Method: Wpxf::Exploit::WptouchAuthenticatedShellUpload#initialize

Defined in:
lib/wpxf/modules/exploit/shell/wptouch_authenticated_shell_upload.rb

#initializeWptouchAuthenticatedShellUpload

Returns a new instance of WptouchAuthenticatedShellUpload.



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/wpxf/modules/exploit/shell/wptouch_authenticated_shell_upload.rb', line 6

def initialize
  super

  update_info(
    name: 'WPTouch Authenticated Shell Upload',
    desc: 'This module exploits a file upload vulnerability in versions '\
          '< 3.4.3 of the WPTouch plugin which allows authenticated users '\
          'of any level (e.g. subscriber) to upload and execute PHP scripts '\
          'in the context of the web server.',
    author: [
      'Marc-Alexandre Montpas', # Vulnerability discovery
      'rastating'               # WPXF module
    ],
    references: [
      ['URL', 'http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html'],
      ['WPVDB', '7118']
    ],
    date: 'Jul 14 2014'
  )
end