WordPress WPtouch 3.x - Open Redirect

What is the "WordPress WPtouch 3.x - Open Redirect?" module?

The "WordPress WPtouch 3.x - Open Redirect" module is a test case designed to detect an open redirect vulnerability in the WordPress WPtouch plugin version 3.x. This plugin is used to create mobile-friendly versions of WordPress websites. The severity of this vulnerability is classified as medium.

This module was authored by 0x_Akoko.

Impact

An open redirect vulnerability allows an attacker to redirect a user to a malicious website by manipulating the redirect parameter in the plugin's URL. This can lead to various attacks, such as phishing attempts or the spreading of malware.

How does the module work?

The module sends a GET request to the WordPress website with a specific URL parameter. The request path includes the parameter "?wptouch_switch=desktop&redirect=https://interact.sh/". The module then checks the response headers for a specific regex pattern to determine if an open redirect vulnerability exists.

The matching condition in this module checks if the response header contains a "Location" header that redirects to a URL starting with "https://interact.sh/". If the condition is met, the module reports the vulnerability.

It's important to note that this module does not provide the actual JSON definitions used in the Vidoc platform. It serves as a description of the module's purpose and functionality.