Module: Wpxf::WordPress::StoredXss

Includes:

Xss

Defined in:

lib/wpxf/wordpress/stored_xss.rb

Overview

Provides reusable functionality for stored XSS modules.

Instance Method Summary

• #before_store ⇒ Boolean

  Execute all tasks required before storing the script.

• #expected_status_code_after_store ⇒ Number

  The status code that is expected after storing the script.

• #initialize ⇒ Object

  Initialize a new instance of StoredXss.

• #run ⇒ Boolean

  Run the module.

• #store_script ⇒ Wpxf::Net::HttpResponse

  Abstract method which must be implemented to store the XSS include script.

• #store_script_and_validate ⇒ Boolean

  Call #store_script and validate the response.

• #vulnerable_page ⇒ String

  The URL or name of the page an admin user must view to execute the script.

Methods included from Xss

#on_http_request, #upload_shell, #wordpress_js_create_user, #xss_ascii_encoded_include_script, #xss_host, #xss_include_script, #xss_path, #xss_shell_success, #xss_url, #xss_url_and_ascii_encoded_include_script

Methods included from Plugin

#fetch_plugin_upload_nonce, #generate_wordpress_plugin_header, #upload_payload_as_plugin, #upload_payload_as_plugin_and_execute

Methods included from Net::HttpServer

#http_server_bind_address, #http_server_bind_port, #http_server_thread, #js_ajax_download, #js_ajax_post, #js_post, #on_http_request, #start_http_server, #stop_http_server

Instance Method Details

#before_store ⇒ Boolean

Execute all tasks required before storing the script.

Returns:

• (Boolean) —

  return true if the prerequisite actions were successfully executed.

# File 'lib/wpxf/wordpress/stored_xss.rb', line 51

def before_store
  true
end

#expected_status_code_after_store ⇒ Number

Returns The status code that is expected after storing the script.

Returns:

• (Number) —

  The status code that is expected after storing the script.

# File 'lib/wpxf/wordpress/stored_xss.rb', line 56

def expected_status_code_after_store
  200
end

#initialize ⇒ Object

Initialize a new instance of Wpxf::WordPress::StoredXss.

# File 'lib/wpxf/wordpress/stored_xss.rb', line 8

def initialize
  super
  @success = false
  _update_info_without_validation(
    desc: %(
      This module stores a script in the target system that
      will execute when an admin user views the vulnerable page,
      which in turn, will create a new admin user to upload
      and execute the selected payload in the context of the
      web server.
    )
  )
end

#run ⇒ Boolean

Run the module.

Returns:

• (Boolean) —

  true if successful.

# File 'lib/wpxf/wordpress/stored_xss.rb', line 62

def run
  return false unless super && before_store

  emit_info 'Storing script...'
  return false unless store_script_and_validate

  emit_success "Script stored and will be executed when a user views #{vulnerable_page}"
  start_http_server

  xss_shell_success
end

#store_script ⇒ Wpxf::Net::HttpResponse

Abstract method which must be implemented to store the XSS include script.

Returns:

• (Wpxf::Net::HttpResponse) —

  the HTTP response to the request to store the script.

# File 'lib/wpxf/wordpress/stored_xss.rb', line 29

def store_script
  raise 'Required method "store_script" has not been implemented'
end

#store_script_and_validate ⇒ Boolean

Call #store_script and validate the response.

Returns:

• (Boolean) —

  return true if the script was successfully stored.

# File 'lib/wpxf/wordpress/stored_xss.rb', line 35

def store_script_and_validate
  res = store_script

  if res.nil?
    emit_error 'No response from the target'
    return false
  end

  return true if res.code == expected_status_code_after_store

  emit_error "Server responded with code #{res.code}"
  false
end

#vulnerable_page ⇒ String

Returns the URL or name of the page an admin user must view to execute the script.

Returns:

• (String) —

  the URL or name of the page an admin user must view to execute the script.

# File 'lib/wpxf/wordpress/stored_xss.rb', line 23

def vulnerable_page
  'a vulnerable page'
end