Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-id: <6C936C2A-9CF0-4EAC-AA24-FB571775DEA1@me.com>
Date: Fri, 29 May 2015 10:55:30 -0400
From: "Larry W. Cashdollar" <larry0@...com>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect

Title: wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect
Author: Larry W. Cashdollar, @_larry0
Date: 2015-05-10
Download Site: https://wordpress.org/plugins/wow-moodboard-lite/
Vendor: mschot
Vendor Notified: 2015-05-19
Vendor Contact: https://profiles.wordpress.org/mschot/
Description: 
A mood board is a type of collage consisting of images, text, and samples of objects in a composition. They may be physical or digital, and can be "extremely effective" presentation tools.


Vulnerability:
wowproxy.php doesn’t require any authentication to the proxy images function.   Users can be misled to a malicious link
via this feature.

26 // Get the url of the image to be proxied
27 $url = ( isset( $_POST[ 'url' ] ) ) ? $_POST[ 'url' ] : ( isset( $_GET[ 'url    ' ] ) ? $_GET[ 'url' ] : false );

39 function proxyimages( $url )
40 {
41         header( "Location: ".$url );
42         exit;
43 }

CVEID: 2015-4070
OSVDB:122368
Exploit Code:
	• http://wp-site/wordpress/wp-content/plugins/wow-moodboard-lite/wowproxy.php?url=http://site_to_redirect
Advisory: http://www.vapid.dhs.org/advisory.php?v=120

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.