metadata setup

2018-07-25 11:29:47 -05:00 · 2018-07-25 11:29:47 -05:00 · 668bcb38cb
parent 6882831bed
commit 668bcb38cb
1 changed files with 56 additions and 0 deletions
--- a/modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rb
+++ b/modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rb
@ -0,0 +1,56 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = NormalRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "WordPress Responsive Thumbnail Slider Arbitrary File Upload",
+      'Description'    => %q{
+        Say something that the user might need to know
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         => [ 'Arash Khazaei', # EDB PoC
+                            'Shelby Pace'    # Metasploit Module
+                          ],
+      'References'     =>
+        [
+          [ 'EDB', '37998' ]
+        ],
+      'Platform'       => 'php',
+      'Arch'           => ARCH_PHP,
+      'Targets'        =>
+        [
+          [ 'Responsive Thumbnail Slider Plugin v1.0', { } ]
+        ],
+      'Payload'        =>
+        {
+          'BadChars' => "\x00"
+        },
+      'Privileged'     => false,
+      'DisclosureDate' => "Aug 28 2015",
+      'DefaultTarget'  => 0))
+
+    register_options(
+      [
+        OptString.new('TARGETURI', [ true, "Base path for WordPress", '/' ]),
+        OptString.new('USERNAME', [ true, "Username to authenticate with", 'admin' ]),
+        OptString.new('PASSWORD', [ false, "Password to authenticate with", '' ])
+      ])
+  end
+
+  def check
+  end
+
+  # log into Wordpress
+  # access 'manage images' page
+  # upload file
+  def exploit
+  end
+
+end