rastating/wordpress-exploit-framework

View on GitHub

Showing 121 of 337 total issues

Method blocked_bots has 141 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def blocked_bots
    [
      'Abonti',
      'aggregator',
      'AhrefsBot',

    Method auto_complete_proc has a Cognitive Complexity of 20 (exceeds 5 allowed). Consider refactoring.
    Open

          def auto_complete_proc(input, list)
            res = nil
    
            # Nothing on this level, so return previous level.
            return res if list.keys.empty?
    Severity: Minor
    Found in lib/wpxf/cli/auto_complete.rb - About 2 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method form_fields has 62 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def form_fields
        {
          'event_status' => [1, 2, 5].sample,
          'event_contactperson_id' => -1,
          'event_seats' => 0,

      Method initialize has 57 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize
          super
      
          update_info(
            name: 'Participants Database <= 1.5.4.8 Shell Upload',

        Method run has a Cognitive Complexity of 17 (exceeds 5 allowed). Consider refactoring.
        Open

          def run
            return false unless super
        
            if !use_wordpress_authentication && !use_ec_authentication
              emit_error 'You must set either the username and password options or '\
        Severity: Minor
        Found in lib/wpxf/modules/exploit/shell/easy_cart_shell_upload.rb - About 2 hrs to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method stager has 56 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def stager
            %(
              <html>
              <head>
              </head>
        Severity: Major
        Found in lib/wpxf/modules/auxiliary/priv_esc/super_socializer_auth_bypass.rb - About 2 hrs to fix

          Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize
              super
          
              update_info(
                name: 'Long Password DoS',
          Severity: Major
          Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb - About 2 hrs to fix

            Method run has 51 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
                return false unless super
            
                if !use_wordpress_authentication && !use_ec_authentication
                  emit_error 'You must set either the username and password options or '\
            Severity: Major
            Found in lib/wpxf/modules/exploit/shell/easy_cart_shell_upload.rb - About 2 hrs to fix

              Method initialize has 50 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize
                  super
              
                  update_info(
                    name: 'MDC Private Message XSS Shell Upload',

                Method initialize has 47 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize
                    super
                
                    update_info(
                      name: 'EasyCart Shell Upload',
                Severity: Minor
                Found in lib/wpxf/modules/exploit/shell/easy_cart_shell_upload.rb - About 1 hr to fix

                  Method initialize has 46 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize
                      super
                  
                      update_info(
                        name: 'Admin Management Xtended XSS Shell Upload',

                    Method run has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def run
                        return false unless super
                    
                        @cookie = authenticate_with_wordpress(datastore['username'], datastore['password'])
                        return false unless @cookie

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method initialize has 43 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize
                        super
                    
                        update_info(
                          name: 'Content Audit <= 1.9.1 CSRF Stored XSS Shell Upload',

                      Method initialize has 42 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize
                          super
                      
                          update_info(
                            name: 'WordPress 4.7.0 - 4.7.1 Unauthenticated Content Injection',
                      Severity: Minor
                      Found in lib/wpxf/modules/auxiliary/misc/wp_v4.7.1_content_injection.rb - About 1 hr to fix

                        Method run has 41 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run
                            return false unless super
                        
                            @cookie = authenticate_with_wordpress(datastore['username'], datastore['password'])
                            return false unless @cookie

                          Method run has 41 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run
                              return false unless super
                          
                              cookie = authenticate_with_wordpress(username, password)
                              return false unless cookie
                          Severity: Minor
                          Found in lib/wpxf/modules/exploit/shell/photo_gallery_shell_upload.rb - About 1 hr to fix

                            Method run has 40 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def run
                                return false unless super
                            
                                listing = [{
                                  name: 'Name', type: 'Type'

                              Method page_script has 39 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def page_script
                                  func1 = Utility::Text.rand_alpha(rand(5..10))
                                  func2 = Utility::Text.rand_alpha(rand(5..10))
                                  %|
                                    debugger;

                                Method initialize has 39 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                    def initialize
                                      super
                                
                                      register_options([
                                        StringOption.new(
                                Severity: Minor
                                Found in lib/wpxf/payloads/reverse_tcp.rb - About 1 hr to fix

                                  Method run has 36 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def run
                                      return false unless super
                                  
                                      emit_info 'Preparing payload...'
                                      year = Time.new.year.to_s
                                  Severity: Minor
                                  Found in lib/wpxf/modules/exploit/shell/reflex_gallery_shell_upload.rb - About 1 hr to fix
                                    Severity
                                    Category
                                    Status
                                    Source
                                    Language