information, communication, entertainment, consumer and
other living needs, gain a sense of belonging, become online home . With
the development of the Internet, in the form of the site will be more
abundant, the integration of the Forum, more forms of information portals,
social networking sites, we will integrate these applications to products
which, and to create the most optimized user experience. phpwind mission is
to make the community more valuable, so that more people enjoy the
convenience of the Internet community in order to enhance the quality of
life."





*(2) Vulnerability Details:*
phpwind web application has a computer cyber security bug problem. It can
be exploited by Unvalidated Redirects and Forwards (URL Redirection)
attacks. This could allow a user to create a specially crafted URL, that if
clicked, would redirect a victim from the intended legitimate web site to
an arbitrary web site of the attacker's choosing. Such attacks are useful
as the crafted URL initially appear to be a web page of a trusted site.
This could be leveraged to direct an unsuspecting user to a web page
containing attacks that target client side software such as a web browser
or document rendering programs.

Several other similar products 0-day vulnerabilities have been found by
some other bug hunter researchers before. phpwind has patched some of them.
The Full Disclosure mailing list is a public forum for detailed discussion
of vulnerabilities and exploitation techniques, as well as tools, papers,
news, and events of interest to the community. FD differs from other
security lists in its open nature and support for researchers' right to
decide how to disclose their own discovered bugs. The full disclosure
movement has been credited with forcing vendors to better secure their
products and to publicly acknowledge and fix flaws rather than hide them.
Vendor legal intimidation and censorship attempts are not tolerated here!
It also publishes suggestions, advisories, solutions details related to
Open Redirect vulnerabilities and cyber intelligence recommendations.


*(2.1) *The first programming code flaw occurs at "&url" parameter in
"/goto.php?" page.





*References:*
http://www.tetraph.com/security/open-redirect/phpwind-v8-7-open-redirect/
http://securityrelated.blogspot.com/2015/05/phpwind-v87-xss.html
http://www.inzeed.com/kaleidoscope/computer-security/phpwind-v8-7-open-redirect/
https://webtechwire.wordpress.com/2015/05/24/phpwind-v8-7-open-redirect-2/
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01741.html
http://whitehatpost.blog.163.com/blog/static/242232054201542495731506/
http://cxsecurity.com/issue/WLB-2015030028
http://permalink.gmane.org/gmane.comp.security.oss.general/16883
http://lists.openwall.net/full-disclosure/2015/04/15/1
http://seclists.org/fulldisclosure/2015/Apr/35





--
Jing Wang,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/justqdjing


Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close