P.L.SANU

Cyber Security Engineer

Information Security Analyst

Security Researcher

Full Stack Developer

P.L.SANU

Cyber Security Engineer

Information Security Analyst

Security Researcher

Full Stack Developer

Blog Post

LetterPress <= 1.2.1 – Open Redirection Via Html Injection Vulnerability

Exploit Title: LetterPress <= 1.2.1 – Open Redirection Via Html Injection Vulnerability

Exploit Author: P.L.Sanu
CVE:
CVSS:
References: https://github.com/plsanu/LetterPress-1.2.1-Open-Redirection-Via-Html-Injection-Vulnerability

Description:
In LetterPress plugin <= 1.2.1 is vulnerable to Html Injection Vulnerability which can futher leads to Open Redirection Vulnerabilty.

Exploit:
1. In LetterPress plugin navigate to Add Campaign and insert the code “<a href=http://evil.com>CLICK THIS</a>” in HTML Campaign Message input field and click on Save Campaign.
2. View the campaign and click on “CLICK THIS” hyperlink it will redirect to the 3rdparty site. (Ex:evil.com)

Write a comment