Add StoredXss mixin

rastating · rastating · commit 8f890da6d4ad · 2016-09-10T18:39:38.000+01:00
diff --git a/lib/wpxf/core.rb b/lib/wpxf/core.rb
@@ -29,6 +29,7 @@
 require 'wpxf/wordpress/xss'
 require 'wpxf/wordpress/reflected_xss'
 require 'wpxf/wordpress/staged_reflected_xss'
+require 'wpxf/wordpress/stored_xss'
 require 'wpxf/wordpress/shell_upload'
 require 'wpxf/wordpress/file_download'
 
diff --git a/lib/wpxf/wordpress/stored_xss.rb b/lib/wpxf/wordpress/stored_xss.rb
@@ -0,0 +1,56 @@
+# Provides reusable functionality for stored XSS modules.
+module Wpxf::WordPress::StoredXss
+  include Wpxf::WordPress::Xss
+
+  # Initialize a new instance of {StoredXss}.
+  def initialize
+    super
+    @success = false
+    @info[:desc] = 'This module stores a script in the target system that '\
+                   'will execute when an admin user views the vulnerable page, '\
+                   'which in turn, will create a new admin user to upload '\
+                   'and execute the selected payload in the context of the '\
+                   'web server.'
+  end
+
+  # @return [String] the URL or name of the page an admin user must view to execute the script.
+  def vulnerable_page
+    'a vulnerable page'
+  end
+
+  # Abstract method which must be implemented to store the XSS include script.
+  # @return [Wpxf::Net::HttpResponse] the HTTP response to the request to store the script.
+  def store_script
+    raise 'Required method "store_script" has not been implemented'
+  end
+
+  # Call #store_script and validate the response.
+  # @return [Boolea] return true if the script was successfully stored.
+  def store_script_and_validate
+    res = store_script
+
+    if res.nil?
+      emit_error 'No response from the target'
+      return false
+    end
+
+    return true if res.code == 200
+
+    emit_error "Server responded with code #{res.code}"
+    false
+  end
+
+  # Run the module.
+  # @return [Boolean] true if successful.
+  def run
+    return false unless super
+
+    emit_info 'Storing script...'
+    return false unless store_script_and_validate
+
+    emit_success "Script stored and will be executed when a user views #{vulnerable_page}"
+    start_http_server
+
+    xss_shell_success
+  end
+end
diff --git a/spec/wordpress/stored_xss_spec.rb b/spec/wordpress/stored_xss_spec.rb
@@ -0,0 +1,65 @@
+require_relative '../spec_helper'
+
+describe Wpxf::WordPress::StoredXss do
+  let(:subject) do
+    Class.new(Wpxf::Module) do
+      include Wpxf::WordPress::StoredXss
+    end.new
+  end
+
+  describe '#new' do
+    it 'sets up the desc key of the info store' do
+      desc = 'This module stores a script in the target system that '\
+             'will execute when an admin user views the vulnerable page, '\
+             'which in turn, will create a new admin user to upload '\
+             'and execute the selected payload in the context of the '\
+             'web server.'
+
+      expect(subject.module_desc).to eq desc
+    end
+  end
+
+  describe '#run' do
+    it 'starts a HTTP server if the module is configured properly' do
+      invoked = false
+      allow(subject).to receive(:start_http_server) do
+        invoked = true
+      end
+
+      allow(subject).to receive(:puts).and_return nil
+      allow(subject).to receive(:check_wordpress_and_online).and_return true
+      allow(subject).to receive(:store_script_and_validate).and_return true
+      subject.run
+      expect(invoked).to be true
+    end
+  end
+
+  describe '#store_script' do
+    it 'raises an error if the store_script method isn\'t implemented' do
+      expect { subject.store_script }.to raise_error(
+        'Required method "store_script" has not been implemented'
+      )
+    end
+  end
+
+  describe '#store_script_and_validate' do
+    it 'returns false if the response has a code !== 200' do
+      typhoeus_res = Typhoeus::Response.new
+      allow(typhoeus_res).to receive(:code).and_return(404)
+      allow(subject).to receive(:store_script).and_return(Wpxf::Net::HttpResponse.new(typhoeus_res))
+      expect(subject.store_script_and_validate).to be false
+    end
+
+    it 'returns false if the response is nil' do
+      allow(subject).to receive(:store_script).and_return(nil)
+      expect(subject.store_script_and_validate).to be false
+    end
+
+    it 'returns true if the response code is 200' do
+      typhoeus_res = Typhoeus::Response.new
+      allow(typhoeus_res).to receive(:code).and_return(200)
+      allow(subject).to receive(:store_script).and_return(Wpxf::Net::HttpResponse.new(typhoeus_res))
+      expect(subject.store_script_and_validate).to be true
+    end
+  end
+end
