infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

additional GET parameters

bug/bundler_fix
Christian Mehlmauer 2014-05-09 21:21:04 +02:00
parent ad83921a85
commit 43a85fc645
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/exploits/multi/http/struts_code_exec_parameters.rb
View File

@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote
OptString.new('PARAMETER',[ true, 'The parameter to perform injection against.','username']),
OptString.new('TARGETURI', [ true, 'The path to a struts application action', '/blank-struts2/login.action']),
OptInt.new('CHECK_SLEEPTIME', [ true, 'The time, in seconds, to ask the server to sleep while check', 5]),
OptString.new('GET_PARAMETERS', [ false, 'Additional GET Parameters to send. Please supply in the format "param1=a&param2=b". Do not URL encode the Parameters, they are encoded before sending by the module.', nil]),
OptString.new('GET_PARAMETERS', [ false, 'Additional GET Parameters to send. Please supply in the format "param1=a&param2=b". Do apply URL encoding to the Parameters.', nil]),
], self.class)
end
@ -86,7 +86,9 @@ class Metasploit3 < Msf::Exploit::Remote
splitted.each { |item|
name, value = item.split('=')
# no check here, value can be nil if parameter is &param
retval[name] = value
decoded_name = name ? Rex::Text::uri_decode(name) : nil
decoded_value = value ? Rex::Text::uri_decode(value) : nil
retval[decoded_name] = decoded_value
}
retval
end