Land rapid7#3941, new WPVDB reference

wvu · wvu · commit f7e709dcb37e · 2014-10-03T10:17:02.000-05:00
diff --git a/lib/msf/core/module/reference.rb b/lib/msf/core/module/reference.rb
@@ -93,21 +93,23 @@ def initialize(in_ctx_id = 'Unknown', in_ctx_val = '')
     self.ctx_val = in_ctx_val
 
     if (in_ctx_id == 'OSVDB')
-      self.site = 'http://www.osvdb.org/' + in_ctx_val.to_s
+      self.site = "http://www.osvdb.org/#{in_ctx_val}"
     elsif (in_ctx_id == 'CVE')
-      self.site = "http://cvedetails.com/cve/#{in_ctx_val.to_s}/"
+      self.site = "http://cvedetails.com/cve/#{in_ctx_val}/"
     elsif (in_ctx_id == 'CWE')
-      self.site = "http://cwe.mitre.org/data/definitions/#{in_ctx_val.to_s}.html"
+      self.site = "http://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
     elsif (in_ctx_id == 'BID')
-      self.site = 'http://www.securityfocus.com/bid/' + in_ctx_val.to_s
+      self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"
     elsif (in_ctx_id == 'MSB')
-      self.site = 'http://technet.microsoft.com/en-us/security/bulletin/' + in_ctx_val.to_s
+      self.site = "http://technet.microsoft.com/en-us/security/bulletin/#{in_ctx_val}"
     elsif (in_ctx_id == 'EDB')
-      self.site = 'http://www.exploit-db.com/exploits/' + in_ctx_val.to_s
+      self.site = "http://www.exploit-db.com/exploits/#{in_ctx_val}"
     elsif (in_ctx_id == 'US-CERT-VU')
-      self.site = 'http://www.kb.cert.org/vuls/id/' + in_ctx_val.to_s
+      self.site = "http://www.kb.cert.org/vuls/id/#{in_ctx_val}"
     elsif (in_ctx_id == 'ZDI')
-      self.site = 'http://www.zerodayinitiative.com/advisories/ZDI-' + in_ctx_val.to_s
+      self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"
+    elsif (in_ctx_id == 'WPVDB')
+      self.site = "https://wpvulndb.com/vulnerabilities/#{in_ctx_val}"
     elsif (in_ctx_id == 'URL')
       self.site = in_ctx_val.to_s
     else
diff --git a/modules/auxiliary/admin/http/wp_custom_contact_forms.rb b/modules/auxiliary/admin/http/wp_custom_contact_forms.rb
@@ -25,7 +25,8 @@ def initialize(info = {})
       'References'     =>
         [
           [ 'URL', 'http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html' ],
-          [ 'URL', 'https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.3&old=997569&new_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.4&new=997569&sfp_email=&sfph_mail=' ]
+          [ 'URL', 'https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.3&old=997569&new_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.4&new=997569&sfp_email=&sfph_mail=' ],
+          [ 'WPVDB', '7542' ]
         ],
       'DisclosureDate' => 'Aug 07 2014'
       ))
diff --git a/modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb b/modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb
@@ -29,7 +29,8 @@ def initialize(info = {})
           ['URL', 'http://wordpress.org/news/2014/08/wordpress-3-9-2/'],
           ['URL', 'http://www.breaksec.com/?p=6362'],
           ['URL', 'http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/'],
-          ['URL', 'https://core.trac.wordpress.org/changeset/29404']
+          ['URL', 'https://core.trac.wordpress.org/changeset/29404'],
+          ['WPVDB', '7526']
         ],
       'DisclosureDate'=> 'Aug 6 2014'
     ))
diff --git a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb
@@ -25,7 +25,8 @@ def initialize
       'References'    =>
         [
           ['OSVDB', '88744'],
-          ['URL', 'http://seclists.org/fulldisclosure/2012/Dec/242']
+          ['URL', 'http://seclists.org/fulldisclosure/2012/Dec/242'],
+          ['WPVDB', '6621']
         ],
       'Author'        =>
         [
diff --git a/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb b/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb
@@ -32,7 +32,13 @@ def initialize(info={})
           ['BID',   '37314'],
           ['CVE',   '2009-4140'],
           ['OSVDB', '59051'],
-          ['EDB',   '10532']
+          ['EDB',   '10532'],
+          ['WPVDB', '6787'],
+          ['WPVDB', '6788'],
+          ['WPVDB', '6789'],
+          ['WPVDB', '6790'],
+          ['WPVDB', '6791'],
+          ['WPVDB', '6792']
         ],
       'Payload'        =>
         {
diff --git a/modules/exploits/unix/webapp/php_wordpress_foxypress.rb b/modules/exploits/unix/webapp/php_wordpress_foxypress.rb
@@ -31,7 +31,8 @@ def initialize(info = {})
         [
           ['EDB', '18991'],
           ['OSVDB' '82652'],
-          ['BID', '53805']
+          ['BID', '53805'],
+          ['WPVDB', '6231']
         ],
       'Privileged'     => false,
       'Platform'       => 'php',
diff --git a/modules/exploits/unix/webapp/php_wordpress_lastpost.rb b/modules/exploits/unix/webapp/php_wordpress_lastpost.rb
@@ -27,16 +27,17 @@ def initialize(info = {})
           ['CVE', '2005-2612'],
           ['OSVDB', '18672'],
           ['BID', '14533'],
+          ['WPVDB', '6034']
         ],
       'Privileged'     => false,
       'Payload'        =>
         {
           'DisableNops' => true,
           'Compat'      =>
             {
-              'ConnectionType' => 'find',
+              'ConnectionType' => 'find'
             },
-          'Space'       => 512,
+          'Space'       => 512
         },
       'Platform'       => 'php',
       'Arch'           => ARCH_PHP,
diff --git a/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb b/modules/exploits/unix/webapp/php_wordpress_optimizepress.rb
@@ -29,7 +29,8 @@ def initialize(info = {})
       'License'         => MSF_LICENSE,
       'References'      =>
         [
-          [ 'URL', "http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/" ]
+          [ 'URL', "http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/" ],
+          [ 'WPVDB', '7441' ]
         ],
       'Privileged'      => false,
       'Platform'        => ['php'],
diff --git a/modules/exploits/unix/webapp/php_wordpress_total_cache.rb b/modules/exploits/unix/webapp/php_wordpress_total_cache.rb
@@ -38,7 +38,8 @@ def initialize(info = {})
           [ 'OSVDB', '92652' ],
           [ 'BID', '59316' ],
           [ 'URL', 'http://wordpress.org/support/topic/pwn3d' ],
-          [ 'URL', 'http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/' ]
+          [ 'URL', 'http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/' ],
+          [ 'WPVDB', '6622' ]
         ],
       'Privileged'     => false,
       'Platform'       => ['php'],
diff --git a/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb b/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb
@@ -23,22 +23,23 @@ def initialize(info = {})
       },
       'Author'         =>
         [
-          'Charlie Eriksen <charlie[at]ceriksen.com>',
+          'Charlie Eriksen <charlie[at]ceriksen.com>'
         ],
       'License'        => MSF_LICENSE,
       'References'     =>
         [
           ['OSVDB', '87353'],
           ['URL', 'http://secunia.com/advisories/51037/'],
+          ['WPVDB', '6103']
         ],
       'Privileged'     => false,
       'Payload'        =>
         {
           'DisableNops' => true,
           'Compat'      =>
             {
-              'ConnectionType' => 'find',
-            },
+              'ConnectionType' => 'find'
+            }
         },
       'Platform'       => 'php',
       'Arch'           => ARCH_PHP,
diff --git a/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb
@@ -31,7 +31,8 @@ def initialize(info = {})
           ['OSVDB', '82653'],
           ['BID', '53809'],
           ['EDB', '18993'],
-          ['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html']
+          ['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html'],
+          ['WPVDB', '6106']
         ],
       'Platform'       => 'php',
       'Arch'           => ARCH_PHP,
diff --git a/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb b/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb
@@ -34,6 +34,7 @@ def initialize(info = {})
           ['CVE', '2012-4915'],
           ['OSVDB', '88891'],
           ['URL', 'http://secunia.com/advisories/50832'],
+          ['WPVDB', '6073']
         ],
       'Privileged'     => false,
       'Payload'        =>
diff --git a/modules/exploits/unix/webapp/wp_property_upload_exec.rb b/modules/exploits/unix/webapp/wp_property_upload_exec.rb
@@ -31,7 +31,8 @@ def initialize(info = {})
           ['OSVDB', '82656'],
           ['BID', '53787'],
           ['EDB', '18987'],
-          ['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html']
+          ['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html'],
+          ['WPVDB', '6225']
         ],
       'Platform'       => 'php',
       'Arch'		     => ARCH_PHP,
diff --git a/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb b/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb
@@ -34,7 +34,8 @@ def initialize(info = {})
       'License'        => MSF_LICENSE,
       'References'     =>
         [
-          ['URL', 'http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html']
+          ['URL', 'http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html'],
+          ['WPVDB', '7118']
         ],
       'Privileged'     => false,
       'Platform'       => ['php'],
diff --git a/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb b/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb
@@ -38,7 +38,8 @@ def initialize(info = {})
         [
           ['URL', 'http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html'],
           ['URL', 'http://www.mailpoet.com/security-update-part-2/'],
-          ['URL', 'https://plugins.trac.wordpress.org/changeset/943427/wysija-newsletters/trunk/helpers/back.php']
+          ['URL', 'https://plugins.trac.wordpress.org/changeset/943427/wysija-newsletters/trunk/helpers/back.php'],
+          ['WPVDB', '6680']
         ],
       'Privileged'     => false,
       'Platform'       => ['php'],

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,8 @@ def initialize`
`25`	`25`	`'References' =>`
`26`	`26`	`[`
`27`	`27`	`['OSVDB', '88744'],`
`28`		`- ['URL', 'http://seclists.org/fulldisclosure/2012/Dec/242']`
	`28`	`+ ['URL', 'http://seclists.org/fulldisclosure/2012/Dec/242'],`
	`29`	`+ ['WPVDB', '6621']`
`29`	`30`	`],`
`30`	`31`	`'Author' =>`
`31`	`32`	`[`