L O A D I N G

LetterPress <= 1.2.1 – Open Redirection Via Html Injection Vulnerability

Home > Blog > CVE > LetterPress <= 1.2.1 –...
By SANU P.L January 31, 2024 No Comments

Exploit Title: LetterPress <= 1.2.1 – Open Redirection Via Html Injection Vulnerability

Exploit Author: P.L.Sanu
CVE:
CVSS:
References: https://github.com/plsanu/LetterPress-1.2.1-Open-Redirection-Via-Html-Injection-Vulnerability

Description:
In LetterPress plugin <= 1.2.1 is vulnerable to Html Injection Vulnerability which can futher leads to Open Redirection Vulnerabilty.

Exploit:
1. In LetterPress plugin navigate to Add Campaign and insert the code “<a href=http://evil.com>CLICK THIS</a>” in HTML Campaign Message input field and click on Save Campaign.
2. View the campaign and click on “CLICK THIS” hyperlink it will redirect to the 3rdparty site. (Ex:evil.com)