WordPress WPtouch 1.9.32 URL Redirect

2011-07-25T00:00:00
ID PACKETSTORM:103356
Type packetstorm
Reporter MaKyOtOx
Modified 2011-07-25T00:00:00

Description

                                        
                                            `# Exploit Title: 0-Day WPtouch WordPress Plugin 1.9.32 URL redirection  
# Google Dork: intext:"Powered by Wordpress + WPtouch" (with iphone/android User-Agent)  
# Author: MaKyOtOx (special pwet to ansx & Zizounette & antrhacks for  
#bitcoin)  
# Date: 25/07/2011  
# Software Link: http://wordpress.org/extend/plugins/wptouch/  
# Version: 1.9.32 (not tested on previous versions)  
# Tested on: WhatEver OS  
# CVE : 0-Day  
  
OK, a nonce has been recently added. Then, the new URL redirection flaw is  
in 2 steps :  
First, click on  
http://victim.be/?wptouch_view=mobile&wptouch_redirect=.attaquer.com, it  
will reload the page with seemingly no effect.  
Then, click on the switch mobile theme button [ON/OFF] in every page footer,  
it will redirect to http://victim.be.attacker-site.com :)  
  
Love.  
`