Sign upLogin

rastating/wordpress-exploit-framework

View on GitHub
Star

Showing 121 of 338 total issues

Method run has 30 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    return false unless super

    emit_info 'Extracting table prefix...'
    prefix = table_prefix
Severity: Minor
Found in lib/wpxf/modules/auxiliary/priv_esc/custom_contact_forms_privilege_escalation.rb - About 1 hr to fix

    Method initialize has 30 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize
    super

    update_info(
      name: 'Advanced Custom Fields Remote File Inclusion',
    Severity: Minor
    Found in lib/wpxf/modules/exploit/rfi/advanced_custom_fields_remote_file_inclusion.rb - About 1 hr to fix

      Method initialize has 30 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize
    super

    update_info(
      name: 'Gwolle Guestbook Remote File Inclusion',
      Severity: Minor
      Found in lib/wpxf/modules/exploit/rfi/gwolle_guestbook_remote_file_inclusion.rb - About 1 hr to fix

        Method initialize has 30 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize
    super

    update_info(
      name: 'Photo Gallery Shell Upload',
        Severity: Minor
        Found in lib/wpxf/modules/exploit/shell/photo_gallery_shell_upload.rb - About 1 hr to fix

          Method initialize has 30 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize
    super

    update_info(
      name: 'IMPress Listings <= 2.0.1 Reflected XSS Shell Upload',
          Severity: Minor
          Found in lib/wpxf/modules/exploit/xss/reflected/impress_listings_reflected_xss_shell_upload.rb - About 1 hr to fix

            Method initialize has 30 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize
    super

    update_info(
      name: 'Universal Analytics <= 1.3.0 Authenticated XSS Shell Upload',
            Severity: Minor
            Found in lib/wpxf/modules/exploit/xss/stored/universal_analytics_authenticated_xss_shell_upload.rb - About 1 hr to fix

              Method _register_comment_options has 30 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def _register_comment_options
    register_options([
      StringOption.new(
        name: 'comment_author',
        desc: 'The author name to use when posting a comment',
              Severity: Minor
              Found in lib/wpxf/wordpress/comments.rb - About 1 hr to fix

                Method initialize has 30 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize
    super

    update_info(
      name: 'WP Mobile Detector RFI Shell Upload',
                Severity: Minor
                Found in lib/wpxf/modules/exploit/rfi/wp_mobile_detector_rfi_shell_upload.rb - About 1 hr to fix

                  Method run has 29 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run
    return false unless super

    body = {
      'wpdm_profile' => {
                  Severity: Minor
                  Found in lib/wpxf/modules/auxiliary/priv_esc/download_manager_authenticated_privilege_escalation.rb - About 1 hr to fix

                    Method initialize has 29 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize
    super

    update_info(
      name: 'Custom Contact Forms Privilege Escalation',
                    Severity: Minor
                    Found in lib/wpxf/modules/auxiliary/priv_esc/custom_contact_forms_privilege_escalation.rb - About 1 hr to fix

                      Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize
    super

    update_info(
      name: 'Download Manager Privilege Escalation',
                      Severity: Minor
                      Found in lib/wpxf/modules/auxiliary/priv_esc/download_manager_privilege_escalation.rb - About 1 hr to fix

                        Method run has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run
    return false unless super

    cookie = authenticate_with_wordpress(datastore['username'], datastore['password'])
    return false unless cookie
                        Severity: Minor
                        Found in lib/wpxf/modules/exploit/xss/stored/mdc_private_message_xss_shell_upload.rb - About 1 hr to fix

                          Method run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def run
    return false unless super

    cookie = authenticate_with_wordpress(username, password)
    return false unless cookie
                          Severity: Minor
                          Found in lib/wpxf/modules/exploit/shell/photo_gallery_shell_upload.rb - About 1 hr to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize
    super

    update_info(
      name: 'Super Socializer <= 7.10.6 Authentication Bypass',
                          Severity: Minor
                          Found in lib/wpxf/modules/exploit/shell/super_socializer_shell_upload.rb - About 1 hr to fix

                            Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize
    super

    update_info(
      name: 'Super Socializer <= 7.10.6 Authentication Bypass',
                            Severity: Minor
                            Found in lib/wpxf/modules/auxiliary/priv_esc/super_socializer_auth_bypass.rb - About 1 hr to fix

                              Method run has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
    return false unless super

    @credentials = [{
      username: 'Username', password: 'Password Hash', email: 'E-mail'
                              Severity: Minor
                              Found in lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb - About 1 hr to fix

                                Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize
    super

    update_info(
      name: 'Ultimate CSV Importer User Table Extract',
                                Severity: Minor
                                Found in lib/wpxf/modules/auxiliary/hash_dump/ultimate_csv_importer_user_extract.rb - About 1 hr to fix

                                  Method run has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def run
    return false unless super

    emit_info 'Preparing payload...'
    payload_name = "#{Utility::Text.rand_alpha(rand(5..10))}.php"
                                  Severity: Minor
                                  Found in lib/wpxf/modules/exploit/shell/creative_contact_form_shell_upload.rb - About 1 hr to fix

                                    Method run has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def run
    return false unless super

    emit_info 'Preparing payload...'
    payload_name = "#{Utility::Text.rand_alpha(rand(5..10))}.php"
                                    Severity: Minor
                                    Found in lib/wpxf/modules/exploit/shell/inboundio_marketing_shell_upload.rb - About 1 hr to fix

                                      Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize
    super

    update_info(
      name: 'WordPress 4.2-4.7.2 - CSRF DoS',
                                      Severity: Minor
                                      Found in lib/wpxf/modules/auxiliary/dos/wp_v4.7.2_csrf_dos.rb - About 1 hr to fix
                                        Severity
                                        Category
                                        Status
                                        Source
                                        Language