Module: Wpxf::WordPress::ReflectedXss
- Includes:
- Xss
- Included in:
- Auxiliary::Wp472CsrfDos, Exploit::AffiliateWPReflectedXssShellUpload, Exploit::AjaxRandomPostReflectedXssShellUpload, Exploit::AllInOneMigrationReflectedXssShellUpload, Exploit::AllInOneSchemaRichSnippetsReflectedXssShellUpload, Exploit::AntiPlagiarismReflectedXssShellUpload, Exploit::BackupGuardReflectedXssShellUpload, Exploit::BraftonContentImporterReflectedXssShellUpload, Exploit::BwsPanelReflectedXssShellUpload, Exploit::CalderaFormsV154XssShellUpload, Exploit::CodeSnippetsReflectedXssShellUpload, Exploit::ConcoursReflectedXssShellUpload, Exploit::ConnectionsReflectedXssShellUpload, Exploit::CsvImportExportReflectedXssShellUpload, Exploit::CustomMapReflectedXssShellUpload, Exploit::CustomMetasReflectedXssShellUpload, Exploit::CustomPermalinksReflectedXssShellUpload, Exploit::DefaOnlineImageProtectorReflectedXssShellUpload, Exploit::DownloadManagerReflectedXssShellUpload, Exploit::EasyContactFormBuilderReflectedXssShellUpload, Exploit::EmagMarketplaceConnectorXssShellUpload, Exploit::EnhancedTooltipGlossaryReflectedXssShellUpload, Exploit::FormbuilderReflectedXssShellUpload, Exploit::GdRatingSystemReflectedXssShellUpload, Exploit::GoogleMapsReflectedXssShellUpload, Exploit::GravityFormsV191511ReflectedXssShellUpload, Exploit::HdwTubeReflectedXssShellUpload, Exploit::HeroMapsProReflectedXssShellUpload, Exploit::IndexistoReflectedXssShellUpload, Exploit::InfusionsoftReflectedXssShellUpload, Exploit::InstalinkerReflectedXssShellUpload, Exploit::LinkLibraryReflectedXssShellUpload, Exploit::MagicFieldsReflectedXssShellUpload, Exploit::MailchimpForWpReflectedXssShellUpload, Exploit::MailpoetNewslettersV272ReflectedXssShellUpload, Exploit::MinimaxPageLayoutBuilderReflectedXssShellUpload, Exploit::MsmcRedirectAfterCommentReflectedXssShellUpload, Exploit::NewYearFireworkReflectedXssShellUpload, Exploit::NinjaFormsReflectedXssShellUpload, Exploit::NoExternalLinksReflectedXssShellUpload, Exploit::OcimMp3ReflectedXssShellUpload, Exploit::PhotoGalleryReflectedXssShellUpload, Exploit::PondolFormToMailReflectedXssShellUpload, Exploit::PootleButtonReflectedXssShellUpload, Exploit::PopcashIntegrationXssShellUpload, Exploit::PopupMakerReflectedXssShellUpload, Exploit::RegistrationMagicReflectedXssShellUpload, Exploit::ResponsiveLightboxReflectedXssShellUpload, Exploit::SimpelReserverenReflectedXssShellUpload, Exploit::SimpleSlideshowManagerReflectedXssShellUpload, Exploit::SlideshowGalleryReflectedXssShellUpload, Exploit::SocialPugReflectedXssShellUpload, Exploit::SpiffyCalendarReflectedXssShellUpload, Exploit::SplashingImagesReflectedXssShellUpload, Exploit::TidioGalleryReflectedXssShellUpload, Exploit::TrackingCodeManagerReflectedXssShellUpload, Exploit::TribulantNewsletterReflectedXssShellUpload, Exploit::TribulantSlideshowGalleryReflectedXssShellUpload, Exploit::TwoKbAmazonAffiliatesStoreReflectedXssShellUpload, Exploit::UltimateFormBuilderLiteReflectedXssShellUpload, Exploit::UserAccessManagerReflectedXssShellUpload, Exploit::UserLoginHistoryReflectedXssShellUpload, Exploit::W3TotalCacheReflectedXssShellUpload, Exploit::WangGuardReflectedXssShellUpload, Exploit::WhizzReflectedXssShellUpload, Exploit::WpLiveChatSupportReflectedXssShellUpload, Exploit::WpMailsterReflectedXssShellUpload, Exploit::WpMembersReflectedXssShellUpload, Exploit::WpRetina2xReflectedXssShellUpload, Exploit::WpStatistics1209ReflectedXssShellUpload, Exploit::WpStatisticsReflectedXssShellUpload, Exploit::WpWhoisDomainReflectedXssShellUpload, Exploit::WpsolrReflectedXssShellUpload, Exploit::YoastSeoXssShellUpload, Exploit::ZurlPreviewReflectedXssShellUpload, StagedReflectedXss
- Defined in:
- lib/wpxf/wordpress/reflected_xss.rb
Overview
Provides reusable functionality for reflected XSS modules.
Instance Method Summary collapse
-
#initialize ⇒ Object
Initialize a new instance of ReflectedXss.
-
#run ⇒ Boolean
Run the module.
Methods included from Xss
#on_http_request, #upload_shell, #wordpress_js_create_user, #xss_ascii_encoded_include_script, #xss_host, #xss_include_script, #xss_path, #xss_shell_success, #xss_url, #xss_url_and_ascii_encoded_include_script
Methods included from Plugin
#fetch_plugin_upload_nonce, #generate_wordpress_plugin_header, #upload_payload_as_plugin, #upload_payload_as_plugin_and_execute
Methods included from Net::HttpServer
#http_server_bind_address, #http_server_bind_port, #http_server_thread, #js_ajax_download, #js_ajax_post, #js_post, #on_http_request, #start_http_server, #stop_http_server
Methods included from Wpxf
app_path, build_module_list, change_stdout_sync, custom_modules_path, data_directory, databases_path, gemspec, home_directory, load_custom_modules, load_module, modules_path, payloads_path, version
Instance Method Details
#initialize ⇒ Object
Initialize a new instance of Wpxf::WordPress::ReflectedXss.
8 9 10 11 12 13 14 15 16 17 18 19 20 |
# File 'lib/wpxf/wordpress/reflected_xss.rb', line 8 def initialize super @success = false _update_info_without_validation( desc: %( This module prepares a payload and link that can be sent to an admin user which when visited with a valid session will create a new admin user which will be used to upload and execute the selected payload in the context of the web server. ) ) end |
#run ⇒ Boolean
Run the module.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/wpxf/wordpress/reflected_xss.rb', line 24 def run unless respond_to? 'url_with_xss' raise 'Required method "url_with_xss" has not been implemented' end return false unless super return true if aux_module? emit_info 'Provide the URL below to the victim to begin the payload upload' puts puts url_with_xss puts start_http_server @success end |