Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WordPress - Adds auth_key to Plugin, Use SecureRandom and Fixes fatal error when plugin file called directly

Browse Source
This commit is contained in:
erwanlr
2019-10-27 00:09:39 +02:00
parent 151976176a
commit b6d338d334
6 changed files with 45 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/misc/wordpress/wordpress_command.rb
View File

@@ -5,6 +5,8 @@
# Author Erwan LR (@erwan_lr | WPScanTeam) - https://wpscan.org/
#
require 'securerandom'
class WordPressCommand < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/misc/wordpress/wp.js', '/wp', 'js')
@@ -13,7 +15,7 @@ class WordPressCommand < BeEF::Core::Command
# If we could retrive the hooked URL, we could try to determine the wp_path to be set below
def self.options
[
{ 'name' => 'wp_path', 'ui_label' => 'WordPress Path', 'value' => '/' }
{ 'name' => 'wp_path', 'ui_label' => 'WordPress Path', 'value' => '/wordpress-5.2.4/' }
]
end