Latest YouTube Video

Sunday, July 5, 2015

[FD] Open redirect vulnerability in StageShow Wordpress plugin v5.0.8

# Title: Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 # Submitter: Nitin Venkatesh # Product: StageShow Wordpress Plugin # Product URL: http://ift.tt/1ICYmfd # Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect') [CWE-601] # Affected Versions: v5.0.8 and possibly below # Tested Version: v5.0.8 # Fixed Version: v5.0.9 # Link to source code diff: http://ift.tt/1Ten1df # Link to changelog: http://ift.tt/1ICYmfh # CVE Status: None/Unassigned/Fresh ## Product Information StageShow adds the facility for an online Box-Office for Small Theatres/Drama Groups, records sales, validates tickets and provides sales downloads. ## Vulnerability Description Open redirect vulnerability in stageshow_redirect.php file using url parameter ## Vulnerable Source Code 31 $url = urldecode($_GET['url']); .. 34 Redirect($url, true); 35 36 function Redirect($url, $permanent = false) 37 { 38 header('Location: ' . $url, true, $permanent ? 301 : 302); 39 die; 40 } ## Proof of Concept Sample exploit GET request: GET /wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2F2buntu.com ## Solution: Upgrade to v5.0.9 ## Disclosure Timeline: 2015-05-19 - Discovered. Contacted developer on forums 2015-05-20 - Report mailed to developer 2015-05-21 - Update v5.0.9 released 2015-07-05 - Publishing disclosure to FD mailing list ## Disclaimer: This disclosure is purely meant for educational purposes. I will in no way be responsible as to how the information in this disclosure is used.

Source: Gmail -> IFTTT-> Blogger

No comments: