====================================================================================================================================
# Title : WordPress -WPtouch 3.8.2 Open Redirect Vulnerability
# Author : indoushka
# Tested on : windows 10 Francais V.(Pro) / browser : Mozilla firefox 66.0(64-bit)
| # Vendor : https://wordpress.org/plugins/wptouch/ |
| # Dork : wp-content/plugins/wptouch/ |
====================================================================================================================================
P0C :
== Description ==
WPtouch, a WordPress mobile plugin that adds an elegant and simple mobile theme to your WordPress site for visitors on the go, is WPtouch.
After activating the plugin, you can set it up so that the visitor is able to see it on the browser of their choice.
However, plugins allow you to change the display from a desktop to one connected to your mobile device.
Converting via desktop browsing is not possible.
However, it’s possible if the payload is used.
Remote access to this URL Redirection vulnerability is possible
Hackers redirect victims to untrusted websites to launch phishing attacks
[+] Searching In Google Or Other Search Engines.
[+] Use payload : /?wptouch_switch=desktop&redirect=https://packetstormsecurity.com/&nonce=e9c03107dd
[+] http://127.0.0.1/pepsynet/?wptouch_switch=desktop&redirect=https://packetstormsecurity.com/&nonce=e9c03107dd
Greetings to :=========================================================================================================================
=======================================================================================================================================
