Add wp_cm_download_manager_exec.rb

[wchen-r7]

From: rapid7/metasploit-framework#6096 by @all3g

[firefart]

WPVULNDB Reference to add:
https://wpvulndb.com/vulnerabilities/7679
(other references are also linked on wpvulndb if you want to add them)

[espreto]

Tks @wchen-r7 👍

@all3g Unfortunately this is not working for me. I'm using the vulnerable software you indicated.

exploit(wp_cm_download_manager_exec)  exploit 

[*] Started reverse handler on 10.10.10.10:4444 
[*] 10.10.10.20:80 - Uploading payload
[*] The server returned: 200 OK
[*] Exploit completed, but no session was created.

[nixawk]

Pleaes try http://demo-target/wordpress/cmdownloads/?CMDsearch=%22.phpinfo%28%29.%22 in your browser. It's ok for me.

[nixawk]

Please check "WordPress Address (URL)" and "Site Address (URL)" in general settings, wordpress site should be accessed by others.

[espreto]

@all3g Yeah! Thank you! I will try again this week. :)

[espreto]

@join-us I'm sorry for the long delay. I'm back. I'll test again. Thank you. :)

[nixawk]

@wchen-r7 Pleae see the pr given by me.

• add wpvulndb reference url
• use MetasploitModule as a class name