rastating/wordpress-exploit-framework

View on GitHub

Showing 121 of 338 total issues

Method initialize has 36 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize
    super

    update_info(
      name: 'WordPress "load-scripts.php" DoS',
Severity: Minor
Found in lib/wpxf/modules/auxiliary/dos/load_scripts_dos.rb - About 1 hr to fix

    Function ajax_download has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
    Open

    function ajax_download(oArg) {
      if (!oArg.method) { oArg.method = "GET"; }
      if (!oArg.path)   { throw "Missing parameter 'path'"; }
      if (!oArg.data)   { oArg.data = null; }
    
    
    Severity: Minor
    Found in data/js/ajax_download.js - About 1 hr to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method vulnerable_url has 35 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def vulnerable_url
        normalize_uri(
          full_uri,
          'wp-admin',
          'load-scripts.php?c=1&load%5B%5D=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,'\
    Severity: Minor
    Found in lib/wpxf/modules/auxiliary/dos/load_scripts_dos.rb - About 1 hr to fix

      Method initialize has 34 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize
          super
      
          update_info(
            name: 'Duplicator <= 1.1.3 CSRF Database Export',

        Method initialize has 34 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize
            super
        
            update_info(
              name: 'Email Users <= 4.8.3 CSRF Bulk Mail',
        Severity: Minor
        Found in lib/wpxf/modules/auxiliary/misc/email_users_csrf_bulk_mail.rb - About 1 hr to fix

          Method run has 34 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run
              return false unless super
          
              emit_info 'Validating SQL...'
              unless valid_query?
          Severity: Minor
          Found in lib/wpxf/modules/auxiliary/misc/simple_ads_manager_sql_injection.rb - About 1 hr to fix

            Method initialize has 34 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize
                super
            
                update_info(
                  name: 'Ultimate Member <= 1.3.75 Shell Upload',
            Severity: Minor
            Found in lib/wpxf/modules/exploit/shell/ultimate_member_shell_upload.rb - About 1 hr to fix

              Method run has 34 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run
                  return false unless super
              
                  emit_info 'Preparing payload...'
                  payload_name = "#{Utility::Text.rand_alpha(rand(5..10))}.php"

                Method initialize has 33 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize
                    super
                
                    update_info(
                      name: 'Fast Image Adder <= 1.1 RFI Shell Upload',

                  Method initialize has 33 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize
                      super
                  
                      update_info(
                        name: 'Flickr Picture Backup RFI Shell Upload',

                    Method run has 33 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def run
                        return false unless super
                    
                        if should_validate_user?
                          emit_info "Checking if user \"#{username}\" exists..."
                    Severity: Minor
                    Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb - About 1 hr to fix

                      Method initial_script has 33 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initial_script
                          create_basic_post_script(
                            vulnerable_url,
                            'widget_container' => 'margin: 0 0 15px 0;',
                            'widget_title' => 'font-size: 1.6em;&#13;font-weight: bold;',

                        Method run has 32 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run
                            super
                            return false unless check_wordpress_and_online
                        
                            emit_info 'Preparing payload...'
                        Severity: Minor
                        Found in lib/wpxf/modules/exploit/shell/revslider_shell_upload.rb - About 1 hr to fix

                          Method initial_script has 32 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initial_script
                              create_basic_post_script(
                                vulnerable_url,
                                'light_box_style' => '1',
                                'light_box_transition' => 'elastic',

                            Method initialize has 32 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize
                                super
                            
                                update_info(
                                  name: 'WooCommerce Amazon Affiliates < v9 Unauthenticated Shell Upload',

                              Method run has 32 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
                                  return false unless super
                              
                                  emit_info 'Preparing payload...'
                                  theme_name = Utility::Text.rand_alpha(rand(5..10))
                              Severity: Minor
                              Found in lib/wpxf/modules/exploit/shell/mailpoet_newsletters_shell_upload.rb - About 1 hr to fix

                                Method run has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
                                Open

                                  def run
                                    return false unless super
                                    return false unless before_upload
                                
                                    emit_info 'Preparing payload...'
                                Severity: Minor
                                Found in lib/wpxf/wordpress/shell_upload.rb - About 1 hr to fix

                                Cognitive Complexity

                                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                A method's cognitive complexity is based on a few simple rules:

                                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                • Code is considered more complex for each "break in the linear flow of the code"
                                • Code is considered more complex when "flow breaking structures are nested"

                                Further reading

                                Method run has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
                                Open

                                  def run
                                    return false unless super
                                
                                    if should_validate_user?
                                      emit_info "Checking if user \"#{username}\" exists..."
                                Severity: Minor
                                Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb - About 1 hr to fix

                                Cognitive Complexity

                                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                A method's cognitive complexity is based on a few simple rules:

                                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                • Code is considered more complex for each "break in the linear flow of the code"
                                • Code is considered more complex when "flow breaking structures are nested"

                                Further reading

                                Method _version_vulnerable? has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
                                Open

                                  def _version_vulnerable?(version, fixed, introduced)
                                    return :vulnerable if fixed.nil? && introduced.nil?
                                
                                    if fixed && !introduced
                                      return :vulnerable if version < fixed
                                Severity: Minor
                                Found in lib/wpxf/wordpress/fingerprint.rb - About 1 hr to fix

                                Cognitive Complexity

                                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                A method's cognitive complexity is based on a few simple rules:

                                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                • Code is considered more complex for each "break in the linear flow of the code"
                                • Code is considered more complex when "flow breaking structures are nested"

                                Further reading

                                Method initialize has 31 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize
                                    super
                                
                                    update_info(
                                      name: 'User Meta Manager <= 3.4.6 Information Disclosure',
                                  Severity
                                  Category
                                  Status
                                  Source
                                  Language