Class: Ronin::Exploits::XSS

Inherits:
ClientSideWebVuln show all
Includes:
Mixins::HTML
Defined in:
lib/ronin/exploits/xss.rb

Overview

Represents a Cross Site Scripting (XSS) exploit.

Example

require 'ronin/exploits/xss'

module Ronin
  module Exploits
    class MyExploit < XSS

      register 'my_exploit'

      base_path '/path/to/page.php'
      query_param 'title'

    end
  end
end

Since:

  • 1.0.0

Constant Summary

Constants included from Mixins::HTTP

Mixins::HTTP::HTTP_USER_AGENT_ALIASES

Instance Attribute Summary

Attributes included from Mixins::HasPayload

#payload

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Mixins::HTML

#attr, #attr_list, #attr_name, #tag, #tag_name

Methods inherited from ClientSideWebVuln

#format_exploit, #launch

Methods inherited from WebVuln

base_path, cookie, #cookie, cookie_param, form_data, #form_data, form_param, header_name, headers, #headers, query_param, referer, #referer, request_method, #test, #url, #web_vuln_kwargs

Methods included from Mixins::HasPayload

included, #perform_build, #perform_cleanup, #perform_launch, #perform_validate

Methods included from Mixins::HTTP

#http, #http_allowed_methods, #http_cookie, #http_copy, #http_delete, #http_get, #http_get_body, #http_get_cookies, #http_get_headers, #http_head, #http_headers, #http_lock, #http_mkcol, #http_move, #http_ok?, #http_options, #http_password, #http_patch, #http_post, #http_post_body, #http_post_headers, #http_powered_by_header, #http_propfind, #http_proppatch, #http_proxy, #http_put, #http_request, #http_response_body, #http_response_headers, #http_response_status, #http_server_header, #http_trace, #http_unlock, #http_user, #http_user_agent, included

Methods inherited from Exploit

#NotVulnerable, #Unknown, #Vulnerable, advisories, advisory, #build, #cleanup, disclosed?, disclosure_date, exploit, #exploit, #fail, #launch, #perform_build, #perform_cleanup, #perform_launch, #perform_test, #perform_validate, quality, register, release_date, released?, software, software_versions, #test, #validate

Constructor Details

#initialize(payload: Payloads::Test::XSS.new, **kwargs) ⇒ XSS

Initializes the XSS exploit and defaults the Mixins::HasPayload#payload to a XSS test payload.

Parameters:

  • payload (Ronin::Payloads::JavaScriptPayload, String, nil) (defaults to: Payloads::Test::XSS.new)

    The payload to use.

Since:

  • 1.0.0



74
75
76
 
# File 'lib/ronin/exploits/xss.rb', line 74

def initialize(payload: Payloads::Test::XSS.new, **kwargs)
  super(payload: payload, **kwargs)
end

Class Method Details

.exploit_typeSymbol

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This is used internally to map an exploit class to a printable type.

Returns the type or kind of exploit.

Returns:

  • (Symbol)

Since:

  • 1.0.0



88
89
90
 
# File 'lib/ronin/exploits/xss.rb', line 88

def self.exploit_type
  :xss
end

Instance Method Details

#vulnRonin::Vulns::ReflectedXSS

The XSS vulnerability to exploit.

Returns:

  • (Ronin::Vulns::ReflectedXSS)

Since:

  • 1.0.0



97
98
99
 
# File 'lib/ronin/exploits/xss.rb', line 97

def vuln
  @vuln ||= Vulns::ReflectedXSS.new(url,**web_vuln_kwargs)
end