WordPress WPtouch 3.7.5 - Open Redirect

What is "WordPress WPtouch 3.7.5 - Open Redirect"?

The "WordPress WPtouch 3.7.5 - Open Redirect" module is designed to detect an open redirect vulnerability in the WPtouch plugin for WordPress. WPtouch is a popular plugin that allows website owners to create mobile-friendly versions of their WordPress sites. This vulnerability can potentially allow attackers to redirect users to malicious websites.

This module has a medium severity level, indicating that it poses a moderate risk to affected websites.

This module was authored by r3Y3r53.

Impact

If exploited, the open redirect vulnerability in WPtouch 3.7.5 can be used by attackers to redirect users to malicious websites. This can lead to various consequences, such as phishing attacks, malware infections, or unauthorized data collection.

How does the module work?

The module sends a specific HTTP request to the target website, attempting to trigger the open redirect vulnerability. The request includes the parameter "wptouch_switch=desktop" and a redirect URL pointing to a potentially malicious website.

The module then checks the response headers of the target website's server to see if it contains a redirect to the specified URL. It uses a regular expression matcher to identify the presence of the redirect in the "Location" header.

For example, the module may send the following HTTP request:

GET /?wptouch_switch=desktop&redirect=http://interact.sh HTTP/1.1
Host: [target website]

If the response header contains a redirect to "http://interact.sh", the module will consider the vulnerability to be present.

It is important for website owners to address this vulnerability by updating to a patched version of WPtouch or implementing other security measures to prevent open redirects.

For more information, you can refer to the Packet Storm Security advisory.

Metadata:

- max-request: 1

- verified: true

- google-query: inurl:/wp-content/plugins/wptouch